Jump to content

Browser Redirect Virus


Recommended Posts

Well, been struggling with a browser redirect for a couple weeks, haven't been able to get it with multiple passes of malwarebytes, windows defender, tdsskiller etc. Thought I'd go to the pros for some help. Here are my files:

DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Tim at 14:25:46 on 2012-03-11

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.3825 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=bvnkkbjfn8b7s

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

Trusted Zone: $talisma_url$

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1331165536716

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{0FEB370C-D1CB-4B70-A5C8-43CC13E5F681} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{8AB8F088-E128-4B1C-960D-F522875E893A} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A12C5DB2-9E87-4507-A30D-C3FABAA08F73} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{BF57C91B-F9FD-4E6D-9F7E-5F64AB6450B6} : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

TCP: Interfaces\{D60A10E1-5961-4904-8828-C2D8CDB3B72A} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{D60A10E1-5961-4904-8828-C2D8CDB3B72A}\451627469637 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{D60A10E1-5961-4904-8828-C2D8CDB3B72A}\F4C697D6075737 : DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder

Hosts: 67.215.245.19 www.google-analytics.com.

Hosts: 67.215.245.19 ad-emea.doubleclick.net.

Hosts: 67.215.245.19 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-8-14 517632]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-27 2348352]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-3-9 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-8-5 79360]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2012-3-3 33592]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2012-3-3 14136]

S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys [2012-3-3 11888]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-2 652360]

.

=============== Created Last 30 ================

.

2012-03-11 14:44:53 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6B3339A8-4EB2-4114-8C69-EECB57FD4420}\mpengine.dll

2012-03-11 14:37:55 -------- d-----w- C:\Users\Tim\AppData\Roaming\SUPERAntiSpyware.com

2012-03-11 14:37:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-03-11 14:37:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-03-11 14:17:33 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-03-11 13:53:10 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys

2012-03-11 13:53:08 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2012-03-11 13:52:05 -------- d-----w- C:\ProgramData\PC Tools

2012-03-11 13:52:04 -------- d-----w- C:\Users\Tim\AppData\Roaming\TestApp

2012-03-10 21:23:28 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-10 21:14:07 98816 ----a-w- C:\Windows\sed.exe

2012-03-10 21:14:07 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-10 21:14:07 256000 ----a-w- C:\Windows\PEV.exe

2012-03-10 21:14:07 208896 ----a-w- C:\Windows\MBR.exe

2012-03-10 01:42:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-03-10 01:42:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-03-08 23:03:09 -------- d-----w- C:\Program Files\CCleaner

2012-03-03 21:49:57 -------- d-----w- C:\Program Files (x86)\Setup Files

2012-03-03 21:44:05 -------- d-----w- C:\Program Files (x86)\MSI

2012-03-03 19:27:56 -------- d-----w- C:\Windows\pss

2012-03-03 01:06:30 -------- d-----w- C:\Users\Tim\AppData\Roaming\Malwarebytes

2012-03-03 01:06:10 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-03 01:06:10 -------- d-----w- C:\ProgramData\Malwarebytes

2012-03-03 01:06:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-02 23:20:25 778736 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\install_flashplayer.exe

2012-03-02 23:20:25 148480 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\ncrypt.dll

2012-03-02 23:20:20 148480 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\55D7.tmp

2012-03-02 23:20:19 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5559.tmp

2012-03-02 23:20:19 148480 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5558.tmp.dat

2012-02-28 02:56:05 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-02-28 02:56:05 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-02-28 02:56:05 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-02-28 02:56:05 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-02-28 02:56:05 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-02-28 02:55:31 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-02-28 01:52:45 -------- d-----w- C:\Program Files\iTunes

2012-02-28 01:52:45 -------- d-----w- C:\Program Files\iPod

2012-02-21 23:11:15 16432 ----a-w- C:\Windows\System32\lsdelete.exe

2012-02-21 20:39:30 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-02-21 20:28:58 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2012-02-21 20:28:48 -------- d-----w- C:\Program Files (x86)\Lavasoft

2012-02-17 09:02:34 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-02-15 15:40:50 -------- d-----w- C:\ProgramData\WEBREG

2012-02-15 15:40:28 -------- d-----w- C:\Users\Tim\AppData\Local\HP

2012-02-15 15:39:40 224768 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp64w.dll

2012-02-15 15:38:28 -------- d-----w- C:\Program Files (x86)\Yahoo!

2012-02-15 15:37:28 -------- d-----w- C:\Windows\SysWow64\spool

2012-02-15 15:36:12 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2012-02-15 15:36:09 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2012-02-15 15:35:17 233472 ----a-w- C:\Windows\SysWow64\hpzc364w.dll

2012-02-15 15:35:17 131072 ----a-w- C:\Windows\System32\hpz3l64w.dll

2012-02-15 15:35:16 671816 ----a-w- C:\Windows\SysWow64\hpcdmc32.dll

2012-02-15 15:35:08 -------- d-----w- C:\Program Files (x86)\HP

2012-02-15 15:34:08 944128 ----a-w- C:\Windows\System32\hpwwiax3.dll

2012-02-15 15:34:08 359256 ----a-w- C:\Windows\System32\hpzids40.dll

2012-02-15 15:34:08 1420288 ----a-w- C:\Windows\System32\hpwtiop3.dll

2012-02-15 15:34:07 540672 ----a-w- C:\Windows\System32\hppldcoi.dll

2012-02-15 15:34:07 488960 ----a-w- C:\Windows\System32\hpovst11.dll

2012-02-14 19:44:16 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-02-14 19:44:16 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-02-14 19:44:13 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-02-14 19:44:13 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-02-14 19:44:12 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-02-14 19:44:11 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-02-14 19:44:07 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2012-02-14 19:44:07 634880 ----a-w- C:\Windows\System32\msvcrt.dll

.

==================== Find3M ====================

.

2012-02-10 02:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 14:26:10.51 ===============

attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 8/5/2010 3:31:07 PM

System Uptime: 3/11/2012 12:44:14 PM (2 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7380

Processor: Intel® Core2 Duo CPU E8500 @ 3.16GHz | CPU 1 | 3166/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 116.895 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet J6400 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet J6400 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Officejet J6400 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Officejet J6400 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: RT73 USB Wireless LAN Card

Device ID: USB\VID_148F&PID_2573\5&2F211CA2&0&4

Manufacturer: Ralink Technology Corp.

Name: RT73 USB Wireless LAN Card #4

PNP Device ID: USB\VID_148F&PID_2573\5&2F211CA2&0&4

Service: netr7364

.

==== System Restore Points ===================

.

RP510: 3/7/2012 7:05:12 PM - Windows Update

RP511: 3/7/2012 7:10:56 PM - Installed Network64

RP512: 3/7/2012 7:29:23 PM - Windows Update

RP513: 3/7/2012 8:18:22 PM - Installed Microsoft Fix it 50302

RP514: 3/7/2012 9:12:08 PM - Windows Update

RP515: 3/8/2012 3:00:11 AM - Windows Update

RP516: 3/9/2012 3:00:11 AM - Windows Update

RP517: 3/10/2012 3:00:12 AM - Windows Update

RP518: 3/11/2012 4:00:11 AM - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 67.215.245.19 www.google-analytics.com.

Hosts: 67.215.245.19 ad-emea.doubleclick.net.

Hosts: 67.215.245.19 www.statcounter.com.

Hosts: 108.163.215.51 www.google-analytics.com.

Hosts: 108.163.215.51 ad-emea.doubleclick.net.

Hosts: 108.163.215.51 www.statcounter.com.

.

==== Installed Programs ======================

.

6400_Help

Ad-Aware

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Reader 9.5.0

Apple Application Support

Apple Software Update

Arx Fatalis

Arx Fatalis version 1.21

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Citrix XenApp Plugin for Hosted Apps

Compatibility Pack for the 2007 Office system

Creative Audio Control Panel

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Destinations

DeviceDiscovery

DocProc

Download Manager 2.3.10

EA Download Manager

EA Installer

EA Shared Game Component: Activation

Fax

Google Chrome

GPBaseService2

Heroes of Might and Magic V

Heroes of Might and Magic V: Hammers of Fate

Heroes of Might and Magic V: Tribes of the East

HP Update

HPProductAssistant

HPSSupply

J6400

Java Auto Updater

Java 6 Update 27

League of Legends

Live Update 5

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Marvel - Ultimate Alliance

Mass Effect 2

Medieval II Total War

Medieval II Total War Kingdoms

Microsoft .NET Framework 1.1

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mount&Blade

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA ForceWare Network Access Manager

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Pando Media Booster

Portal

ProductContext

QuickTime

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Skype™ 5.5

SmartWebPrinting

SolutionCenter

Spybot - Search & Destroy

StarCraft II

Status

Steam

Team Fortress 2

The Elder Scrolls IV: Oblivion

The Elder Scrolls V: Skyrim

The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802

Third Age - Total War 2.0 (Part1of2)

Third Age - Total War 2.0 (Part2of2)

Toolbox

TrayApp

TurningPoint 2008

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

WebReg

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

3/8/2012 3:50:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

3/8/2012 3:48:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 3:48:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/8/2012 3:48:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/8/2012 3:48:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/8/2012 3:48:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/8/2012 3:48:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/8/2012 3:48:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/8/2012 3:47:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 3:47:38 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/8/2012 3:47:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 3:47:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 3:47:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 3:47:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/8/2012 3:47:32 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

3/7/2012 9:37:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/7/2012 7:28:22 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/7/2012 6:14:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/7/2012 5:54:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/7/2012 12:13:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.945.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

3/7/2012 12:13:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

3/6/2012 8:56:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 8:40:00 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.908.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

3/6/2012 8:29:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.908.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

3/6/2012 8:25:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/6/2012 8:18:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

3/6/2012 8:14:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.908.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

3/5/2012 9:33:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/5/2012 9:32:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fb80000000, 0xffffffffc000000e, 0x000000003725d880, 0xfffff70000000008). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030512-27281-01.

3/5/2012 9:26:41 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

3/4/2012 3:03:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.832.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/4/2012 3:03:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.832.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/4/2012 3:03:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.832.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

3/11/2012 9:32:30 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

3/11/2012 9:20:59 AM, Error: PCTCore [280] -

3/11/2012 4:02:14 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Excel 2003 (KB2596954).

3/11/2012 4:01:43 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office Publisher 2003 (KB2553084).

3/11/2012 4:01:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2003 Junk Email Filter (KB2597968).

3/11/2012 3:22:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

3/11/2012 3:22:27 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

3/11/2012 1:08:44 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

3/11/2012 1:08:44 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

3/10/2012 3:49:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

3/10/2012 3:49:06 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.121.1275.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8101.0 Error code: 0x80240022 Error description: The program can't check for definition updates.

3/10/2012 3:19:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/10/2012 3:14:01 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

3/10/2012 3:14:01 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

DDS.txt

Attach.txt

Link to post
Share on other sites

Hello,

Don't do any websurfing while I am helping you to clean malware & for the duration, until we are all done.

Do NOT do any other fixes on your own, and do not do any adds or changes to your system without first checking with me here.

Keep Lavasoft Ad-Watch disabled for the duration, otherwise it may interfere with cleanups.

Start with the following.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Do NOT Attach files/reports.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.31

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java™ 6 Update 27

Java version out of date!

Adobe Flash Player 10.2.159.1 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

###########################################################################

info.txt logfile of random's system information tool 1.09 2012-03-17 16:15:32

======Uninstall list======

-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE

-->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove

64 Bit HP CIO Components Installer-->MsiExec.exe /I{FF21C3E6-97FD-474F-9518-8DCBE94C2854}

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_Plugin.exe -maintain plugin

Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -maintain activex

Adobe Reader 9.5.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}

Apple Mobile Device Support-->MsiExec.exe /I{75104836-CAC7-444E-A39E-3F54151942F5}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Arx Fatalis version 1.21-->"C:\Program Files (x86)\Arkane Studios\Arx Fatalis\unins000.exe"

Arx Fatalis-->C:\Program Files (x86)\Arkane Studios\Arx Fatalis\Uninstall.exe

Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Citrix XenApp Plugin for Hosted Apps-->MsiExec.exe /I{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Creative Audio Control Panel-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove

Creative Software AutoUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 /remove

Creative Sound Blaster Properties x64 Edition-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0009

Download Manager 2.3.10-->C:\Program Files (x86)\Download Manager\uninst.exe

EA Download Manager-->C:\Program Files (x86)\Electronic Arts\EADM\EADMUninstall.exe

EA Shared Game Component: Activation-->msiexec /qb /x {D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}

EA Shared Game Component: Activation-->MsiExec.exe /I{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

Heroes of Might and Magic V: Hammers of Fate-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15380

Heroes of Might and Magic V: Tribes of the East-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15370

Heroes of Might and Magic V-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15170

HP Customer Participation Program 13.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot

HP Imaging Device Functions 13.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OfficeJet J6400-->C:\Program Files (x86)\HP\Digital Imaging\{8AB2AC00-AFFF-4043-83D9-0086528B337F}\setup\hpzscr40.exe -datfile hpwscr14.dat -onestop -forcereboot

HP Smart Web Printing 4.51-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat

HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot

HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}

iTunes-->MsiExec.exe /I{5E11C972-1E76-45FE-8F92-14E0D1140B1B}

Java™ 6 Update 27-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216027FF}

League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly

Live Update 5-->"C:\Program Files (x86)\MSI\Live Update 5\unins000.exe"

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Marvel™ - Ultimate Alliance-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{932FB3F3-594D-4600-ABFA-F2DE80A14214}

Mass Effect 2-->"C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe"

Medieval II Total War Kingdoms-->"C:\Program Files (x86)\InstallShield Installation Information\{177703DE-D3F6-4E57-9212-E56A5C6F1164}\setup.exe" -runfromtemp -l0x0009 -removeonly

Medieval II Total War-->"C:\Program Files (x86)\InstallShield Installation Information\{A9D0745C-BABD-472B-8AF0-FAF888D31046}\setup.exe" -runfromtemp -l0x0009 -removeonly

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}

Microsoft IntelliPoint 8.1-->msiexec.exe /I {3ED4AD02-F631-4A4C-AAC8-2325996E5A56}

Microsoft IntelliPoint 8.1-->MsiExec.exe /X{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}

Microsoft Security Client-->MsiExec.exe /I{42738DB0-FC3E-4672-A99B-9372F5696E30}

Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Mount&Blade-->C:\Program Files (x86)\Mount&Blade\uninstall.exe

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

Nexus Mod Manager-->"C:\Program Files\Nexus Mod Manager\uninstall\unins000.exe"

NVIDIA 3D Vision Controller Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.NVIRUSB

NVIDIA 3D Vision Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.3DVision

NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel

NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI

NVIDIA ForceWare Network Access Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0009 -removeonly

NVIDIA Graphics Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA PhysX System Software 9.12.0213-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.PhysX

NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}

NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask

NVIDIA Update 1.7.11-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.6\NVI2.DLL",UninstallPackage Display.Update

OCR Software by I.R.I.S. 13.0-->C:\Program Files (x86)\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe

Portal-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/400

QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

Sid Meier's Civilization V-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/8930

Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}

StarCraft II-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

Team Fortress 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/440

The Elder Scrolls IV: Oblivion -->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/22330

The Elder Scrolls V: Skyrim-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/72850

The Lord of the Rings Online™: Siege of Mirkwood™ v03.01.00.802-->"C:\Program Files (x86)\Turbine\The Lord of the Rings Online\unins000.exe"

TurningPoint 2008-->MsiExec.exe /X{B6FCAE72-20C8-44E8-B3CA-F9FB6B2210CF}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client

Ventrilo Client for Windows x64-->MsiExec.exe /X{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

67.215.245.19 www.google-analytics.com.

67.215.245.19 ad-emea.doubleclick.net.

67.215.245.19 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

======System event log======

Computer Name: Tim-PC

Event Code: 1014

Message: Name resolution for the name wpad.gateway.2wire.net timed out after none of the configured DNS servers responded.

Record Number: 17638

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20101230162347.796875-000

Event Type: Warning

User: Tim-PC\Tim

Computer Name: Tim-PC

Event Code: 1014

Message: Name resolution for the name vthumb.ak.fbcdn.net timed out after none of the configured DNS servers responded.

Record Number: 17607

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20101230041053.921875-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Tim-PC

Event Code: 1014

Message: Name resolution for the name wpad.gateway.2wire.net timed out after none of the configured DNS servers responded.

Record Number: 17581

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20101229123629.640625-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Tim-PC

Event Code: 1014

Message: Name resolution for the name rcm.amazon.com timed out after none of the configured DNS servers responded.

Record Number: 17559

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20101229014226.828125-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Tim-PC

Event Code: 1014

Message: Name resolution for the name optimized-by.rubiconproject.com timed out after none of the configured DNS servers responded.

Record Number: 17528

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20101228172023.904296-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: Tim-PC

Event Code: 1017

Message: Installation of the Proof of Purchase failed. 0xC004F050

Partial Pkey=G4CBX

ACID=?

Detailed Error[?]

Record Number: 130

Source Name: Microsoft-Windows-Security-SPP

Time Written: 20100805222709.000000-000

Event Type: Error

User:

Computer Name: Tim-PC

Event Code: 1008

Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 126

Source Name: Microsoft-Windows-Search

Time Written: 20100805222702.000000-000

Event Type: Warning

User:

Computer Name: Tim-PC

Event Code: 1017

Message: Installation of the Proof of Purchase failed. 0xC004F050

Partial Pkey=G4CBX

ACID=?

Detailed Error[?]

Record Number: 122

Source Name: Microsoft-Windows-Security-SPP

Time Written: 20100805222652.000000-000

Event Type: Error

User:

Computer Name: Tim-PC

Event Code: 1017

Message: Installation of the Proof of Purchase failed. 0xC004F050

Partial Pkey=G4CBX

ACID=?

Detailed Error[?]

Record Number: 119

Source Name: Microsoft-Windows-Security-SPP

Time Written: 20100805222622.000000-000

Event Type: Error

User:

Computer Name: Tim-PC

Event Code: 1017

Message: Installation of the Proof of Purchase failed. 0xC004F061

Partial Pkey=Q8YM8

ACID=e838d943-63ed-4a0b-9fb1-47152908acc9

Detailed Error[?]

Record Number: 116

Source Name: Microsoft-Windows-Security-SPP

Time Written: 20100805222551.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Tim-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x1f34bc0

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: TV-PC

Source Network Address: 192.168.1.66

Source Port: 54794

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 415688

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120114013130.611328-000

Event Type: Audit Success

User:

Computer Name: Tim-PC

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x1f33aed

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 415687

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120114013114.751953-000

Event Type: Audit Success

User:

Computer Name: Tim-PC

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x1f33ad9

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 415686

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120114013114.751953-000

Event Type: Audit Success

User:

Computer Name: Tim-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x1f33aed

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: ELIZABETH-PC

Source Network Address: 192.168.1.68

Source Port: 49957

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 415685

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120114013102.297851-000

Event Type: Audit Success

User:

Computer Name: Tim-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-7

Account Name: ANONYMOUS LOGON

Account Domain: NT AUTHORITY

Logon ID: 0x1f33ad9

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: ELIZABETH-PC

Source Network Address: 192.168.1.68

Source Port: 49956

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V1

Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 415684

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120114013102.227539-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\QuickTime\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

"asl.log"=Destination=file;OnFirstLog=command,environment,parent

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#################################################################################

Link to post
Share on other sites

Logfile of random's system information tool 1.09 (written by random/random)

Run by Tim at 2012-03-17 16:02:23

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 110 GB (36%) free of 305 GB

Total RAM: 6143 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:15:29 PM, on 3/17/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\trend micro\Tim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mg204.mail...d=bvnkkbjfn8b7s

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O1 - Hosts: 67.215.245.19 www.google-analytics.com.

O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.

O1 - Hosts: 67.215.245.19 www.statcounter.com.

O1 - Hosts: 108.163.215.51 www.google-analytics.com.

O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.

O1 - Hosts: 108.163.215.51 www.statcounter.com.

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex

O4 - HKUS\S-1-5-21-1083885131-3927673959-2532517918-1008\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1083885131-3927673959-2532517918-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane..._2.3.10.115.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1331165536716

O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.m...Installer64.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11434 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"

C:\Windows\system32\nvvsvc.exe -session -first

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

"C:\Program Files (x86)\Common Files\Motive\McciCMService.exe"

"C:\Program Files\Common Files\Motive\McciCMService.exe"

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"

"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"

C:\Windows\system32\svchost.exe -k HPService

"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

"C:\Program Files (x86)\Steam\Steam.exe" -silent

"C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Windows\System32\rundll32.exe" P17RunE.dll,RunDLLEntry

"C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"

"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1

"C:\Program Files\iPod\bin\iPodService.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Officejet J6400 series#1329320418" -Startup

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService

"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"

"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"

"C:\Windows\system32\wuauclt.exe"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -Embedding

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4816 CREDAT:137581

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Tim\Desktop\Instructions.txt

"C:\Users\Tim\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083885131-3927673959-2532517918-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1083885131-3927673959-2532517918-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-24 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 2399632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2011-08-10 1242448]

"Pando Media Booster"=C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-08-20 3077528]

"igndlm.exe"=C:\Program Files (x86)\Download Manager\DLM.exe [2009-10-27 1103216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe [2011-12-07 247968]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]

"P17RunE"=RunDll32 P17RunE.dll,RunDLLEntry []

"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736]

"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"Live Update 5"=C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [2012-01-30 315392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-04-16 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 2 months======

2012-03-17 16:02:23 ----D---- C:\rsit

2012-03-17 16:02:23 ----D---- C:\Program Files\trend micro

2012-03-17 15:57:08 ----D---- C:\Program Files (x86)\ERUNT

2012-03-14 03:04:02 ----A---- C:\Windows\system32\ntoskrnl.exe

2012-03-14 03:04:01 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe

2012-03-14 03:04:01 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe

2012-03-13 20:41:54 ----A---- C:\Windows\system32\win32k.sys

2012-03-13 20:41:53 ----A---- C:\Windows\system32\DWrite.dll

2012-03-13 20:41:52 ----A---- C:\Windows\SYSWOW64\DWrite.dll

2012-03-13 20:39:57 ----A---- C:\Windows\system32\rdrmemptylst.exe

2012-03-13 20:39:57 ----A---- C:\Windows\system32\rdpwsx.dll

2012-03-13 20:39:57 ----A---- C:\Windows\system32\rdpcorekmts.dll

2012-03-13 20:39:56 ----A---- C:\Windows\SYSWOW64\rdpcore.dll

2012-03-13 20:39:56 ----A---- C:\Windows\system32\rdpcore.dll

2012-03-13 20:39:56 ----A---- C:\Windows\system32\drivers\tdtcp.sys

2012-03-13 20:39:56 ----A---- C:\Windows\system32\drivers\rdpwd.sys

2012-03-13 20:25:52 ----A---- C:\Windows\SYSWOW64\OpenCL.dll

2012-03-13 20:25:52 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll

2012-03-13 20:25:52 ----A---- C:\Windows\system32\OpenCL.dll

2012-03-13 20:25:52 ----A---- C:\Windows\system32\nvoglv64.dll

2012-03-13 20:25:52 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys

2012-03-13 20:25:51 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll

2012-03-13 20:25:51 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll

2012-03-13 20:25:51 ----A---- C:\Windows\SYSWOW64\nvcuda.dll

2012-03-13 20:25:51 ----A---- C:\Windows\system32\nvd3dumx.dll

2012-03-13 20:25:51 ----A---- C:\Windows\system32\nvcuvid.dll

2012-03-13 20:25:51 ----A---- C:\Windows\system32\nvcuvenc.dll

2012-03-13 20:25:51 ----A---- C:\Windows\system32\nvcuda.dll

2012-03-13 20:25:50 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll

2012-03-13 20:25:50 ----A---- C:\Windows\system32\nvcompiler.dll

2012-03-11 09:17:33 ----D---- C:\Program Files (x86)\PC Tools

2012-03-11 08:53:16 ----A---- C:\Windows\system32\drivers\Cat.DB

2012-03-11 08:53:10 ----A---- C:\Windows\system32\drivers\PCTSD64.sys

2012-03-11 08:52:10 ----AD---- C:\ProgramData\TEMP

2012-03-11 08:52:05 ----D---- C:\ProgramData\PC Tools

2012-03-11 08:52:04 ----D---- C:\Users\Tim\AppData\Roaming\TestApp

2012-03-10 16:26:27 ----A---- C:\TDSSKiller.2.7.19.0_10.03.2012_15.26.27_log.txt

2012-03-10 16:23:28 ----SHD---- C:\$RECYCLE.BIN

2012-03-10 16:19:56 ----A---- C:\ComboFix.txt

2012-03-10 16:14:07 ----A---- C:\Windows\zip.exe

2012-03-10 16:14:07 ----A---- C:\Windows\SWSC.exe

2012-03-10 16:14:07 ----A---- C:\Windows\SWREG.exe

2012-03-10 16:14:07 ----A---- C:\Windows\sed.exe

2012-03-10 16:14:07 ----A---- C:\Windows\PEV.exe

2012-03-10 16:14:07 ----A---- C:\Windows\NIRCMD.exe

2012-03-10 16:14:07 ----A---- C:\Windows\MBR.exe

2012-03-10 16:14:07 ----A---- C:\Windows\grep.exe

2012-03-10 16:14:06 ----D---- C:\Windows\ERDNT

2012-03-10 16:14:04 ----D---- C:\Qoobox

2012-03-09 20:42:39 ----D---- C:\ProgramData\Spybot - Search & Destroy

2012-03-09 20:42:39 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy

2012-03-08 18:03:09 ----D---- C:\Program Files\CCleaner

2012-03-06 21:32:01 ----A---- C:\TDSSKiller.2.7.19.0_06.03.2012_20.32.01_log.txt

2012-03-03 16:49:57 ----D---- C:\Program Files (x86)\Setup Files

2012-03-03 16:44:05 ----D---- C:\Program Files (x86)\MSI

2012-03-03 14:27:56 ----D---- C:\Windows\pss

2012-03-02 20:06:30 ----D---- C:\Users\Tim\AppData\Roaming\Malwarebytes

2012-03-02 20:06:10 ----D---- C:\ProgramData\Malwarebytes

2012-03-02 20:06:10 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-03-02 20:06:10 ----A---- C:\Windows\system32\drivers\mbam.sys

2012-02-29 13:26:56 ----A---- C:\Windows\SYSWOW64\nvStreaming.exe

2012-02-27 21:56:39 ----D---- C:\ProgramData\NVIDIA

2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvvsvc.exe

2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvsvc64.dll

2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvshext.dll

2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvmctray.dll

2012-02-27 21:56:05 ----A---- C:\Windows\system32\nvcpl.dll

2012-02-27 21:55:31 ----D---- C:\ProgramData\NVIDIA Corporation

2012-02-27 21:44:59 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll

2012-02-27 21:44:59 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll

2012-02-27 21:44:59 ----A---- C:\Windows\system32\nvwgf2umx.dll

2012-02-27 21:44:59 ----A---- C:\Windows\system32\nvgenco64.dll

2012-02-27 21:44:59 ----A---- C:\Windows\system32\nvdispco64.dll

2012-02-27 21:44:58 ----A---- C:\Windows\SYSWOW64\nvapi.dll

2012-02-27 21:44:58 ----A---- C:\Windows\system32\nvapi64.dll

2012-02-27 20:52:45 ----D---- C:\Program Files\iTunes

2012-02-27 20:52:45 ----D---- C:\Program Files\iPod

2012-02-21 15:39:30 ----A---- C:\Windows\system32\drivers\SBREDrv.sys

2012-02-21 15:29:32 ----A---- C:\Windows\SYSWOW64\rp_stats.dat

2012-02-21 15:29:32 ----A---- C:\Windows\SYSWOW64\rp_rules.dat

2012-02-21 15:28:47 ----D---- C:\ProgramData\Lavasoft

2012-02-17 04:02:34 ----D---- C:\Program Files (x86)\MSXML 4.0

2012-02-15 10:40:50 ----D---- C:\ProgramData\WEBREG

2012-02-15 10:40:30 ----D---- C:\Users\Tim\AppData\Roaming\HP

2012-02-15 10:38:29 ----D---- C:\Users\Tim\AppData\Roaming\Yahoo!

2012-02-15 10:38:29 ----D---- C:\ProgramData\Yahoo! Companion

2012-02-15 10:38:28 ----D---- C:\Program Files (x86)\Yahoo!

2012-02-15 10:37:46 ----D---- C:\ProgramData\HP Product Assistant

2012-02-15 10:37:28 ----D---- C:\Windows\SYSWOW64\spool

2012-02-15 10:35:17 ----A---- C:\Windows\SYSWOW64\hpzc364w.dll

2012-02-15 10:35:17 ----A---- C:\Windows\system32\hpz3l64w.dll

2012-02-15 10:35:16 ----A---- C:\Windows\SYSWOW64\hpcdmc32.dll

2012-02-15 10:35:08 ----D---- C:\Program Files (x86)\HP

2012-02-15 10:35:07 ----D---- C:\Config.Msi

2012-02-15 10:34:39 ----N---- C:\Windows\hpwmdl14.dat

2012-02-15 10:34:39 ----A---- C:\Windows\hpwins14.dat

2012-02-15 10:34:23 ----D---- C:\ProgramData\HP

2012-02-15 10:34:08 ----A---- C:\Windows\system32\hpzids40.dll

2012-02-15 10:34:08 ----A---- C:\Windows\system32\hpwwiax3.dll

2012-02-15 10:34:08 ----A---- C:\Windows\system32\hpwtiop3.dll

2012-02-15 10:34:07 ----A---- C:\Windows\system32\hppldcoi.dll

2012-02-15 10:34:07 ----A---- C:\Windows\system32\hpovst11.dll

2012-02-15 04:00:39 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-02-15 04:00:39 ----A---- C:\Windows\system32\mshtmled.dll

2012-02-15 04:00:39 ----A---- C:\Windows\system32\iertutil.dll

2012-02-15 04:00:38 ----A---- C:\Windows\SYSWOW64\url.dll

2012-02-15 04:00:38 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-02-15 04:00:38 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-02-15 04:00:38 ----A---- C:\Windows\system32\url.dll

2012-02-15 04:00:38 ----A---- C:\Windows\system32\jscript9.dll

2012-02-15 04:00:37 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-02-15 04:00:37 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-02-15 04:00:37 ----A---- C:\Windows\system32\jscript.dll

2012-02-15 04:00:37 ----A---- C:\Windows\system32\ieui.dll

2012-02-15 04:00:36 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-02-15 04:00:36 ----A---- C:\Windows\system32\urlmon.dll

2012-02-15 04:00:36 ----A---- C:\Windows\system32\jsproxy.dll

2012-02-15 04:00:35 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-02-15 04:00:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-02-15 04:00:35 ----A---- C:\Windows\system32\wininet.dll

2012-02-15 04:00:34 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-02-15 04:00:33 ----A---- C:\Windows\system32\mshtml.dll

2012-02-15 04:00:32 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-02-15 04:00:32 ----A---- C:\Windows\system32\ieframe.dll

2012-02-14 14:44:18 ----A---- C:\Windows\system32\shell32.dll

2012-02-14 14:44:17 ----A---- C:\Windows\SYSWOW64\shell32.dll

2012-02-14 14:44:16 ----A---- C:\Windows\SYSWOW64\ntshrui.dll

2012-02-14 14:44:16 ----A---- C:\Windows\system32\ntshrui.dll

2012-02-14 14:44:11 ----A---- C:\Windows\system32\drivers\afd.sys

2012-02-14 14:44:07 ----A---- C:\Windows\SYSWOW64\msvcrt.dll

2012-02-14 14:44:07 ----A---- C:\Windows\system32\msvcrt.dll

2012-01-18 04:01:42 ----A---- C:\Windows\SYSWOW64\sspicli.dll

2012-01-18 04:01:42 ----A---- C:\Windows\SYSWOW64\secur32.dll

2012-01-18 04:01:42 ----A---- C:\Windows\SYSWOW64\schannel.dll

2012-01-18 04:01:42 ----A---- C:\Windows\system32\sspisrv.dll

2012-01-18 04:01:42 ----A---- C:\Windows\system32\secur32.dll

2012-01-18 04:01:42 ----A---- C:\Windows\system32\schannel.dll

2012-01-18 04:01:42 ----A---- C:\Windows\system32\lsass.exe

2012-01-18 04:01:42 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2012-01-18 04:01:42 ----A---- C:\Windows\system32\drivers\ksecdd.sys

2012-01-18 04:01:41 ----A---- C:\Windows\SYSWOW64\webio.dll

2012-01-18 04:01:41 ----A---- C:\Windows\system32\webio.dll

2012-01-18 04:01:41 ----A---- C:\Windows\system32\sspicli.dll

2012-01-18 04:01:41 ----A---- C:\Windows\system32\lsasrv.dll

2012-01-18 04:01:41 ----A---- C:\Windows\system32\drivers\cng.sys

======List of files/folders modified in the last 2 months======

2012-03-17 16:06:00 ----D---- C:\Windows\system32\config

2012-03-17 16:05:57 ----D---- C:\Windows\winsxs

2012-03-17 16:02:45 ----D---- C:\Windows\Prefetch

2012-03-17 16:02:23 ----RD---- C:\Program Files

2012-03-17 16:01:53 ----D---- C:\Windows\Temp

2012-03-17 15:57:08 ----RD---- C:\Program Files (x86)

2012-03-17 15:55:58 ----SHD---- C:\Windows\Installer

2012-03-17 15:55:42 ----DC---- C:\Windows\system32\DRVSTORE

2012-03-17 15:55:42 ----D---- C:\Windows\system32\drivers

2012-03-17 15:55:42 ----D---- C:\Windows\System32

2012-03-17 15:55:26 ----SHD---- C:\System Volume Information

2012-03-17 03:04:24 ----RSD---- C:\Windows\assembly

2012-03-16 19:24:13 ----D---- C:\Program Files (x86)\Steam

2012-03-16 14:30:56 ----D---- C:\Windows\system32\Tasks

2012-03-16 14:30:37 ----D---- C:\Windows\Tasks

2012-03-16 05:15:58 ----D---- C:\Windows\inf

2012-03-16 05:15:58 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-03-15 19:27:48 ----D---- C:\ProgramData

2012-03-15 03:00:26 ----D---- C:\Windows\system32\catroot2

2012-03-14 03:20:14 ----D---- C:\Windows\SysWOW64

2012-03-14 03:04:06 ----D---- C:\Windows\system32\catroot

2012-03-14 03:02:58 ----D---- C:\Windows\debug

2012-03-14 03:02:55 ----A---- C:\Windows\system32\MRT.exe

2012-03-13 20:38:59 ----D---- C:\Windows

2012-03-13 20:29:36 ----D---- C:\Program Files (x86)\NVIDIA Corporation

2012-03-13 20:29:13 ----D---- C:\Windows\system32\DriverStore

2012-03-13 20:28:27 ----D---- C:\NVIDIA

2012-03-12 19:20:57 ----D---- C:\Windows\Logs

2012-03-12 03:02:18 ----D---- C:\Program Files\Common Files\Microsoft Shared

2012-03-11 08:53:08 ----D---- C:\Program Files (x86)\Common Files

2012-03-10 16:19:06 ----A---- C:\Windows\system.ini

2012-03-10 16:17:25 ----D---- C:\Windows\SYSWOW64\drivers

2012-03-10 16:17:25 ----D---- C:\Windows\AppPatch

2012-03-10 16:17:24 ----D---- C:\Program Files\Common Files

2012-03-10 09:57:21 ----D---- C:\Windows\system32\NDF

2012-03-08 18:07:21 ----D---- C:\Users\Tim\AppData\Roaming\Ventrilo

2012-03-08 18:07:21 ----D---- C:\Users\Tim\AppData\Roaming\Skype

2012-03-08 18:07:16 ----D---- C:\Windows\Panther

2012-03-08 18:07:16 ----D---- C:\Windows\Minidump

2012-03-07 19:12:21 ----D---- C:\Windows\Downloaded Program Files

2012-03-02 18:17:21 ----D---- C:\ProgramData\Adobe

2012-03-02 18:17:18 ----D---- C:\Program Files (x86)\Adobe

2012-03-01 20:24:56 ----D---- C:\Windows\system32\LogFiles

2012-02-28 04:12:55 ----D---- C:\Windows\Microsoft.NET

2012-02-27 21:56:57 ----RD---- C:\Users

2012-02-27 21:55:58 ----D---- C:\Program Files\NVIDIA Corporation

2012-02-27 21:49:04 ----HD---- C:\Program Files (x86)\InstallShield Installation Information

2012-02-27 20:53:16 ----D---- C:\Program Files (x86)\iTunes

2012-02-26 15:40:17 ----D---- C:\Windows\system32\drivers\etc

2012-02-15 10:40:19 ----A---- C:\Windows\win.ini

2012-02-15 10:39:39 ----D---- C:\Windows\twain_32

2012-02-15 10:37:50 ----RSD---- C:\Windows\Fonts

2012-02-15 04:23:20 ----D---- C:\Windows\SYSWOW64\migration

2012-02-15 04:23:20 ----D---- C:\Windows\system32\migration

2012-02-15 04:23:20 ----D---- C:\Program Files\Internet Explorer

2012-02-15 04:23:20 ----D---- C:\Program Files (x86)\Internet Explorer

2012-02-13 09:44:12 ----D---- C:\Windows\system32\wdi

2012-02-11 20:32:44 ----D---- C:\Program Files (x86)\StarCraft II

2012-02-10 10:54:49 ----D---- C:\ProgramData\PMB Files

2012-01-31 07:44:20 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-09 244328]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]

R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]

R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]

R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-03-04 349416]

R3 P17;SB Audigy; C:\Windows\system32\drivers\P17.sys [2009-10-16 1309696]

R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2011-04-13 45432]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]

S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2011-12-10 23152]

S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [2010-04-30 21248]

S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []

S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []

S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []

S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [2010-04-30 20096]

S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]

S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]

S3 NTIOLib_1_0_6;NTIOLib_1_0_6; \??\C:\Program Files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys [2011-01-06 11888]

S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

S3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-13 23040]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-11-18 307200]

R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2010-01-21 496232]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R2 McciCMService;McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [2010-04-30 319488]

R2 McciCMService64;McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]

R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2010-01-21 209000]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664]

R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-15 489256]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-05 79360]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-06 1255736]

S4 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

-----------------EOF-----------------

################################################################################

QuickScan 32-bit v0.9.9.111

---------------------------

Scan date: Sat Mar 17 16:25:49 2012

Machine ID: 54AF1884

No infection found.

-------------------

Processes

---------

hpwuSchd Application 3608 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

Creative Audio Service 820 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

Flash® Player Installer/Uninstaller 2488 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

GPCore COM object 4340 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

HP Digital Imaging 3688 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

HP Digital Imaging 3832 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

iTunes 3600 C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 3576 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

mcci+McciCMService 1392 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

Microsoft® Windows® Operating System 3592 C:\Windows\SysWOW64\rundll32.exe

MobileDeviceService 1932 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

NVIDIA Update Components 5088 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

Pando Media Booster 3292 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

Stereo Vision Control Panel API Server 760 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

Windows® Internet Explorer 1980 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Windows® Internet Explorer 2620 C:\Program Files (x86)\Internet Explorer\iexplore.exe

(verified) Microsoft® Visual Studio .NET 2200 C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

(verified) Microsoft® Windows® Operating System 1992 C:\Windows\SysWOW64\svchost.exe

Network activity

----------------

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 216.115.110.118

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 216.115.110.118

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 209.191.92.114

Process iexplore.exe (2620) connected on port 443 (HTTP over SSL) --> 23.13.109.227

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 23.13.111.139

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 23.13.111.139

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 208.46.17.152

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 208.46.17.152

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 66.235.142.2

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 66.235.142.2

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 67.215.245.19

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 67.215.245.19

Process iexplore.exe (2620) connected on port 80 (HTTP) --> 188.165.220.204

Process PMB.exe (3292) listens on ports: 443 (HTTP over SSL), 563 (NNTP over SSL), 57455

Autoruns and critical files

---------------------------

hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

P17Run Endpoints Dynamic Link Library C:\Windows\system32\P17RunE.dll

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

BootStartLiveupdate.exe C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe

Download Manager C:\Program Files (x86)\Download Manager\DLM.exe

Flash® Player Installer/Uninstaller C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

HP Digital Imaging C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Pando Media Booster C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

Steam C:\Program Files (x86)\Steam\Steam.exe

Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

(verified) Google Update C:\Users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe

Browser plugins

---------------

AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Download Manager IE Control C:\Windows\Downloaded Program Files\DLMControl.dll

Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

Google Update C:\Users\Tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

IGN Download Manager Plug-in C:\Program Files (x86)\Download Manager\npfpdlm.dll

Java Platform SE 6 U27 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U27 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll

Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll

Motive Plugin C:\Program Files (x86)\Common Files\Motive\npMotive.dll

npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

NVIDIA 3D Vision C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

NVIDIA 3D VISION C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

NVIDIA Application Filter C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

NVIDIA Application Filter C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll

Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

Windows® Internet Explorer c:\windows\syswow64\ieframe.dll

Yahoo! Single Instance for Mail c:\program files (x86)\yahoo!\companion\installs\cpn\ytsingleinstance.dll

Yahoo! Toolbar c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Scan

----

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: 505f022493d471025add399a4162208b C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll

MD5: 2cbca94abccb2b79e4693ba0e4fc85be C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 1f9b3487739b31c3d770728cb157a54d C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll

MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll

MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll

MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll

MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll

MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll

MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll

MD5: 2503287bd19ae52e36e9de42834a2ac0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL

MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 1224bc6de919f8cd8c1c945280e63852 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 905b5bf5be0a86e8412801bf20357195 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll

MD5: c0ead9f8ab83d41ff07303c75589c2b8 C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

MD5: 6e3245df783e58375b3465f03274743e C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

MD5: e6cb119ef2e148eaa1a247343550756e C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

MD5: b73b5999d47cd9727264f557626bce3a C:\Program Files (x86)\Common Files\Motive\npMotive.dll

MD5: 407a1253f6eafb40cdb9ab2802dd946f C:\Program Files (x86)\Common Files\Steam\SteamService.exe

MD5: 69cdba2b9c397e349a04fa70dd9170a2 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

MD5: cc4c812e4bb09fd47aa38e5d3172cffe C:\Program Files (x86)\Download Manager\DLM.exe

MD5: 546ed69c34e82f2326d17508d3768f4a C:\Program Files (x86)\Download Manager\npfpdlm.dll

MD5: 09ef4ebe20aae0992f612aff38ce4984 C:\Program Files (x86)\HP\Digital Imaging\bin\hpocxi08.dll

MD5: 07de0d8b45b87c4dfff2f2efe56f10e0 C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll

MD5: 0335b80f0c3f3d2be9e1f34292a33d98 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

MD5: 9d32ccc9fa270046a92e0255bc1ca7f7 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll

MD5: 08457d8f8149757c70cea59c71ec5d27 c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll

MD5: e14cf5255c46e1556e344cd720f34f25 c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll

MD5: 75cc8c5146a3fb76221a7606628778d5 c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll

MD5: 347a39b69ac03b8f56d8807b989f5ca8 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll

MD5: 883008a9b5bff94a153d99dba54cb5c1 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

MD5: cc190b07e357bcd40c2afb57b9a67b7f C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll

MD5: 59d4fad70ce78c700130236d77bd5b05 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc

MD5: 9f372bf6410ded44e36eb97aa87910eb C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll

MD5: becb2f793d826583c6d42bee2680b807 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll

MD5: f12ff2ecb2f6f7d9c5062d67d8334ae9 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

MD5: 2cbece0c6e6fd071b073c317eb7eae28 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll

MD5: 7721ce64fb3675ad6c20ed1fdda639a0 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll

MD5: 6dae7b4b08ba0f5bb8ea2ba333e8ee29 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc

MD5: e986d1068aef099ca3be2aeab4c8d643 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

MD5: d488b2c96355f6d403d4a73454c2bc9c C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll

MD5: f37882f128efacefe353e0bae2766909 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

MD5: cbbaf06c2ac8882d239c8dc5bfa197fd C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll

MD5: 67a7e5daca78544c826b16cd8c816a5c c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll

MD5: c05a0b625dfe1f6d25e5430746a180d1 c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

MD5: 21293443961a4e2597453ee7a9347f22 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll

MD5: cf5d4889c15cc8a40be54f55f27093b1 C:\Program Files (x86)\Internet Explorer\IEShims.dll

MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: e4ce6c4ae730e0ec87fc5da4cd1946ad C:\Program Files (x86)\iTunes\iTunesHelper.dll

MD5: 0dcac41eb58a45049bd7ff665c32d5f4 C:\Program Files (x86)\iTunes\iTunesHelper.exe

MD5: e7be61eb1bde3921ff0cdd24f1535332 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 93a67ad03fd9c2286a4a5ad9a67f381a C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

MD5: 6f158c6029d841a5f37708cc2bbf3362 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

MD5: 41700402834f793a8c06731e5cfba62a C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

MD5: 056b19651bd7b7ce5f89a3ac46dbdc08 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: 3af4eaedbf40072525b89b45ee51d3fd C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe

MD5: 192476c10371dc83243d67432b2cdcbf C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys

MD5: 1b32c54b95121ab1683c7b83b2db4b96 C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys

MD5: 052db5027eae1ae6fbf02e347aaf1cd7 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

MD5: 5373b9ac92779ce4b6ff9051c3516989 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

MD5: fc0a58529a02b1eed55ddc58696b7908 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

MD5: bd012dc22c78be1071bc21eb125d782f C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

MD5: 63da5cad540ef9074ed25daff40fc299 C:\Program Files (x86)\Pando Networks\Media Booster\BugSplat.dll

MD5: d2af7a30e4b7ba1c743f0dce11e04b5e C:\Program Files (x86)\Pando Networks\Media Booster\freebl3.dll

MD5: 0efa66e9384dbced4d639fb9bdd97536 C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

MD5: 4c5e139fab02bee58edc88e1512110fb C:\Program Files (x86)\Pando Networks\Media Booster\nspr4.dll

MD5: cbfa0b98efbeb31d5b98c5bfb918328f C:\Program Files (x86)\Pando Networks\Media Booster\nss3.dll

MD5: 80a44106ac048d325b4f667b24de1e40 C:\Program Files (x86)\Pando Networks\Media Booster\plc4.dll

MD5: c96442e1d75a229e9a583e6773ff4b6f C:\Program Files (x86)\Pando Networks\Media Booster\plds4.dll

MD5: c7144387e236687f8fb3f26fc845a822 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MD5: 6a5ed595e0cad51dde2da14edc8f4bff C:\Program Files (x86)\Pando Networks\Media Booster\smime3.dll

MD5: 63c5640c22ed06766b7edd04abe76287 C:\Program Files (x86)\Pando Networks\Media Booster\softokn3.dll

MD5: b4af61bda9d4c58fb9b67b9759a98205 C:\Program Files (x86)\Pando Networks\Media Booster\ssl3.dll

MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files (x86)\QuickTime\QTTask.exe

MD5: c02f70960fa934b8defa16a03d7f6556 C:\Program Files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys

MD5: 67384147dd005e54d2c0a20408e28579 C:\Program Files (x86)\Steam\Steam.exe

MD5: 6a2e0e49a4f2a9df3e6293e37e7486bd c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll

MD5: f64c4241fe5e519f62c47c361dc671d7 c:\program files (x86)\yahoo!\companion\installs\cpn\ytsingleinstance.dll

MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll

MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe

MD5: be3d584d7c021eb7d89166eecb83c341 C:\Program Files\Common Files\Motive\McciCMService.exe

MD5: ee4c2a137c7088911a8919effc9812e7 C:\Program Files\iPod\bin\iPodService.exe

MD5: 157e9e498206a3366baa7e4697bdd947 c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

MD5: 566ddd5d82520da01d75f81428ac4c38 c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

MD5: 76fcbfd0c78de110468b356f85ec6db3 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

MD5: 13c0d9cba38ffa6d0c9e721b5e7212a0 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

MD5: e12e992a1582f2429d3d290296672f92 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

MD5: d61c339a4dd1df2c138514307439e048 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp64.dll

MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe

MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

MD5: 27626506e07795bb6357f7f2ef78a90b C:\Users\Tim\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll

MD5: 9c17dcd6ddfeb1a012544faf4f2789f6 C:\Windows\AppPatch\AcGenral.DLL

MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:\Windows\AppPatch\AcLayers.DLL

MD5: 6d7de520d8aa80a243347becd401eb54 C:\Windows\AppPatch\AcWow64.DLL

MD5: af78e9d4d1ed741039fa610157f91711 C:\Windows\Downloaded Program Files\DLMControl.dll

MD5: 4334ac34536737bb13dc47b07b7a0c42 C:\Windows\Downloaded Program Files\qsax.dll

MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe

MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe

MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe

MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll

MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\System32\audioses.dll

MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll

MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe

MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll

MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll

MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll

MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll

MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll

MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll

MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll

MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\dnsapi.DLL

MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll

MD5: ccf4e830512c0a298791f1d34b81c215 C:\Windows\system32\DWrite.dll

MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll

MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\Explorer.exe

MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll

MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll

MD5: 1cd5c2dfd2a5bf6da720386679f3c449 C:\Windows\system32\hpzipr12.dll

MD5: 490fc0d07f7c0468e232ab8e8e956719 C:\Windows\system32\IEFRAME.dll

MD5: 07970aa4c392efb133d1a1bfbd66a58f C:\Windows\system32\IEUI.dll

MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL

MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.dll

MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll

MD5: 497c9c3db953a60ec4f43a097e15f75e C:\Windows\system32\MSHTML.dll

MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll

MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe

MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll

MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll

MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll

MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll

MD5: 7e9b1c0eff510cdf93a4cfecf9f2b86e C:\Windows\system32\nvwgf2um.dll

MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll

MD5: bc6b92e13ec81de9c77fa1816cc325d6 C:\Windows\system32\P17RunE.dll

MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\pdh.dll

MD5: edd2ad141debd425d74a52a4d7be6ac4 C:\Windows\System32\Perfctrs.dll

MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll

MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll

MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll

MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll

MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll

MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\samcli.dll

MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe

MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll

MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll

MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll

MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL

MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll

MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll

MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll

MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe

MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll

MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll

MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll

MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll

MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll

MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\windowscodecs.dll

MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll

MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll

MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV

MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll

MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll

MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll

MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\xmllite.dll

MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll

MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll

MD5: 0421441fbf668c7e72eeb658b04aa8c7 C:\Windows\SysWOW64\APOMngr.DLL

MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll

MD5: 45f681a6de7ccd2e2cc3bae71fc1cb51 C:\Windows\SysWOW64\CmdRtr.DLL

MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\comdlg32.dll

MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll

MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll

MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll

MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll

MD5: 490fc0d07f7c0468e232ab8e8e956719 c:\windows\syswow64\ieframe.dll

MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll

MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll

MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\SysWOW64\IPHLPAPI.DLL

MD5: 2f0971c08f73ee881bb54cc7c11dff7b C:\Windows\SysWOW64\jscript9.dll

MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll

MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll

MD5: d5f72e03edf8bdea4847d693237330c7 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll

MD5: 54126cddef533083d0ffdb94810ad1aa C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

MD5: 5006b5dba7979cdc3481e24dd0c03802 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll

MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\SysWOW64\msi.dll

MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll

MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll

MD5: 821f621d859ab9d6b31a13db0ef4b5a8 C:\Windows\SysWOW64\OemSpiE.dll

MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll

MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll

MD5: 175ddf1779085d1750a49e49ae73bc94 C:\Windows\SysWOW64\P17APO32.dll

MD5: bc6b92e13ec81de9c77fa1816cc325d6 C:\Windows\SysWOW64\P17RunE.dll

MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll

MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\SysWOW64\RpcRtRemote.dll

MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll

MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll

MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\syswow64\SHELL32.dll

MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll

MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll

MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\SysWOW64\SXS.DLL

MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll

MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll

MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll

MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll

MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll

MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\SysWOW64\WINMM.dll

MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll

MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll

MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll

MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll

MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL

MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll

MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

No file uploaded.

Scan finished - communication took 4 sec

Total traffic - 0.01 MB sent, 0.94 KB recvd

Scanned 376 files and modules - 24 seconds

==============================================================================

Link to post
Share on other sites

These steps are for timofjungle only. If you are a casual viewer, do NOT try this on your system!

If you are not timofjungle and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Turn off (disable) Lavasoft Ad-Watch and MS Security Essentials antivirus

Right click on the Ad-Watch icon in the system tray.

At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

Active: This will turn Ad-Watch On\Off without closing it.

Automatic: Suspicious activity will be blocked automatically.

Uncheck both of those boxes.

Turn off MS Sec Essentials (leave firewall on)

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 3

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 4

Turn off MS Sec Essentials (leave firewall on)

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 5

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log

Step 6

RE-Enable your antivirus program.

Copy and Paste into reply the contents of aswMBR log

TDSSKILLER log

RogueKiller log

C:\Combofix.txt

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-18 13:31:12

-----------------------------

13:31:12.005 OS Version: Windows x64 6.1.7601 Service Pack 1

13:31:12.005 Number of processors: 2 586 0x170A

13:31:12.005 ComputerName: TIM-PC UserName: Tim

13:31:13.115 Initialize success

13:39:38.611 AVAST engine defs: 12031700

13:40:27.670 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064

13:40:27.670 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3

13:40:27.686 Disk 0 MBR read successfully

13:40:27.686 Disk 0 MBR scan

13:40:27.694 Disk 0 Windows 7 default MBR code

13:40:27.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

13:40:27.709 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848

13:40:27.725 Disk 0 scanning C:\Windows\system32\drivers

13:40:35.016 Service scanning

13:40:50.878 Modules scanning

13:40:50.878 Scan finished successfully

13:41:54.030 Disk 0 MBR has been saved successfully to "C:\Users\Tim\Desktop\Reports\MBR.dat"

13:41:54.030 The log file has been saved successfully to "C:\Users\Tim\Desktop\Reports\aswMBR.txt"

################################################################################

13:42:52.0017 4672 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

13:42:52.0463 4672 ============================================================

13:42:52.0463 4672 Current date / time: 2012/03/18 13:42:52.0463

13:42:52.0463 4672 SystemInfo:

13:42:52.0463 4672

13:42:52.0463 4672 OS Version: 6.1.7601 ServicePack: 1.0

13:42:52.0463 4672 Product type: Workstation

13:42:52.0463 4672 ComputerName: TIM-PC

13:42:52.0463 4672 UserName: Tim

13:42:52.0463 4672 Windows directory: C:\Windows

13:42:52.0463 4672 System windows directory: C:\Windows

13:42:52.0463 4672 Running under WOW64

13:42:52.0463 4672 Processor architecture: Intel x64

13:42:52.0463 4672 Number of processors: 2

13:42:52.0463 4672 Page size: 0x1000

13:42:52.0463 4672 Boot type: Normal boot

13:42:52.0463 4672 ============================================================

13:42:53.0246 4672 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:42:53.0253 4672 \Device\Harddisk0\DR0:

13:42:53.0253 4672 MBR used

13:42:53.0253 4672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

13:42:53.0253 4672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800

13:42:53.0277 4672 Initialize success

13:42:53.0277 4672 ============================================================

13:43:13.0342 0892 ============================================================

13:43:13.0342 0892 Scan started

13:43:13.0342 0892 Mode: Manual;

13:43:13.0342 0892 ============================================================

13:43:13.0920 0892 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:43:13.0928 0892 1394ohci - ok

13:43:13.0959 0892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:43:13.0967 0892 ACPI - ok

13:43:14.0006 0892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:43:14.0006 0892 AcpiPmi - ok

13:43:14.0038 0892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:43:14.0045 0892 adp94xx - ok

13:43:14.0053 0892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:43:14.0061 0892 adpahci - ok

13:43:14.0077 0892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:43:14.0077 0892 adpu320 - ok

13:43:14.0131 0892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:43:14.0139 0892 AFD - ok

13:43:14.0170 0892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:43:14.0178 0892 agp440 - ok

13:43:14.0202 0892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:43:14.0202 0892 aliide - ok

13:43:14.0217 0892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:43:14.0217 0892 amdide - ok

13:43:14.0241 0892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:43:14.0241 0892 AmdK8 - ok

13:43:14.0256 0892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:43:14.0256 0892 AmdPPM - ok

13:43:14.0288 0892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:43:14.0288 0892 amdsata - ok

13:43:14.0312 0892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:43:14.0312 0892 amdsbs - ok

13:43:14.0328 0892 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:43:14.0328 0892 amdxata - ok

13:43:14.0367 0892 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:43:14.0367 0892 AppID - ok

13:43:14.0406 0892 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:43:14.0406 0892 arc - ok

13:43:14.0421 0892 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:43:14.0421 0892 arcsas - ok

13:43:14.0453 0892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:43:14.0460 0892 AsyncMac - ok

13:43:14.0492 0892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:43:14.0500 0892 atapi - ok

13:43:14.0546 0892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:43:14.0554 0892 b06bdrv - ok

13:43:14.0585 0892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:43:14.0585 0892 b57nd60a - ok

13:43:14.0625 0892 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:43:14.0625 0892 Beep - ok

13:43:14.0664 0892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:43:14.0664 0892 blbdrive - ok

13:43:14.0734 0892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:43:14.0734 0892 bowser - ok

13:43:14.0742 0892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:43:14.0742 0892 BrFiltLo - ok

13:43:14.0757 0892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:43:14.0757 0892 BrFiltUp - ok

13:43:14.0789 0892 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

13:43:14.0789 0892 BridgeMP - ok

13:43:14.0812 0892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:43:14.0812 0892 Brserid - ok

13:43:14.0828 0892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:43:14.0828 0892 BrSerWdm - ok

13:43:14.0843 0892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:43:14.0843 0892 BrUsbMdm - ok

13:43:14.0851 0892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:43:14.0851 0892 BrUsbSer - ok

13:43:14.0867 0892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:43:14.0867 0892 BTHMODEM - ok

13:43:14.0882 0892 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:43:14.0882 0892 cdfs - ok

13:43:14.0914 0892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

13:43:14.0921 0892 cdrom - ok

13:43:14.0945 0892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:43:14.0945 0892 circlass - ok

13:43:14.0976 0892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:43:14.0984 0892 CLFS - ok

13:43:15.0015 0892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:43:15.0015 0892 CmBatt - ok

13:43:15.0039 0892 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:43:15.0039 0892 cmdide - ok

13:43:15.0078 0892 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

13:43:15.0085 0892 CNG - ok

13:43:15.0101 0892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:43:15.0101 0892 Compbatt - ok

13:43:15.0140 0892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:43:15.0140 0892 CompositeBus - ok

13:43:15.0164 0892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:43:15.0164 0892 crcdisk - ok

13:43:15.0234 0892 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

13:43:15.0234 0892 CSC - ok

13:43:15.0281 0892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:43:15.0281 0892 DfsC - ok

13:43:15.0296 0892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:43:15.0296 0892 discache - ok

13:43:15.0313 0892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:43:15.0313 0892 Disk - ok

13:43:15.0368 0892 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:43:15.0368 0892 drmkaud - ok

13:43:15.0399 0892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:43:15.0407 0892 DXGKrnl - ok

13:43:15.0477 0892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:43:15.0532 0892 ebdrv - ok

13:43:15.0563 0892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:43:15.0571 0892 elxstor - ok

13:43:15.0602 0892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:43:15.0602 0892 ErrDev - ok

13:43:15.0625 0892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:43:15.0625 0892 exfat - ok

13:43:15.0641 0892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:43:15.0641 0892 fastfat - ok

13:43:15.0665 0892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:43:15.0665 0892 fdc - ok

13:43:15.0696 0892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:43:15.0696 0892 FileInfo - ok

13:43:15.0711 0892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:43:15.0711 0892 Filetrace - ok

13:43:15.0727 0892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:43:15.0727 0892 flpydisk - ok

13:43:15.0766 0892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:43:15.0766 0892 FltMgr - ok

13:43:15.0805 0892 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:43:15.0805 0892 FsDepends - ok

13:43:15.0821 0892 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

13:43:15.0821 0892 Fs_Rec - ok

13:43:15.0875 0892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:43:15.0875 0892 fvevol - ok

13:43:15.0891 0892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:43:15.0899 0892 gagp30kx - ok

13:43:15.0915 0892 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:43:15.0915 0892 GEARAspiWDM - ok

13:43:15.0930 0892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:43:15.0930 0892 hcw85cir - ok

13:43:15.0977 0892 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:43:15.0977 0892 HdAudAddService - ok

13:43:15.0993 0892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:43:15.0993 0892 HDAudBus - ok

13:43:16.0008 0892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:43:16.0008 0892 HidBatt - ok

13:43:16.0024 0892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:43:16.0024 0892 HidBth - ok

13:43:16.0040 0892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:43:16.0040 0892 HidIr - ok

13:43:16.0071 0892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:43:16.0071 0892 HidUsb - ok

13:43:16.0110 0892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:43:16.0110 0892 HpSAMD - ok

13:43:16.0172 0892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:43:16.0180 0892 HTTP - ok

13:43:16.0219 0892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:43:16.0219 0892 hwpolicy - ok

13:43:16.0250 0892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:43:16.0250 0892 i8042prt - ok

13:43:16.0266 0892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:43:16.0282 0892 iaStorV - ok

13:43:16.0313 0892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:43:16.0313 0892 iirsp - ok

13:43:16.0329 0892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:43:16.0329 0892 intelide - ok

13:43:16.0344 0892 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:43:16.0344 0892 intelppm - ok

13:43:16.0391 0892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:43:16.0391 0892 IpFilterDriver - ok

13:43:16.0407 0892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:43:16.0407 0892 IPMIDRV - ok

13:43:16.0422 0892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:43:16.0422 0892 IPNAT - ok

13:43:16.0454 0892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:43:16.0454 0892 IRENUM - ok

13:43:16.0485 0892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:43:16.0485 0892 isapnp - ok

13:43:16.0516 0892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:43:16.0516 0892 iScsiPrt - ok

13:43:16.0532 0892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:43:16.0532 0892 kbdclass - ok

13:43:16.0563 0892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

13:43:16.0563 0892 kbdhid - ok

13:43:16.0594 0892 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

13:43:16.0594 0892 KSecDD - ok

13:43:16.0625 0892 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

13:43:16.0625 0892 KSecPkg - ok

13:43:16.0641 0892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:43:16.0641 0892 ksthunk - ok

13:43:16.0672 0892 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:43:16.0672 0892 lltdio - ok

13:43:16.0719 0892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:43:16.0719 0892 LSI_FC - ok

13:43:16.0735 0892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:43:16.0735 0892 LSI_SAS - ok

13:43:16.0750 0892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:43:16.0750 0892 LSI_SAS2 - ok

13:43:16.0766 0892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:43:16.0766 0892 LSI_SCSI - ok

13:43:16.0782 0892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:43:16.0782 0892 luafv - ok

13:43:16.0829 0892 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

13:43:16.0829 0892 MBAMProtector - ok

13:43:16.0844 0892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:43:16.0844 0892 megasas - ok

13:43:16.0875 0892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:43:16.0875 0892 MegaSR - ok

13:43:16.0907 0892 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:43:16.0907 0892 Modem - ok

13:43:16.0954 0892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:43:16.0954 0892 monitor - ok

13:43:16.0985 0892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:43:16.0985 0892 mouclass - ok

13:43:17.0000 0892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:43:17.0000 0892 mouhid - ok

13:43:17.0032 0892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:43:17.0032 0892 mountmgr - ok

13:43:17.0094 0892 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys

13:43:17.0094 0892 MpFilter - ok

13:43:17.0110 0892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:43:17.0125 0892 mpio - ok

13:43:17.0141 0892 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys

13:43:17.0141 0892 MpNWMon - ok

13:43:17.0157 0892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:43:17.0157 0892 mpsdrv - ok

13:43:17.0235 0892 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

13:43:17.0235 0892 MREMP50 - ok

13:43:17.0266 0892 MREMP50a64 - ok

13:43:17.0266 0892 MREMPR5 - ok

13:43:17.0266 0892 MRENDIS5 - ok

13:43:17.0297 0892 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

13:43:17.0297 0892 MRESP50 - ok

13:43:17.0297 0892 MRESP50a64 - ok

13:43:17.0329 0892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:43:17.0329 0892 MRxDAV - ok

13:43:17.0360 0892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:43:17.0360 0892 mrxsmb - ok

13:43:17.0391 0892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:43:17.0391 0892 mrxsmb10 - ok

13:43:17.0438 0892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:43:17.0438 0892 mrxsmb20 - ok

13:43:17.0485 0892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:43:17.0485 0892 msahci - ok

13:43:17.0516 0892 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:43:17.0516 0892 msdsm - ok

13:43:17.0563 0892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:43:17.0563 0892 Msfs - ok

13:43:17.0579 0892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:43:17.0579 0892 mshidkmdf - ok

13:43:17.0610 0892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:43:17.0610 0892 msisadrv - ok

13:43:17.0688 0892 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys

13:43:17.0688 0892 MSI_MSIBIOS_010507 - ok

13:43:17.0704 0892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:43:17.0704 0892 MSKSSRV - ok

13:43:17.0735 0892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:43:17.0735 0892 MSPCLOCK - ok

13:43:17.0750 0892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:43:17.0750 0892 MSPQM - ok

13:43:17.0782 0892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:43:17.0797 0892 MsRPC - ok

13:43:17.0797 0892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:43:17.0797 0892 mssmbios - ok

13:43:17.0813 0892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:43:17.0813 0892 MSTEE - ok

13:43:17.0829 0892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:43:17.0829 0892 MTConfig - ok

13:43:17.0860 0892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:43:17.0860 0892 Mup - ok

13:43:17.0907 0892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:43:17.0915 0892 NativeWifiP - ok

13:43:17.0977 0892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:43:17.0985 0892 NDIS - ok

13:43:18.0024 0892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:43:18.0024 0892 NdisCap - ok

13:43:18.0047 0892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:43:18.0047 0892 NdisTapi - ok

13:43:18.0094 0892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:43:18.0094 0892 Ndisuio - ok

13:43:18.0133 0892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:43:18.0133 0892 NdisWan - ok

13:43:18.0165 0892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:43:18.0165 0892 NDProxy - ok

13:43:18.0204 0892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:43:18.0204 0892 NetBIOS - ok

13:43:18.0235 0892 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:43:18.0235 0892 NetBT - ok

13:43:18.0297 0892 netr7364 (621559a521682a888d83db34c6ec0bf8) C:\Windows\system32\DRIVERS\netr7364.sys

13:43:18.0297 0892 netr7364 - ok

13:43:18.0339 0892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:43:18.0339 0892 nfrd960 - ok

13:43:18.0363 0892 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:43:18.0371 0892 NisDrv - ok

13:43:18.0402 0892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:43:18.0402 0892 Npfs - ok

13:43:18.0417 0892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:43:18.0417 0892 nsiproxy - ok

13:43:18.0480 0892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:43:18.0503 0892 Ntfs - ok

13:43:18.0605 0892 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys

13:43:18.0605 0892 NTIOLib_1_0_4 - ok

13:43:18.0667 0892 NTIOLib_1_0_6 (c02f70960fa934b8defa16a03d7f6556) C:\Program Files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys

13:43:18.0667 0892 NTIOLib_1_0_6 - ok

13:43:18.0699 0892 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:43:18.0699 0892 Null - ok

13:43:18.0738 0892 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

13:43:18.0738 0892 NVENETFD - ok

13:43:18.0957 0892 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:43:19.0152 0892 nvlddmkm - ok

13:43:19.0199 0892 NVNET (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys

13:43:19.0207 0892 NVNET - ok

13:43:19.0246 0892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:43:19.0246 0892 nvraid - ok

13:43:19.0277 0892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:43:19.0277 0892 nvstor - ok

13:43:19.0300 0892 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys

13:43:19.0308 0892 nvstor64 - ok

13:43:19.0356 0892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:43:19.0356 0892 nv_agp - ok

13:43:19.0387 0892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:43:19.0387 0892 ohci1394 - ok

13:43:19.0442 0892 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys

13:43:19.0458 0892 P17 - ok

13:43:19.0497 0892 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:43:19.0497 0892 Parport - ok

13:43:19.0520 0892 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

13:43:19.0520 0892 partmgr - ok

13:43:19.0536 0892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:43:19.0536 0892 pci - ok

13:43:19.0551 0892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:43:19.0551 0892 pciide - ok

13:43:19.0567 0892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:43:19.0567 0892 pcmcia - ok

13:43:19.0590 0892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:43:19.0590 0892 pcw - ok

13:43:19.0606 0892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:43:19.0614 0892 PEAUTH - ok

13:43:19.0715 0892 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys

13:43:19.0715 0892 Point64 - ok

13:43:19.0754 0892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:43:19.0754 0892 PptpMiniport - ok

13:43:19.0770 0892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:43:19.0770 0892 Processor - ok

13:43:19.0801 0892 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:43:19.0801 0892 Psched - ok

13:43:19.0856 0892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:43:19.0887 0892 ql2300 - ok

13:43:19.0903 0892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:43:19.0903 0892 ql40xx - ok

13:43:19.0918 0892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:43:19.0926 0892 QWAVEdrv - ok

13:43:19.0934 0892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:43:19.0934 0892 RasAcd - ok

13:43:19.0958 0892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:43:19.0958 0892 RasAgileVpn - ok

13:43:20.0090 0892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:43:20.0090 0892 Rasl2tp - ok

13:43:20.0106 0892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:43:20.0106 0892 RasPppoe - ok

13:43:20.0122 0892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:43:20.0122 0892 RasSstp - ok

13:43:20.0161 0892 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:43:20.0161 0892 rdbss - ok

13:43:20.0176 0892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:43:20.0176 0892 rdpbus - ok

13:43:20.0184 0892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:43:20.0184 0892 RDPCDD - ok

13:43:20.0223 0892 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

13:43:20.0223 0892 RDPDR - ok

13:43:20.0247 0892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:43:20.0247 0892 RDPENCDD - ok

13:43:20.0254 0892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:43:20.0254 0892 RDPREFMP - ok

13:43:20.0301 0892 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

13:43:20.0301 0892 RDPWD - ok

13:43:20.0357 0892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:43:20.0357 0892 rdyboost - ok

13:43:20.0388 0892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:43:20.0396 0892 rspndr - ok

13:43:20.0427 0892 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

13:43:20.0427 0892 s3cap - ok

13:43:20.0451 0892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:43:20.0451 0892 sbp2port - ok

13:43:20.0490 0892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:43:20.0490 0892 scfilter - ok

13:43:20.0505 0892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:43:20.0505 0892 secdrv - ok

13:43:20.0529 0892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:43:20.0529 0892 Serenum - ok

13:43:20.0544 0892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:43:20.0544 0892 Serial - ok

13:43:20.0568 0892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:43:20.0568 0892 sermouse - ok

13:43:20.0607 0892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:43:20.0607 0892 sffdisk - ok

13:43:20.0623 0892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:43:20.0623 0892 sffp_mmc - ok

13:43:20.0630 0892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:43:20.0630 0892 sffp_sd - ok

13:43:20.0654 0892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:43:20.0654 0892 sfloppy - ok

13:43:20.0685 0892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:43:20.0685 0892 SiSRaid2 - ok

13:43:20.0708 0892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:43:20.0708 0892 SiSRaid4 - ok

13:43:20.0740 0892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:43:20.0740 0892 Smb - ok

13:43:20.0771 0892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:43:20.0771 0892 spldr - ok

13:43:20.0818 0892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:43:20.0818 0892 srv - ok

13:43:20.0865 0892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:43:20.0865 0892 srv2 - ok

13:43:20.0880 0892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:43:20.0880 0892 srvnet - ok

13:43:20.0935 0892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:43:20.0935 0892 stexstor - ok

13:43:20.0974 0892 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys

13:43:20.0974 0892 StillCam - ok

13:43:21.0021 0892 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

13:43:21.0021 0892 storflt - ok

13:43:21.0037 0892 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

13:43:21.0037 0892 storvsc - ok

13:43:21.0052 0892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:43:21.0052 0892 swenum - ok

13:43:21.0123 0892 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

13:43:21.0154 0892 Tcpip - ok

13:43:21.0201 0892 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

13:43:21.0208 0892 TCPIP6 - ok

13:43:21.0263 0892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:43:21.0263 0892 tcpipreg - ok

13:43:21.0287 0892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:43:21.0287 0892 TDPIPE - ok

13:43:21.0310 0892 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:43:21.0310 0892 TDTCP - ok

13:43:21.0341 0892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:43:21.0341 0892 tdx - ok

13:43:21.0376 0892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:43:21.0376 0892 TermDD - ok

13:43:21.0423 0892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:43:21.0423 0892 tssecsrv - ok

13:43:21.0470 0892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:43:21.0470 0892 TsUsbFlt - ok

13:43:21.0509 0892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:43:21.0509 0892 tunnel - ok

13:43:21.0533 0892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:43:21.0533 0892 uagp35 - ok

13:43:21.0564 0892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:43:21.0564 0892 udfs - ok

13:43:21.0587 0892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:43:21.0587 0892 uliagpkx - ok

13:43:21.0619 0892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:43:21.0619 0892 umbus - ok

13:43:21.0642 0892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:43:21.0642 0892 UmPass - ok

13:43:21.0681 0892 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

13:43:21.0681 0892 USBAAPL64 - ok

13:43:21.0697 0892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

13:43:21.0697 0892 usbccgp - ok

13:43:21.0744 0892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:43:21.0744 0892 usbcir - ok

13:43:21.0759 0892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

13:43:21.0759 0892 usbehci - ok

13:43:21.0814 0892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:43:21.0814 0892 usbhub - ok

13:43:21.0822 0892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

13:43:21.0822 0892 usbohci - ok

13:43:21.0845 0892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:43:21.0845 0892 usbprint - ok

13:43:21.0861 0892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:43:21.0861 0892 USBSTOR - ok

13:43:21.0876 0892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

13:43:21.0876 0892 usbuhci - ok

13:43:21.0916 0892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:43:21.0916 0892 vdrvroot - ok

13:43:21.0923 0892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:43:21.0923 0892 vga - ok

13:43:21.0931 0892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:43:21.0939 0892 VgaSave - ok

13:43:21.0970 0892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:43:21.0978 0892 vhdmp - ok

13:43:21.0986 0892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:43:21.0986 0892 viaide - ok

13:43:22.0009 0892 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

13:43:22.0009 0892 vmbus - ok

13:43:22.0033 0892 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

13:43:22.0033 0892 VMBusHID - ok

13:43:22.0048 0892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:43:22.0048 0892 volmgr - ok

13:43:22.0080 0892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:43:22.0087 0892 volmgrx - ok

13:43:22.0103 0892 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:43:22.0111 0892 volsnap - ok

13:43:22.0150 0892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:43:22.0150 0892 vsmraid - ok

13:43:22.0166 0892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:43:22.0166 0892 vwifibus - ok

13:43:22.0197 0892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:43:22.0197 0892 vwififlt - ok

13:43:22.0220 0892 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

13:43:22.0220 0892 vwifimp - ok

13:43:22.0259 0892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:43:22.0259 0892 WacomPen - ok

13:43:22.0283 0892 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:43:22.0283 0892 WANARP - ok

13:43:22.0283 0892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:43:22.0283 0892 Wanarpv6 - ok

13:43:22.0314 0892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:43:22.0314 0892 Wd - ok

13:43:22.0337 0892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:43:22.0345 0892 Wdf01000 - ok

13:43:22.0370 0892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:43:22.0370 0892 WfpLwf - ok

13:43:22.0393 0892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:43:22.0393 0892 WIMMount - ok

13:43:22.0432 0892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:43:22.0432 0892 WinUsb - ok

13:43:22.0456 0892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:43:22.0456 0892 WmiAcpi - ok

13:43:22.0487 0892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:43:22.0487 0892 ws2ifsl - ok

13:43:22.0518 0892 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys

13:43:22.0518 0892 WSDPrintDevice - ok

13:43:22.0549 0892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:43:22.0549 0892 WudfPf - ok

13:43:22.0596 0892 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:43:22.0596 0892 WUDFRd - ok

13:43:22.0643 0892 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:43:22.0698 0892 \Device\Harddisk0\DR0 - ok

13:43:22.0698 0892 Boot (0x1200) (2fc7370283ab6875e5f3feb9a96f38cf) \Device\Harddisk0\DR0\Partition0

13:43:22.0698 0892 \Device\Harddisk0\DR0\Partition0 - ok

13:43:22.0706 0892 Boot (0x1200) (466c17533e7b6981ce6764d7c27d657d) \Device\Harddisk0\DR0\Partition1

13:43:22.0706 0892 \Device\Harddisk0\DR0\Partition1 - ok

13:43:22.0706 0892 ============================================================

13:43:22.0706 0892 Scan finished

13:43:22.0706 0892 ============================================================

13:43:22.0713 4720 Detected object count: 0

13:43:22.0713 4720 Actual detected object count: 0

#################################################################################

RogueKiller V7.3.1 [03/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Tim [Admin rights]

Mode: Scan -- Date: 03/18/2012 13:46:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

67.215.245.19 www.google-analytics.com.

67.215.245.19 ad-emea.doubleclick.net.

67.215.245.19 www.statcounter.com.

108.163.215.51 www.google-analytics.com.

108.163.215.51 ad-emea.doubleclick.net.

108.163.215.51 www.statcounter.com.

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00AAKS-00UU3 SCSI Disk Device +++++

--- User ---

[MBR] 299ac603133df34fd43bc0e929759288

[bSP] 49dd0c4d50a4c4d7f01a67f585d61b92 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

################################################################################

ComboFix 12-03-17.01 - Tim 03/18/2012 13:53:50.2.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.4336 [GMT -5:00]

Running from: c:\users\Tim\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))))

.

.

2012-03-18 18:58 . 2012-03-18 18:58 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-03-18 18:58 . 2012-03-18 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-18 04:57 . 2012-03-18 04:57 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F5BD689-2EA2-43E1-B7A0-32ED75CB17C9}\offreg.dll

2012-03-18 00:27 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F5BD689-2EA2-43E1-B7A0-32ED75CB17C9}\mpengine.dll

2012-03-17 21:25 . 2012-03-17 21:25 -------- d-----w- c:\users\Tim\AppData\Roaming\QuickScan

2012-03-17 21:02 . 2012-03-17 21:15 -------- d-----w- C:\rsit

2012-03-17 21:02 . 2012-03-17 21:15 -------- d-----w- c:\program files\trend micro

2012-03-17 20:57 . 2012-03-17 20:57 -------- d-----w- c:\program files (x86)\ERUNT

2012-03-14 08:04 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 08:04 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 08:04 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 01:41 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 01:41 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 01:41 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 01:39 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 01:39 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 01:39 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 01:39 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 01:39 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 01:39 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 01:39 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-13 00:22 . 2012-03-13 00:22 -------- d-----w- c:\users\Tim\AppData\Local\My Games

2012-03-11 14:17 . 2012-03-11 14:31 -------- d-----w- c:\program files (x86)\PC Tools

2012-03-11 13:53 . 2012-02-24 15:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-03-11 13:53 . 2012-03-11 14:31 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-03-11 13:52 . 2012-03-11 14:29 -------- d-----w- c:\programdata\PC Tools

2012-03-11 13:52 . 2012-03-11 13:52 -------- d-----w- c:\users\Tim\AppData\Roaming\TestApp

2012-03-10 01:42 . 2012-03-16 00:21 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-03-10 01:42 . 2012-03-16 00:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-08 23:03 . 2012-03-08 23:03 -------- d-----w- c:\program files\CCleaner

2012-03-03 21:49 . 2012-03-03 21:49 -------- d-----w- c:\program files (x86)\Setup Files

2012-03-03 21:44 . 2012-03-03 21:44 -------- d-----w- c:\program files (x86)\MSI

2012-03-03 01:06 . 2012-03-03 01:06 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes

2012-03-03 01:06 . 2012-03-03 01:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-03 01:06 . 2012-03-03 01:06 -------- d-----w- c:\programdata\Malwarebytes

2012-03-03 01:06 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-02 23:20 . 2012-03-02 23:20 778736 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe

2012-03-02 23:20 . 2012-03-02 23:20 148480 ----a-w- c:\programdata\Microsoft\Windows\DRM\ncrypt.dll

2012-03-02 23:20 . 2012-03-02 23:20 148480 ----a-w- c:\programdata\Microsoft\Windows\DRM\55D7.tmp

2012-03-02 23:20 . 2012-03-02 23:20 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5559.tmp

2012-03-02 23:20 . 2012-03-02 23:20 148480 ----a-w- c:\programdata\Microsoft\Windows\DRM\5558.tmp.dat

2012-02-29 18:26 . 2012-02-29 18:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-02-28 02:56 . 2012-03-14 08:23 -------- d-----w- c:\users\UpdatusUser

2012-02-28 02:56 . 2012-03-16 00:21 -------- d-----w- c:\programdata\NVIDIA

2012-02-28 02:56 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll

2012-02-28 02:56 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-28 02:56 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-28 02:56 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-02-28 02:56 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-28 02:55 . 2012-02-28 02:55 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-02-28 02:44 . 2012-03-01 00:02 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-02-28 02:44 . 2012-03-01 00:02 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-02-28 02:44 . 2012-03-01 00:02 1737536 ----a-w- c:\windows\system32\nvdispco64.dll

2012-02-28 02:44 . 2012-03-01 00:02 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-02-28 02:44 . 2012-03-01 00:02 1466176 ----a-w- c:\windows\system32\nvgenco64.dll

2012-02-28 02:44 . 2012-03-01 00:02 2660160 ----a-w- c:\windows\system32\nvapi64.dll

2012-02-28 02:44 . 2012-03-01 00:02 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-02-28 01:52 . 2012-02-28 01:53 -------- d-----w- c:\program files\iTunes

2012-02-28 01:52 . 2012-02-28 01:52 -------- d-----w- c:\program files\iPod

2012-02-21 20:39 . 2012-02-21 20:39 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-02-21 20:28 . 2012-03-17 20:55 -------- d-----w- c:\programdata\Lavasoft

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-10 09:16 . 2012-02-10 09:16 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{30514EBE-9ED3-4E34-AE45-6EEF2EF9E7AF}\gapaengine.dll

2012-02-08 07:13 . 2010-08-11 02:29 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-31 12:44 . 2010-08-05 21:06 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-04 10:44 . 2012-02-14 19:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-14 19:44 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-30 06:26 . 2012-02-14 19:44 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-14 19:44 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-14 19:44 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-10_21.19.06 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-14 01:25 . 2012-03-01 00:02 61248 c:\windows\SysWOW64\OpenCL.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 61248 c:\windows\SysWOW64\OpenCL.dll

- 2009-07-14 04:54 . 2012-03-09 20:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-16 19:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-03-09 20:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-16 19:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-16 19:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-09 20:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-08-05 21:25 . 2012-03-16 00:23 38032 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-16 00:23 39830 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-08-05 20:50 . 2012-03-16 00:23 10898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1083885131-3927673959-2532517918-1000_UserData.bin

- 2012-02-28 02:44 . 2012-02-10 04:13 68928 c:\windows\system32\OpenCL.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 68928 c:\windows\system32\OpenCL.dll

- 2009-07-14 05:30 . 2012-02-28 02:56 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 05:30 . 2012-03-14 01:29 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2012-03-14 01:25 . 2012-03-01 00:02 68928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\OpenCL64.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 61248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\OpenCL.dll

+ 2010-08-05 22:16 . 2012-03-16 00:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-05 22:16 . 2012-03-10 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-05 22:16 . 2012-03-10 21:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-08-05 22:16 . 2012-03-16 00:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-10 21:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-16 00:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-03-10 09:02 . 2012-03-10 09:02 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 66936 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 22928 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 22928 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 38304 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 38304 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 91488 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 91488 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL

+ 2012-03-18 08:01 . 2012-03-18 08:01 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL

+ 2012-03-14 01:25 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdetx.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 4096 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdet.dll

- 2012-03-08 21:52 . 2012-03-08 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-16 00:21 . 2012-03-16 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-08 21:52 . 2012-03-08 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-16 00:21 . 2012-03-16 00:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-18 08:01 . 2012-03-18 08:01 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll

- 2009-07-14 02:36 . 2012-02-28 09:02 635030 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-16 10:15 635030 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-02-28 09:02 111564 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-03-16 10:15 111564 c:\windows\system32\perfc009.dat

+ 2009-07-14 04:45 . 2012-03-14 08:20 417920 c:\windows\system32\FNTCACHE.DAT

- 2009-07-14 04:45 . 2012-02-19 02:17 417920 c:\windows\system32\FNTCACHE.DAT

+ 2009-07-14 05:30 . 2012-03-14 01:29 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-02-28 02:56 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2012-02-28 02:56 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2012-03-14 01:29 143360 c:\windows\system32\DriverStore\infstor.dat

+ 2012-03-14 01:25 . 2012-02-29 23:57 398144 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_3a11d6301ac5e6e6\nvstusb64.sys

+ 2012-03-14 01:25 . 2012-03-01 00:02 962368 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvumdshimx.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 812352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvumdshim.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 310592 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvml.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 260416 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvinitx.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 215360 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvinit.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 201024 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvidia-smi.exe

+ 2012-03-14 01:25 . 2012-03-01 00:02 202752 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdxgiwrapx.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 182080 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdxgiwrap.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 325888 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdrsdb.bin

+ 2012-03-14 01:25 . 2012-03-01 00:02 301376 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdecodemft32.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 364352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdecodemft.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 261120 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\Nvd3d9wrapx.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 236352 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\Nvd3d9wrap.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 224064 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\dbInstaller.exe

+ 2009-07-14 04:46 . 2012-03-17 20:58 107744 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2009-07-14 05:01 . 2012-03-08 21:46 387412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-03-16 00:20 387412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2008-08-08 19:46 . 2008-08-08 19:46 242176 c:\windows\Installer\ddb89d0.msi

+ 2008-08-08 19:11 . 2008-08-08 19:11 232960 c:\windows\Installer\696be0b.msi

+ 2011-04-19 09:21 . 2011-04-19 09:21 235520 c:\windows\Installer\310d336.msi

+ 2012-03-17 20:57 . 2005-10-20 17:02 163328 c:\windows\ERDNT\3-17-2012\ERDNT.EXE

+ 2012-03-14 20:47 . 2012-03-14 20:47 710304 c:\windows\Downloaded Program Files\qsax.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

+ 2012-03-18 08:01 . 2012-03-18 08:01 226656 c:\windows\assembly\GAC\office\11.0.0.0__71e9bce111e9429c\OFFICE.DLL

- 2012-03-10 09:02 . 2012-03-10 09:02 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL

+ 2012-03-18 08:01 . 2012-03-18 08:01 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL

- 2012-03-10 09:02 . 2012-03-10 09:02 374152 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 374152 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 664968 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 664968 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 214424 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 214424 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 226712 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 226712 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 477056 c:\windows\assembly\GAC\Microsoft.Office.Interop.Owc11\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Owc11.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 411024 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 411024 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 144784 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 144784 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 2517312 c:\windows\SysWOW64\nvcuvid.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2517312 c:\windows\SysWOW64\nvcuvid.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 2437440 c:\windows\SysWOW64\nvcuvenc.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2437440 c:\windows\SysWOW64\nvcuvenc.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 5892928 c:\windows\SysWOW64\nvcuda.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 5892928 c:\windows\SysWOW64\nvcuda.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2672448 c:\windows\system32\nvcuvid.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 2672448 c:\windows\system32\nvcuvid.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 2872640 c:\windows\system32\nvcuvenc.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2872640 c:\windows\system32\nvcuvenc.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 8008000 c:\windows\system32\nvcuda.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 8008000 c:\windows\system32\nvcuda.dll

+ 2012-03-14 01:25 . 2012-02-29 23:57 1466176 c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_3a11d6301ac5e6e6\nvgenco64.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 9717568 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvwgf2umx.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 7713088 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvwgf2um.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 1466176 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvgenco64.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 1737536 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvdispco64.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2517312 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuvid32.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2672448 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuvid.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2872640 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuvenc64.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2437440 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuvenc.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 5892928 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuda32.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 8008000 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcuda.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2660160 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvapi64.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 2301248 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvapi.dll

- 2009-07-14 04:45 . 2012-03-08 01:31 7378914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-03-17 20:58 7378914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2010-09-29 08:15 . 2012-03-16 00:20 4746700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1083885131-3927673959-2532517918-1000-8192.dat

+ 2011-05-11 08:19 . 2012-03-14 08:20 7423460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1083885131-3927673959-2532517918-1000-12288.dat

- 2011-05-11 08:19 . 2012-03-03 20:07 7423460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1083885131-3927673959-2532517918-1000-12288.dat

+ 2012-03-17 20:57 . 2012-03-17 20:57 2473984 c:\windows\ERDNT\3-17-2012\Users\00000002\UsrClass.dat

+ 2012-03-17 20:57 . 2012-03-17 20:57 2813952 c:\windows\ERDNT\3-17-2012\Users\00000001\NTUSER.DAT

- 2012-03-10 09:02 . 2012-03-10 09:02 1103248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 1103248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll

- 2012-03-10 09:02 . 2012-03-10 09:02 1000848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

+ 2012-03-18 08:01 . 2012-03-18 08:01 1000848 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2011-12-07 15:42 . 2011-12-07 15:42 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-13 00:21 . 2012-03-13 00:21 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 19444544 c:\windows\SysWOW64\nvoglv32.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 17543488 c:\windows\SysWOW64\nvcompiler.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 17543488 c:\windows\SysWOW64\nvcompiler.dll

+ 2009-07-14 02:34 . 2012-03-14 08:19 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2012-03-02 01:35 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2012-03-14 01:25 . 2012-03-01 00:02 25543488 c:\windows\system32\nvoglv64.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 17642816 c:\windows\system32\nvd3dumx.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 17642816 c:\windows\system32\nvd3dumx.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 25222976 c:\windows\system32\nvcompiler.dll

- 2012-02-28 02:44 . 2012-02-10 04:13 25222976 c:\windows\system32\nvcompiler.dll

+ 2010-08-05 22:14 . 2012-03-14 08:02 56297240 c:\windows\system32\MRT.exe

+ 2012-03-14 01:25 . 2012-03-01 00:02 25543488 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvoglv64.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 19444544 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvoglv32.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 13626688 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvlddmkm.sys

+ 2012-03-14 01:25 . 2012-03-01 00:02 17642816 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvd3dumx.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 15009600 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvd3dum.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 30741136 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\NvCplSetupEng.exe

+ 2012-03-14 01:25 . 2012-03-01 00:02 17543488 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcompiler32.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 25222976 c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_6eca90daa8e200e9\nvcompiler.dll

+ 2012-03-14 01:25 . 2012-03-01 00:02 13626688 c:\windows\system32\drivers\nvlddmkm.sys

+ 2011-04-17 08:22 . 2012-03-16 00:20 60189512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1083885131-3927673959-2532517918-1000-4096.dat

+ 2012-02-13 16:57 . 2012-02-13 16:57 30412800 c:\windows\Installer\bfbf25f.msi

+ 2012-03-17 20:57 . 2012-03-17 20:57 10756096 c:\windows\ERDNT\3-17-2012\SCHEMA.DAT

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-10 1242448]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-20 3077528]

"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"P17RunE"="P17RunE.dll" [2008-03-28 14848]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-08-05 79360]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]

R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7380v140\NTIOLib_X64.sys [2011-01-06 11888]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 01862315

*NewlyCreated* - ASWMBR

*Deregistered* - 01862315

*Deregistered* - aswMBR

*Deregistered* - Lavasoft Kernexplorer

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083885131-3927673959-2532517918-1000Core.job

- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 13:46]

.

2012-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1083885131-3927673959-2532517918-1000UA.job

- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-18 13:46]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://us.mg204.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=bvnkkbjfn8b7s

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

Trusted Zone: $talisma_url$

TCP: DhcpNameServer = 192.168.1.254

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1083885131-3927673959-2532517918-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:fa,cc,6c,9e,5f,af,2d,28,a0,15,6b,fb,df,d0,d4,02,ff,43,cb,fb,8d,15,4d,

e5,15,cc,44,a7,c4,3c,c4,9c,8d,30,d5,6c,f2,0c,c4,39,6c,fa,8a,8e,ec,fc,ab,bc,\

"??"=hex:ce,24,ef,5a,23,59,f2,a4,87,a8,db,ad,69,50,39,cf

.

[HKEY_USERS\S-1-5-21-1083885131-3927673959-2532517918-1000\Software\SecuROM\License information*]

"datasecu"=hex:fa,6a,6d,ed,55,89,c7,df,b2,72,e1,6a,35,d1,13,5d,b6,e4,d0,09,14,

fa,15,1a,d9,74,8d,c7,bf,bb,33,e9,79,92,91,fc,77,9a,05,3a,f0,ee,5e,f1,d7,d1,\

"rkeysecu"=hex:ba,a1,c8,b0,12,0f,5e,8e,d7,de,d5,b8,e8,41,26,98

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-18 13:59:48

ComboFix-quarantined-files.txt 2012-03-18 18:59

ComboFix2.txt 2012-03-10 21:19

.

Pre-Run: 115,454,287,872 bytes free

Post-Run: 115,097,915,392 bytes free

.

Link to post
Share on other sites

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT

Step 2

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log & OTL MovedFiles log

and tell me, How is your browser redirect issue ?

There will be more to do later: The Adobe Reader is out-of-date & the Flash Player also.

Edited by Maurice Naggar
Link to post
Share on other sites

I haven't had a browser redirect in a while, but it probably only occurs once every 20 times or so that i click on a link. I haven't had much time to do internet surfing since when I'm at my computer I'm running these scans, but I'll do some surfing and try it out. Here are the logs, and thank you for your continued help.

Eset found and removed four items, but this is all that was in the log file.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

####################################################################################

All processes killed

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: Tim

->Temp folder emptied: 1554 bytes

->Temporary Internet Files folder emptied: 48978783 bytes

->Java cache emptied: 4409564 bytes

->Google Chrome cache emptied: 32082357 bytes

->Flash cache emptied: 56996 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 401408 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16600 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

User: Tim

->Flash cache emptied: 0 bytes

User: UpdatusUser

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.39.1 log created on 03192012_120520

Files\Folders moved on Reboot...

C:\Users\Tim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

You noted,

I haven't had a browser redirect in a while, but it probably only occurs once every 20 times or so that i click on a link.
That is way too often. Be not so quick to click. Be extremely careful in your selection. Before clicking, look at the actual web address shown on the status bar at bottom of your browser window.

Step 1

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 2

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or any other widget or toolbar !!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Step 3

Disable your antivirus program before this scan

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not disable the firewall.

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.

Follow the directions in the F-Secure page for proper Installation.

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into your next reply

Step 4

RE-Enable your antivirus program.

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Step 5

I would suggest you get the Web of Trust add-on for each of your browsers (Internet Explorer, Firefox, Google [as applicable]).

This will provide an added edge in reducing odds of browsing to bad sites.

http://www.mywot.com/en/download

Step 6

I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm

That would help to keep your browser away from known spyware/malware sites.

Step 7

Reply with a copy of contents of the latest MBAM scan log and

the F-Secure scan log, and

tell me, How is your system now :excl:

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.22.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Tim :: TIM-PC [administrator]

3/22/2012 2:58:56 PM

mbam-log-2012-03-22 (14-58-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222846

Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

##############################################################################################

, 22, 2012 15:39:43 - 16:54:33

TIM-PC

C:\

--------------------------------------------------------------------------------

Suspicious:W32/Malware!Gemini ()

C:\PROGRAM FILES (X86)\TURBINE\THE LORD OF THE RINGS ONLINE\LOTROCLIENT.EXE

Suspicious:W32/Malware!Gemini ()

C:\PROGRAM FILES (X86)\TURBINE\THE LORD OF THE RINGS ONLINE\BACKUP\LOTROCLIENT.EXE

--------------------------------------------------------------------------------

:

: 75773

: 6143

: 144

:

: 0

: 0

: 0

: 2

: 2

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\TEMP\TMP00000020E8783B869C220D34

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\SAM

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE

C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM

C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB

C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB

C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\ROAMING\PEERNETWORKING\B7E86C556DDDF859700A1D3581B6AA6D6CB6DDF5.HOMEGROUPCLASSIFIER\48F6335230E411DB92FDE5B219C5305C\GROUPING\DB.MDB

C:\USERS\TIM\APPDATA\LOCAL\TEMP\LOW\HSPERFDATA_TIM\4920

C:\USERS\TIM\APPDATA\LOCAL\TEMP\HSPERFDATA_TIM\4844

C:\SYSTEM VOLUME INFORMATION\{0A735DB2-7204-11E1-A6BD-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{0A735E44-7204-11E1-A6BD-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{0A735ED6-7204-11E1-A6BD-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{82779541-6DAE-11E1-9C22-8B459D939665}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{BDE016B0-7202-11E1-ABCB-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{D25D2205-71E5-11E1-9897-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{D2D03D55-6BA1-11E1-8513-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{E8BEFD8B-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{E8BEFE18-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{E8BEFE90-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{E8BEFF57-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{E8BEFFF9-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\SYSTEM VOLUME INFORMATION\{E8BF001B-6EFD-11E1-9C7C-002185155E99}{3808876B-C176-4E48-B7AE-04046E6CC752}

C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\MPDIAG.BIN

C:\PROGRAMDATA\MICROSOFT\MICROSOFT ANTIMALWARE\SCANS\HISTORY\CACHEMANAGER\MPSCANCACHE-0.BIN

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\011443EB31ACBD7069F1DBB5B4D2ACA5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\045BDEBEB1B33758ACE0B92D48E20678_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04E0A66AEEDD32A3C1A49D1325952D7E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\067733E50C20E9DDD406F39416105135_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0AF82A592E24CE7F0F67FEA65A3D01C8_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D90C430AAC3178E5E91952FFF2EB0EC_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0FCA11F4E485F582CAD745C73EBEBFEA_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\14CCC6CB511A061DD3EB01F6E320A7AA_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\186748CC8F5B277A6709AF446F26721A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1C38B7472E4DD4BD2E82AAABE04D150C_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1E5C4A9F341215A5015B4617122EF7A9_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1EF2F12A1BB1874D71B6890D85A44AA0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2234C5CBA4B51BD1F72697A8BFF9BD4E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\23CAF99179E7B233F259F24967A4BCF6_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\27FB2A91500F8FAD3983AB955B4A2D6B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\28AB83510F4BE4583D1C4574F408CF23_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2B3DCF18B014C811E5679F3E72FAE466_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\301A28EFA0AD4662770068D2B5DAEC52_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\31F5E1E887561D6A10DB2BA3F96B59E4_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3A6949E14F3D08F514B04476D2A69D99_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3CC8EA9AAC549772719455B43FAB7626_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3218D4F40145635A7043C0DCB279E9C9_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\37FF6661235D15BEF94DE789F782E606_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\402A6C27FDCFE7472C1950AFE9643FB3_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\395ACC5B7C4F72460E6D6C74DE382F45_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\408C6A542F2B9E333619669D55F0B325_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42CF05633FEF97895F439FB707830AE7_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\425BB0F879F1BE458FF4ADA8FCC00E70_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43491FA3C77E01F0A56E65E695B0D6D3_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47394F8D08B475F6D75A1D81B223A0CF_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\475EEBE0EC0B9F0AAC58A1C88ECBCC01_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\47C83DC34B7E88317D4C4C0324CEA9E8_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\486A289DF1C892118BE46F90DB60924C_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4546E6D4C59AB097B21B5568C5030F44_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4D040C1E676914C165EB8B8584AE0594_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4FE8DC9E1704865B335343E11EBC117B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\503B27D75F26A68C920B37FA5235ADD1_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\517730A9ED545C51C67ADA56ACFEE61E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54633532C962990295DFB7179FC1F64B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\63B199EBDFCA8CD462470C0F4D3807DD_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\679F123EA91A574437B29FBDDD6C2E7E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\68C223552ADABD85A0A46E868191A37B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6CA5EC4A5E29E944B04EB79987872E74_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\723045502B4E559C73C1CD82F75472F0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72BC8493D463C54DE0EB08A78787D7BE_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\73320B8787040A01A2360DF2B0CF8AF5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76DB1A82E37CB102BD8A5E6E8AA73DF2_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78174FD7D944CFA189F6BE5E49EFE1C4_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7C6B2CC70743D0242916CFA072827739_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7D838D2404B870EF805B5E7A09DF55BB_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FA5936145E52EC93400A219161F9A87_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\81B252EFE9F898844FEE2EBD3F3263CF_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8388C9DD1F356873D3DC3F0C2D6DE614_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\84A26D85BAC222B2D2B2AD525623823E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8590BC8A643435FF05106D500069771A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8C6F6299A50A1A676D39754B0D8B4CB3_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D39DC44783BBBED72001DD1CC8D9781_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92AA0502D49282462CB4C1EB81C883E6_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\94D96768116EAC5E7CE5D0AD6965E182_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\95A29BC2BE4D23D8FFFA95F5C31EC81D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\993ADAC6410C78B5DCCAEC43302D1C47_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\96D66B345CAC937B59C3AEBCF794CC99_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9AE6E7E68FC197D0EEF262FD87F04D4A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0093B4FFCE9290F8452DD27B5D24156_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A06B0FCA8DD7E823EE7323A8EC369930_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A2E2FB159AC8ECC4F661A6462A461353_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4A76869ED7F556B9E8050259BF89CA4_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A4C9D40D4C8072E15F589DF4DE2513DC_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A65CD14D071900A9E41651D444D9C6B0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AABA228B924D3392EF3F009416D910CC_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9B368E1F7EC460A0A03D78F4C916155A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAEC1922E5619DBFA9D6AA6B9CBF295F_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AC06684E3637CBDCBF07E7016DECA5A0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AB74A9272B14EA2BC8416BF890E45F4C_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B3340BCF3DAF9303843214CBDCFCDC06_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4F5CBB7E190824751FB36B268EFD02D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B5DCF4BDCF99030B7E6CBF871EB8796D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB1656E87BCA337DE53A2A1DB76019EC_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BCF058C7782655A5E31110B95B74DA35_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BDC95FBA858571EA72304AF7AED3CB46_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0724FE8ED0A7D721557EC3762987561_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C40604441C59F94C9EBF5D572344545E_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8271FD027FA552C7EBF16B776690848_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C830D2E5C10A6D627EAA51ACD10E300A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC9EA836A66EE0D0789851DAE67E51D0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CDB204D07D7210F78E1794BCE47C3DE0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CE6EA861F335E7AA3B106C7E1741D1C5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D0F7AE117AEA85B44D9306853CE7164D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1072A2D01B1B2435B0135CC3A7ECB53_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D12201846BB1F642A96EB9DA731FBF63_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D170167C266BDC3A3823ED6191ABEE66_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D26BB40BF12A5111720F80A90F210571_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D443E7AEC429288BC2B7F6C145E49926_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D5A500608597BAF0FC667F63D8929717_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D63FD78D6B08BF96DD5A978D294BCE0A_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D76AA57BF23D51DB1C6FFCF0C51F5F4B_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D995B3FE8ECBEEAC126D2B205D9B2FF0_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DBE8D908215A72D0AF6B303509668D81_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC03753AB3363D7C3C180A6213C16EE5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC6252FACC12D4F75B6C036433DA23C5_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE0EC3180B18A63AE06B10274BF8AF11_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DFCA39A223ED5810A54268505F8ACC18_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8A20A05E25ADC83EEFE4168214A7EA8_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E9141B3E145BC1B712FCDACBBD2D90C1_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E99333BD017F645312A262E5487D274D_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ED220655326D5CD3DC655CD7FF519324_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F1EF6A706D21B71A899DA7E90B7FDB55_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F656B7A42783AD539F5F013CC0E8D4DF_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FB11BF0B4098A8D4BBF24DE5C87AF246_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FD2A8DC7DF790F25BF308A74427FD805_0AF11183-8CBB-41CA-A640-DFAFCD436EA3

--------------------------------------------------------------------------------

COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR

--------------------------------------------------------------------------------

|

I haven't seen a redirect in quite a while. When they were happening, they weren't coming from bad links. I'd click on a valid link at something fairly secure (hulu.com for example) but it would redirect me to another IP address/search page. If I hit the back button on my browser and clicked on the same link again, it would take me to the correct place. I haven't had this happen in a week or so now.

Tim

Link to post
Share on other sites

Hello Tim,

Very good to hear that the redirect issue is gone away. Please practice safer surfing (see below).

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it combofix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Tim\Desktop\ComboFix /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

We are finished here. Best regards.

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.