RichHeller

Google redirect virus

30 posts in this topic

When I do a search on google, the address of the links changes when I click on them. Well, the first one changes. If I right click on a link, it will change it to another address. After that, the other links on the page are unaffected.

Malwarebytes quick scan results

------------------------------------------

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.29.09

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

rich :: RICH-PC [administrator]

4/2/2012 9:05:10 AM

mbam-log-2012-04-02 (09-05-10).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 190005

Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.log

----------------------------------------

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0

Run by rich at 9:09:15 on 2012-04-02

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2156 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\system32\rundll32.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe

C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

C:\Windows\system32\conhost.exe

C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\M-AudioTaskBarIcon.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{855A61B4-F3AB-4273-AA7C-3A9801B994B6} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{96E1D7E3-0FF9-4000-AC2A-8104715BC0B7} : DhcpNameServer = 192.168.0.1

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\rich\appdata\roaming\mozilla\firefox\profiles\kvtcmbdk.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N "postgresql-9.0" -D "C:/Program Files/PostgreSQL/9.0/data" -w --> C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 [?]

R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-7-13 229888]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-2 40776]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\drivers\MAudioFastTrack.sys [2010-12-7 158344]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-7-27 15872]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-27 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-20 1343400]

.

=============== Created Last 30 ================

.

2012-04-02 14:05:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-03-30 23:33:08 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-30 23:33:07 -------- d-----w- c:\users\rich\appdata\local\temp

2012-03-30 23:22:49 98816 ----a-w- c:\windows\sed.exe

2012-03-30 23:22:49 518144 ----a-w- c:\windows\SWREG.exe

2012-03-30 23:22:49 256000 ----a-w- c:\windows\PEV.exe

2012-03-30 23:22:49 208896 ----a-w- c:\windows\MBR.exe

2012-03-14 18:23:27 -------- d-----w- c:\program files\M-Audio

2012-03-11 00:15:01 68068 ----a-w- c:\windows\system32\bassmididrvuninstall.exe

2012-03-11 00:15:01 -------- d-----w- c:\windows\system32\bassmididrv

2012-03-10 22:39:58 -------- d-----w- c:\users\rich\TruePianos Settings

2012-03-10 22:39:31 -------- d-----w- c:\users\rich\appdata\roaming\Cakewalk

2012-03-10 22:35:17 -------- d-----w- c:\program files\common files\Native Instruments

2012-03-10 22:35:14 -------- d-----w- c:\program files\common files\Digidesign

2012-03-10 22:34:29 -------- d-----w- c:\program files\Native Instruments

2012-03-10 22:27:21 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-03-10 22:27:21 487424 ----a-w- c:\windows\system32\msvcp70.dll

2012-03-10 22:27:21 368640 ----a-w- c:\windows\system32\ReWire.dll

2012-03-10 22:27:21 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-03-10 22:27:21 344064 ----a-w- c:\windows\system32\msvcr70.dll

2012-03-10 22:27:21 1047552 ----a-w- c:\windows\system32\mfc71u.dll

2012-03-10 22:27:18 1060864 ----a-w- c:\windows\system32\mfc71.dll

2012-03-10 22:26:45 -------- d-----w- c:\programdata\Cakewalk

2012-03-10 22:26:45 -------- d-----w- c:\program files\Cakewalk

2012-03-10 22:26:45 -------- d-----w- C:\Cakewalk Projects

.

==================== Find3M ====================

.

2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 9:09:42.83 ===============

Attach.txt

---------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 11/20/2010 12:25:40 AM

System Uptime: 4/2/2012 4:11:26 AM (5 hours ago)

.

Motherboard: Dell Inc. | | 0H275K

Processor: Intel® Core2 Duo CPU T5850 @ 2.16GHz | Microprocessor | 996/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 217.518 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5.348 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0CF0

Service:

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0BF0

Service:

.

Class GUID:

Description:

Device ID: ACPI\ITE8708\4&1E0559A0&0

Manufacturer:

Name:

PNP Device ID: ACPI\ITE8708\4&1E0559A0&0

Service:

.

Class GUID:

Description: Base System Device

Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0

Manufacturer:

Name: Base System Device

PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_02561028&REV_12\4&2CB1F2EC&0&0AF0

Service:

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Absolute Poker

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X

Android SDK Tools

Audacity 1.2.6

Compatibility Pack for the 2007 Office system

ESET Online Scanner v3

Finale Reader 2011

Full Tilt Poker

Guitar Pro 5.2

Java Auto Updater

Java DB 10.5.3.0

Java 7 Update 1

M-Audio FastTrack Driver 6.0.6 (x86)

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Office Word Viewer 2003

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 4.0.1 (x86 en-US)

Mp3tag v2.48

Native Instruments Guitar Rig 3

Native Instruments Service Center

NetBeans IDE 7.0 Beta 2

PokerStars

PostgreSQL 9.0

SONAR 8.0 Producer Edition

Winamp

Winamp Detector Plug-in

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

4/2/2012 8:40:54 AM, Error: atikmdag [43029] - Display is not active

3/30/2012 6:36:32 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

3/30/2012 6:31:11 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/29/2012 4:59:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/29/2012 4:59:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/29/2012 4:59:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/29/2012 4:59:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/29/2012 4:59:09 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Please download Gmer from here and save it to your Desktop.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    th_Gmer_initScan.gif
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)

    [*] Then click the Scan button & wait for it to finish.

    [*] Once done click on the [save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.

    [*]Save it where you can easily find it, such as your desktop

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Share this post


Link to post
Share on other sites

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-04-03 14:35:17

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-75ZCT2 rev.11.01A11

Running: gmer.exe; Driver: C:\Users\rich\AppData\Local\Temp\pxldrpow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{2B754346-56B8-42EE-B406-E2CCACEB027B}\Connection@Name isatap.{87969DCC-9B23-468E-B0A8-9D57C8CAEFBF}

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{EB4A2B50-1ECF-48B2-AED2-6552D7E6FD7F}?\Device\{2B754346-56B8-42EE-B406-E2CCACEB027B}?\Device\{F77D4552-B0B1-4E81-8963-D46A9AF67B8E}?\Device\{BCDBE0DC-ACAF-4B83-AF81-BFD2AA53A0FA}?

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{EB4A2B50-1ECF-48B2-AED2-6552D7E6FD7F}"?"{2B754346-56B8-42EE-B406-E2CCACEB027B}"?"{F77D4552-B0B1-4E81-8963-D46A9AF67B8E}"?"{BCDBE0DC-ACAF-4B83-AF81-BFD2AA53A0FA}"?

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{EB4A2B50-1ECF-48B2-AED2-6552D7E6FD7F}?\Device\TCPIP6TUNNEL_{2B754346-56B8-42EE-B406-E2CCACEB027B}?\Device\TCPIP6TUNNEL_{F77D4552-B0B1-4E81-8963-D46A9AF67B8E}?\Device\TCPIP6TUNNEL_{BCDBE0DC-ACAF-4B83-AF81-BFD2AA53A0FA}?

Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2B754346-56B8-42EE-B406-E2CCACEB027B}@InterfaceName isatap.{87969DCC-9B23-468E-B0A8-9D57C8CAEFBF}

Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{2B754346-56B8-42EE-B406-E2CCACEB027B}@ReusableType 0

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 11438

---- EOF - GMER 1.0.15 ----

Share this post


Link to post
Share on other sites

Hy there,

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Share this post


Link to post
Share on other sites

13:17:27.0346 2244 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32

13:17:27.0767 2244 ============================================================

13:17:27.0767 2244 Current date / time: 2012/04/04 13:17:27.0767

13:17:27.0767 2244 SystemInfo:

13:17:27.0767 2244

13:17:27.0767 2244 OS Version: 6.1.7601 ServicePack: 1.0

13:17:27.0767 2244 Product type: Workstation

13:17:27.0767 2244 ComputerName: RICH-PC

13:17:27.0767 2244 UserName: rich

13:17:27.0767 2244 Windows directory: C:\Windows

13:17:27.0767 2244 System windows directory: C:\Windows

13:17:27.0767 2244 Processor architecture: Intel x86

13:17:27.0767 2244 Number of processors: 2

13:17:27.0767 2244 Page size: 0x1000

13:17:27.0767 2244 Boot type: Normal boot

13:17:27.0767 2244 ============================================================

13:17:28.0828 2244 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:17:28.0828 2244 \Device\Harddisk0\DR0:

13:17:28.0843 2244 MBR used

13:17:28.0843 2244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x47000, BlocksNum 0x1400000

13:17:28.0843 2244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1447000, BlocksNum 0x23FE7000

13:17:28.0890 2244 Initialize success

13:17:28.0890 2244 ============================================================

13:17:34.0303 3996 ============================================================

13:17:34.0303 3996 Scan started

13:17:34.0303 3996 Mode: Manual;

13:17:34.0303 3996 ============================================================

13:17:36.0441 3996 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

13:17:36.0441 3996 1394ohci - ok

13:17:36.0503 3996 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

13:17:36.0503 3996 ACPI - ok

13:17:36.0550 3996 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

13:17:36.0550 3996 AcpiPmi - ok

13:17:36.0597 3996 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

13:17:36.0612 3996 adp94xx - ok

13:17:36.0643 3996 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

13:17:36.0643 3996 adpahci - ok

13:17:36.0690 3996 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

13:17:36.0690 3996 adpu320 - ok

13:17:36.0737 3996 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

13:17:36.0737 3996 AeLookupSvc - ok

13:17:36.0799 3996 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

13:17:36.0799 3996 AFD - ok

13:17:36.0846 3996 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

13:17:36.0846 3996 agp440 - ok

13:17:36.0893 3996 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

13:17:36.0893 3996 aic78xx - ok

13:17:36.0924 3996 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

13:17:36.0924 3996 ALG - ok

13:17:36.0955 3996 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

13:17:36.0955 3996 aliide - ok

13:17:37.0002 3996 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe

13:17:37.0018 3996 AMD External Events Utility - ok

13:17:37.0049 3996 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

13:17:37.0049 3996 amdagp - ok

13:17:37.0080 3996 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

13:17:37.0080 3996 amdide - ok

13:17:37.0127 3996 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

13:17:37.0127 3996 AmdK8 - ok

13:17:37.0143 3996 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

13:17:37.0158 3996 AmdPPM - ok

13:17:37.0189 3996 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys

13:17:37.0189 3996 amdsata - ok

13:17:37.0221 3996 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

13:17:37.0221 3996 amdsbs - ok

13:17:37.0236 3996 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys

13:17:37.0236 3996 amdxata - ok

13:17:37.0283 3996 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

13:17:37.0299 3996 AppID - ok

13:17:37.0361 3996 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

13:17:37.0361 3996 AppIDSvc - ok

13:17:37.0392 3996 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

13:17:37.0392 3996 Appinfo - ok

13:17:37.0439 3996 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

13:17:37.0455 3996 AppMgmt - ok

13:17:37.0501 3996 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

13:17:37.0501 3996 arc - ok

13:17:37.0533 3996 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

13:17:37.0533 3996 arcsas - ok

13:17:37.0579 3996 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

13:17:37.0579 3996 AsyncMac - ok

13:17:37.0626 3996 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

13:17:37.0626 3996 atapi - ok

13:17:37.0767 3996 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys

13:17:37.0876 3996 atikmdag - ok

13:17:37.0938 3996 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

13:17:37.0954 3996 AudioEndpointBuilder - ok

13:17:37.0969 3996 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

13:17:37.0969 3996 Audiosrv - ok

13:17:38.0016 3996 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

13:17:38.0016 3996 AxInstSV - ok

13:17:38.0079 3996 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

13:17:38.0094 3996 b06bdrv - ok

13:17:38.0141 3996 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

13:17:38.0141 3996 b57nd60x - ok

13:17:38.0235 3996 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys

13:17:38.0266 3996 BCM43XX - ok

13:17:38.0313 3996 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

13:17:38.0313 3996 BDESVC - ok

13:17:38.0328 3996 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

13:17:38.0344 3996 Beep - ok

13:17:38.0391 3996 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

13:17:38.0391 3996 BFE - ok

13:17:38.0437 3996 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll

13:17:38.0453 3996 BITS - ok

13:17:38.0469 3996 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

13:17:38.0469 3996 blbdrive - ok

13:17:38.0515 3996 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

13:17:38.0515 3996 bowser - ok

13:17:38.0531 3996 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:17:38.0531 3996 BrFiltLo - ok

13:17:38.0562 3996 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:17:38.0562 3996 BrFiltUp - ok

13:17:38.0609 3996 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

13:17:38.0609 3996 BridgeMP - ok

13:17:38.0656 3996 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

13:17:38.0656 3996 Browser - ok

13:17:38.0687 3996 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

13:17:38.0687 3996 Brserid - ok

13:17:38.0718 3996 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

13:17:38.0718 3996 BrSerWdm - ok

13:17:38.0734 3996 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:17:38.0734 3996 BrUsbMdm - ok

13:17:38.0765 3996 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

13:17:38.0765 3996 BrUsbSer - ok

13:17:38.0796 3996 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

13:17:38.0796 3996 BTHMODEM - ok

13:17:38.0859 3996 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

13:17:38.0859 3996 bthserv - ok

13:17:38.0952 3996 catchme - ok

13:17:38.0999 3996 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

13:17:38.0999 3996 cdfs - ok

13:17:39.0046 3996 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

13:17:39.0046 3996 cdrom - ok

13:17:39.0093 3996 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

13:17:39.0093 3996 CertPropSvc - ok

13:17:39.0124 3996 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

13:17:39.0124 3996 circlass - ok

13:17:39.0155 3996 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

13:17:39.0155 3996 CLFS - ok

13:17:39.0217 3996 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:17:39.0233 3996 clr_optimization_v2.0.50727_32 - ok

13:17:39.0249 3996 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

13:17:39.0249 3996 CmBatt - ok

13:17:39.0295 3996 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

13:17:39.0311 3996 cmdide - ok

13:17:39.0342 3996 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

13:17:39.0358 3996 CNG - ok

13:17:39.0389 3996 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

13:17:39.0389 3996 Compbatt - ok

13:17:39.0451 3996 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

13:17:39.0451 3996 CompositeBus - ok

13:17:39.0467 3996 COMSysApp - ok

13:17:39.0483 3996 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

13:17:39.0483 3996 crcdisk - ok

13:17:39.0545 3996 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

13:17:39.0545 3996 CryptSvc - ok

13:17:39.0592 3996 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

13:17:39.0592 3996 CSC - ok

13:17:39.0654 3996 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

13:17:39.0654 3996 CscService - ok

13:17:39.0732 3996 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

13:17:39.0732 3996 DcomLaunch - ok

13:17:39.0763 3996 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

13:17:39.0779 3996 defragsvc - ok

13:17:39.0826 3996 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

13:17:39.0826 3996 DfsC - ok

13:17:39.0857 3996 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

13:17:39.0873 3996 Dhcp - ok

13:17:39.0904 3996 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

13:17:39.0904 3996 discache - ok

13:17:39.0935 3996 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

13:17:39.0951 3996 Disk - ok

13:17:39.0982 3996 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

13:17:39.0982 3996 Dnscache - ok

13:17:40.0029 3996 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

13:17:40.0029 3996 dot3svc - ok

13:17:40.0075 3996 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

13:17:40.0075 3996 DPS - ok

13:17:40.0122 3996 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

13:17:40.0138 3996 drmkaud - ok

13:17:40.0185 3996 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

13:17:40.0200 3996 DXGKrnl - ok

13:17:40.0247 3996 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

13:17:40.0247 3996 EapHost - ok

13:17:40.0356 3996 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

13:17:40.0419 3996 ebdrv - ok

13:17:40.0450 3996 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

13:17:40.0450 3996 EFS - ok

13:17:40.0512 3996 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

13:17:40.0528 3996 ehRecvr - ok

13:17:40.0559 3996 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

13:17:40.0575 3996 ehSched - ok

13:17:40.0621 3996 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

13:17:40.0637 3996 elxstor - ok

13:17:40.0668 3996 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

13:17:40.0668 3996 ErrDev - ok

13:17:40.0715 3996 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

13:17:40.0731 3996 EventSystem - ok

13:17:40.0762 3996 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

13:17:40.0762 3996 exfat - ok

13:17:40.0777 3996 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

13:17:40.0793 3996 fastfat - ok

13:17:40.0824 3996 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

13:17:40.0855 3996 Fax - ok

13:17:40.0871 3996 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

13:17:40.0871 3996 fdc - ok

13:17:40.0902 3996 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

13:17:40.0902 3996 fdPHost - ok

13:17:40.0918 3996 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

13:17:40.0918 3996 FDResPub - ok

13:17:40.0949 3996 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

13:17:40.0949 3996 FileInfo - ok

13:17:40.0965 3996 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

13:17:40.0965 3996 Filetrace - ok

13:17:40.0980 3996 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

13:17:40.0996 3996 flpydisk - ok

13:17:41.0027 3996 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

13:17:41.0027 3996 FltMgr - ok

13:17:41.0074 3996 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

13:17:41.0089 3996 FontCache - ok

13:17:41.0183 3996 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:17:41.0183 3996 FontCache3.0.0.0 - ok

13:17:41.0214 3996 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

13:17:41.0214 3996 FsDepends - ok

13:17:41.0245 3996 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

13:17:41.0245 3996 Fs_Rec - ok

13:17:41.0277 3996 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

13:17:41.0292 3996 fvevol - ok

13:17:41.0339 3996 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:17:41.0339 3996 gagp30kx - ok

13:17:41.0386 3996 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

13:17:41.0401 3996 gpsvc - ok

13:17:41.0433 3996 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

13:17:41.0433 3996 hcw85cir - ok

13:17:41.0511 3996 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

13:17:41.0511 3996 HdAudAddService - ok

13:17:41.0557 3996 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

13:17:41.0573 3996 HDAudBus - ok

13:17:41.0589 3996 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

13:17:41.0589 3996 HidBatt - ok

13:17:41.0620 3996 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

13:17:41.0620 3996 HidBth - ok

13:17:41.0667 3996 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

13:17:41.0667 3996 HidIr - ok

13:17:41.0698 3996 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

13:17:41.0698 3996 hidserv - ok

13:17:41.0745 3996 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

13:17:41.0760 3996 HidUsb - ok

13:17:41.0791 3996 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

13:17:41.0791 3996 hkmsvc - ok

13:17:41.0838 3996 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

13:17:41.0838 3996 HomeGroupListener - ok

13:17:41.0885 3996 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

13:17:41.0885 3996 HomeGroupProvider - ok

13:17:41.0932 3996 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

13:17:41.0932 3996 HpSAMD - ok

13:17:41.0994 3996 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

13:17:41.0994 3996 HTTP - ok

13:17:42.0025 3996 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

13:17:42.0025 3996 hwpolicy - ok

13:17:42.0103 3996 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

13:17:42.0103 3996 i8042prt - ok

13:17:42.0150 3996 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys

13:17:42.0166 3996 iaStorV - ok

13:17:42.0259 3996 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:17:42.0291 3996 idsvc - ok

13:17:42.0322 3996 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

13:17:42.0322 3996 iirsp - ok

13:17:42.0400 3996 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

13:17:42.0415 3996 IKEEXT - ok

13:17:42.0462 3996 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

13:17:42.0462 3996 intelide - ok

13:17:42.0493 3996 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

13:17:42.0493 3996 intelppm - ok

13:17:42.0540 3996 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

13:17:42.0540 3996 IPBusEnum - ok

13:17:42.0571 3996 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:17:42.0571 3996 IpFilterDriver - ok

13:17:42.0618 3996 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

13:17:42.0618 3996 iphlpsvc - ok

13:17:42.0665 3996 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

13:17:42.0665 3996 IPMIDRV - ok

13:17:42.0696 3996 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

13:17:42.0696 3996 IPNAT - ok

13:17:42.0727 3996 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

13:17:42.0727 3996 IRENUM - ok

13:17:42.0759 3996 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

13:17:42.0759 3996 isapnp - ok

13:17:42.0805 3996 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

13:17:42.0805 3996 iScsiPrt - ok

13:17:42.0868 3996 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys

13:17:42.0868 3996 k57nd60x - ok

13:17:42.0899 3996 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

13:17:42.0899 3996 kbdclass - ok

13:17:42.0946 3996 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

13:17:42.0946 3996 kbdhid - ok

13:17:42.0993 3996 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:17:42.0993 3996 KeyIso - ok

13:17:43.0024 3996 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

13:17:43.0024 3996 KSecDD - ok

13:17:43.0039 3996 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

13:17:43.0039 3996 KSecPkg - ok

13:17:43.0102 3996 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

13:17:43.0102 3996 KtmRm - ok

13:17:43.0164 3996 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll

13:17:43.0164 3996 LanmanServer - ok

13:17:43.0211 3996 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

13:17:43.0211 3996 LanmanWorkstation - ok

13:17:43.0305 3996 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

13:17:43.0305 3996 lltdio - ok

13:17:43.0336 3996 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

13:17:43.0351 3996 lltdsvc - ok

13:17:43.0383 3996 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

13:17:43.0383 3996 lmhosts - ok

13:17:43.0414 3996 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:17:43.0414 3996 LSI_FC - ok

13:17:43.0445 3996 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:17:43.0445 3996 LSI_SAS - ok

13:17:43.0476 3996 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:17:43.0476 3996 LSI_SAS2 - ok

13:17:43.0507 3996 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:17:43.0507 3996 LSI_SCSI - ok

13:17:43.0539 3996 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

13:17:43.0539 3996 luafv - ok

13:17:43.0617 3996 MAUSBFASTTRACK (862d7bd3be3399670a7e3358ce7e6344) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys

13:17:43.0617 3996 MAUSBFASTTRACK - ok

13:17:43.0663 3996 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

13:17:43.0663 3996 Mcx2Svc - ok

13:17:43.0695 3996 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

13:17:43.0695 3996 megasas - ok

13:17:43.0726 3996 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

13:17:43.0726 3996 MegaSR - ok

13:17:43.0773 3996 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:17:43.0773 3996 MMCSS - ok

13:17:43.0788 3996 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

13:17:43.0788 3996 Modem - ok

13:17:43.0819 3996 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

13:17:43.0819 3996 monitor - ok

13:17:43.0882 3996 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

13:17:43.0882 3996 mouclass - ok

13:17:43.0897 3996 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

13:17:43.0897 3996 mouhid - ok

13:17:43.0944 3996 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

13:17:43.0944 3996 mountmgr - ok

13:17:43.0975 3996 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

13:17:43.0991 3996 mpio - ok

13:17:44.0007 3996 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

13:17:44.0007 3996 mpsdrv - ok

13:17:44.0053 3996 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

13:17:44.0069 3996 MpsSvc - ok

13:17:44.0116 3996 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

13:17:44.0116 3996 MRxDAV - ok

13:17:44.0163 3996 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:17:44.0163 3996 mrxsmb - ok

13:17:44.0209 3996 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:17:44.0209 3996 mrxsmb10 - ok

13:17:44.0241 3996 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:17:44.0241 3996 mrxsmb20 - ok

13:17:44.0272 3996 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

13:17:44.0272 3996 msahci - ok

13:17:44.0319 3996 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

13:17:44.0319 3996 msdsm - ok

13:17:44.0365 3996 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

13:17:44.0365 3996 MSDTC - ok

13:17:44.0412 3996 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

13:17:44.0412 3996 Msfs - ok

13:17:44.0443 3996 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

13:17:44.0443 3996 mshidkmdf - ok

13:17:44.0475 3996 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

13:17:44.0475 3996 msisadrv - ok

13:17:44.0521 3996 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

13:17:44.0521 3996 MSiSCSI - ok

13:17:44.0537 3996 msiserver - ok

13:17:44.0584 3996 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

13:17:44.0584 3996 MSKSSRV - ok

13:17:44.0615 3996 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

13:17:44.0615 3996 MSPCLOCK - ok

13:17:44.0631 3996 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

13:17:44.0631 3996 MSPQM - ok

13:17:44.0662 3996 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

13:17:44.0677 3996 MsRPC - ok

13:17:44.0693 3996 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

13:17:44.0693 3996 mssmbios - ok

13:17:44.0709 3996 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

13:17:44.0724 3996 MSTEE - ok

13:17:44.0740 3996 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

13:17:44.0740 3996 MTConfig - ok

13:17:44.0755 3996 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

13:17:44.0755 3996 Mup - ok

13:17:44.0802 3996 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

13:17:44.0802 3996 napagent - ok

13:17:44.0849 3996 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

13:17:44.0849 3996 NativeWifiP - ok

13:17:44.0896 3996 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

13:17:44.0911 3996 NDIS - ok

13:17:44.0927 3996 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

13:17:44.0943 3996 NdisCap - ok

13:17:44.0958 3996 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

13:17:44.0974 3996 NdisTapi - ok

13:17:45.0005 3996 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

13:17:45.0005 3996 Ndisuio - ok

13:17:45.0036 3996 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

13:17:45.0052 3996 NdisWan - ok

13:17:45.0083 3996 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

13:17:45.0083 3996 NDProxy - ok

13:17:45.0099 3996 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

13:17:45.0114 3996 NetBIOS - ok

13:17:45.0145 3996 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

13:17:45.0145 3996 NetBT - ok

13:17:45.0192 3996 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:17:45.0192 3996 Netlogon - ok

13:17:45.0239 3996 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

13:17:45.0239 3996 Netman - ok

13:17:45.0286 3996 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

13:17:45.0301 3996 netprofm - ok

13:17:45.0395 3996 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:17:45.0395 3996 NetTcpPortSharing - ok

13:17:45.0442 3996 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

13:17:45.0442 3996 nfrd960 - ok

13:17:45.0473 3996 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

13:17:45.0473 3996 NlaSvc - ok

13:17:45.0504 3996 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

13:17:45.0504 3996 Npfs - ok

13:17:45.0535 3996 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

13:17:45.0535 3996 nsi - ok

13:17:45.0567 3996 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

13:17:45.0567 3996 nsiproxy - ok

13:17:45.0629 3996 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys

13:17:45.0660 3996 Ntfs - ok

13:17:45.0676 3996 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

13:17:45.0676 3996 Null - ok

13:17:45.0738 3996 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys

13:17:45.0738 3996 nvraid - ok

13:17:45.0754 3996 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys

13:17:45.0754 3996 nvstor - ok

13:17:45.0785 3996 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

13:17:45.0801 3996 nv_agp - ok

13:17:45.0832 3996 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

13:17:45.0832 3996 ohci1394 - ok

13:17:45.0925 3996 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:17:45.0925 3996 ose - ok

13:17:45.0957 3996 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:17:45.0972 3996 p2pimsvc - ok

13:17:46.0019 3996 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

13:17:46.0019 3996 p2psvc - ok

13:17:46.0050 3996 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

13:17:46.0050 3996 Parport - ok

13:17:46.0081 3996 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

13:17:46.0081 3996 partmgr - ok

13:17:46.0113 3996 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

13:17:46.0113 3996 Parvdm - ok

13:17:46.0144 3996 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

13:17:46.0144 3996 PcaSvc - ok

13:17:46.0175 3996 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

13:17:46.0191 3996 pci - ok

13:17:46.0222 3996 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

13:17:46.0237 3996 pciide - ok

13:17:46.0253 3996 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

13:17:46.0269 3996 pcmcia - ok

13:17:46.0284 3996 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

13:17:46.0284 3996 pcw - ok

13:17:46.0315 3996 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

13:17:46.0331 3996 PEAUTH - ok

13:17:46.0409 3996 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

13:17:46.0440 3996 PeerDistSvc - ok

13:17:46.0518 3996 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

13:17:46.0565 3996 pla - ok

13:17:46.0627 3996 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

13:17:46.0627 3996 PlugPlay - ok

13:17:46.0659 3996 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

13:17:46.0659 3996 PNRPAutoReg - ok

13:17:46.0690 3996 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:17:46.0690 3996 PNRPsvc - ok

13:17:46.0705 3996 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

13:17:46.0721 3996 PolicyAgent - ok

13:17:46.0815 3996 postgresql-9.0 - ok

13:17:46.0861 3996 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

13:17:46.0861 3996 Power - ok

13:17:46.0893 3996 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

13:17:46.0908 3996 PptpMiniport - ok

13:17:46.0939 3996 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

13:17:46.0939 3996 Processor - ok

13:17:46.0971 3996 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

13:17:46.0971 3996 ProfSvc - ok

13:17:47.0017 3996 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:17:47.0017 3996 ProtectedStorage - ok

13:17:47.0064 3996 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

13:17:47.0064 3996 Psched - ok

13:17:47.0111 3996 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

13:17:47.0142 3996 ql2300 - ok

13:17:47.0173 3996 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

13:17:47.0173 3996 ql40xx - ok

13:17:47.0251 3996 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

13:17:47.0251 3996 QWAVE - ok

13:17:47.0267 3996 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

13:17:47.0267 3996 QWAVEdrv - ok

13:17:47.0298 3996 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

13:17:47.0298 3996 RasAcd - ok

13:17:47.0361 3996 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:17:47.0361 3996 RasAgileVpn - ok

13:17:47.0376 3996 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

13:17:47.0376 3996 RasAuto - ok

13:17:47.0407 3996 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:17:47.0407 3996 Rasl2tp - ok

13:17:47.0454 3996 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

13:17:47.0470 3996 RasMan - ok

13:17:47.0501 3996 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

13:17:47.0501 3996 RasPppoe - ok

13:17:47.0517 3996 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

13:17:47.0517 3996 RasSstp - ok

13:17:47.0563 3996 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

13:17:47.0563 3996 rdbss - ok

13:17:47.0579 3996 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

13:17:47.0595 3996 rdpbus - ok

13:17:47.0610 3996 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:17:47.0610 3996 RDPCDD - ok

13:17:47.0641 3996 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

13:17:47.0641 3996 RDPDR - ok

13:17:47.0688 3996 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

13:17:47.0688 3996 RDPENCDD - ok

13:17:47.0704 3996 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

13:17:47.0704 3996 RDPREFMP - ok

13:17:47.0766 3996 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

13:17:47.0766 3996 RdpVideoMiniport - ok

13:17:47.0813 3996 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

13:17:47.0813 3996 RDPWD - ok

13:17:47.0860 3996 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

13:17:47.0860 3996 rdyboost - ok

13:17:47.0907 3996 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

13:17:47.0907 3996 RemoteAccess - ok

13:17:47.0953 3996 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

13:17:47.0953 3996 RemoteRegistry - ok

13:17:47.0969 3996 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

13:17:47.0969 3996 RpcEptMapper - ok

13:17:48.0031 3996 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

13:17:48.0031 3996 RpcLocator - ok

13:17:48.0078 3996 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll

13:17:48.0078 3996 RpcSs - ok

13:17:48.0141 3996 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

13:17:48.0141 3996 rspndr - ok

13:17:48.0172 3996 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

13:17:48.0172 3996 s3cap - ok

13:17:48.0219 3996 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:17:48.0219 3996 SamSs - ok

13:17:48.0250 3996 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

13:17:48.0250 3996 sbp2port - ok

13:17:48.0281 3996 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

13:17:48.0297 3996 SCardSvr - ok

13:17:48.0343 3996 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

13:17:48.0343 3996 scfilter - ok

13:17:48.0406 3996 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

13:17:48.0421 3996 Schedule - ok

13:17:48.0453 3996 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

13:17:48.0453 3996 SCPolicySvc - ok

13:17:48.0499 3996 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

13:17:48.0499 3996 sdbus - ok

13:17:48.0546 3996 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

13:17:48.0546 3996 SDRSVC - ok

13:17:48.0593 3996 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:17:48.0593 3996 secdrv - ok

13:17:48.0624 3996 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

13:17:48.0640 3996 seclogon - ok

13:17:48.0671 3996 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll

13:17:48.0671 3996 SENS - ok

13:17:48.0702 3996 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

13:17:48.0702 3996 SensrSvc - ok

13:17:48.0733 3996 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

13:17:48.0733 3996 Serenum - ok

13:17:48.0749 3996 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

13:17:48.0749 3996 Serial - ok

13:17:48.0796 3996 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

13:17:48.0796 3996 sermouse - ok

13:17:48.0827 3996 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

13:17:48.0827 3996 SessionEnv - ok

13:17:48.0874 3996 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

13:17:48.0874 3996 sffdisk - ok

13:17:48.0905 3996 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

13:17:48.0905 3996 sffp_mmc - ok

13:17:48.0921 3996 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

13:17:48.0921 3996 sffp_sd - ok

13:17:48.0952 3996 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

13:17:48.0952 3996 sfloppy - ok

13:17:48.0999 3996 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

13:17:48.0999 3996 SharedAccess - ok

13:17:49.0045 3996 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

13:17:49.0045 3996 ShellHWDetection - ok

13:17:49.0092 3996 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

13:17:49.0092 3996 sisagp - ok

13:17:49.0123 3996 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:17:49.0123 3996 SiSRaid2 - ok

13:17:49.0139 3996 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

13:17:49.0139 3996 SiSRaid4 - ok

13:17:49.0186 3996 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

13:17:49.0186 3996 Smb - ok

13:17:49.0233 3996 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

13:17:49.0233 3996 SNMPTRAP - ok

13:17:49.0264 3996 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

13:17:49.0279 3996 spldr - ok

13:17:49.0326 3996 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

13:17:49.0357 3996 Spooler - ok

13:17:49.0498 3996 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

13:17:49.0607 3996 sppsvc - ok

13:17:49.0654 3996 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

13:17:49.0654 3996 sppuinotify - ok

13:17:49.0701 3996 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

13:17:49.0716 3996 srv - ok

13:17:49.0732 3996 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

13:17:49.0732 3996 srv2 - ok

13:17:49.0779 3996 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

13:17:49.0794 3996 srvnet - ok

13:17:49.0825 3996 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

13:17:49.0841 3996 SSDPSRV - ok

13:17:49.0857 3996 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

13:17:49.0857 3996 SstpSvc - ok

13:17:49.0903 3996 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

13:17:49.0903 3996 stexstor - ok

13:17:49.0950 3996 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

13:17:49.0981 3996 StiSvc - ok

13:17:50.0013 3996 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

13:17:50.0013 3996 storflt - ok

13:17:50.0044 3996 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

13:17:50.0044 3996 storvsc - ok

13:17:50.0075 3996 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

13:17:50.0075 3996 swenum - ok

13:17:50.0106 3996 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

13:17:50.0122 3996 swprv - ok

13:17:50.0153 3996 Synth3dVsc - ok

13:17:50.0231 3996 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

13:17:50.0262 3996 SysMain - ok

13:17:50.0309 3996 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

13:17:50.0309 3996 TabletInputService - ok

13:17:50.0371 3996 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

13:17:50.0371 3996 TapiSrv - ok

13:17:50.0418 3996 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

13:17:50.0418 3996 TBS - ok

13:17:50.0496 3996 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

13:17:50.0543 3996 Tcpip - ok

13:17:50.0605 3996 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

13:17:50.0621 3996 TCPIP6 - ok

13:17:50.0668 3996 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

13:17:50.0668 3996 tcpipreg - ok

13:17:50.0715 3996 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

13:17:50.0715 3996 TDPIPE - ok

13:17:50.0730 3996 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

13:17:50.0730 3996 TDTCP - ok

13:17:50.0777 3996 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

13:17:50.0777 3996 tdx - ok

13:17:50.0824 3996 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

13:17:50.0824 3996 TermDD - ok

13:17:50.0886 3996 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

13:17:50.0902 3996 TermService - ok

13:17:50.0949 3996 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

13:17:50.0949 3996 Themes - ok

13:17:50.0995 3996 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:17:50.0995 3996 THREADORDER - ok

13:17:51.0027 3996 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

13:17:51.0027 3996 TrkWks - ok

13:17:51.0089 3996 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

13:17:51.0105 3996 TrustedInstaller - ok

13:17:51.0136 3996 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:17:51.0136 3996 tssecsrv - ok

13:17:51.0229 3996 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

13:17:51.0245 3996 TsUsbFlt - ok

13:17:51.0245 3996 tsusbhub - ok

13:17:51.0323 3996 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

13:17:51.0323 3996 tunnel - ok

13:17:51.0370 3996 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

13:17:51.0370 3996 uagp35 - ok

13:17:51.0417 3996 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

13:17:51.0417 3996 udfs - ok

13:17:51.0463 3996 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

13:17:51.0463 3996 UI0Detect - ok

13:17:51.0526 3996 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

13:17:51.0541 3996 uliagpkx - ok

13:17:51.0588 3996 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

13:17:51.0588 3996 umbus - ok

13:17:51.0651 3996 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

13:17:51.0651 3996 UmPass - ok

13:17:51.0697 3996 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

13:17:51.0697 3996 UmRdpService - ok

13:17:51.0760 3996 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

13:17:51.0760 3996 upnphost - ok

13:17:51.0807 3996 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

13:17:51.0807 3996 usbaudio - ok

13:17:51.0853 3996 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

13:17:51.0853 3996 usbccgp - ok

13:17:51.0916 3996 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

13:17:51.0916 3996 usbcir - ok

13:17:51.0947 3996 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

13:17:51.0947 3996 usbehci - ok

13:17:51.0978 3996 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

13:17:51.0994 3996 usbhub - ok

13:17:52.0009 3996 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

13:17:52.0009 3996 usbohci - ok

13:17:52.0056 3996 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

13:17:52.0056 3996 usbprint - ok

13:17:52.0087 3996 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:17:52.0087 3996 USBSTOR - ok

13:17:52.0103 3996 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

13:17:52.0103 3996 usbuhci - ok

13:17:52.0150 3996 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

13:17:52.0165 3996 usbvideo - ok

13:17:52.0197 3996 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

13:17:52.0212 3996 UxSms - ok

13:17:52.0243 3996 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:17:52.0243 3996 VaultSvc - ok

13:17:52.0306 3996 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

13:17:52.0306 3996 vdrvroot - ok

13:17:52.0368 3996 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

13:17:52.0399 3996 vds - ok

13:17:52.0431 3996 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

13:17:52.0431 3996 vga - ok

13:17:52.0462 3996 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

13:17:52.0462 3996 VgaSave - ok

13:17:52.0477 3996 VGPU - ok

13:17:52.0524 3996 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

13:17:52.0540 3996 vhdmp - ok

13:17:52.0587 3996 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

13:17:52.0587 3996 viaagp - ok

13:17:52.0618 3996 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

13:17:52.0618 3996 ViaC7 - ok

13:17:52.0633 3996 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

13:17:52.0633 3996 viaide - ok

13:17:52.0665 3996 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

13:17:52.0680 3996 vmbus - ok

13:17:52.0696 3996 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

13:17:52.0696 3996 VMBusHID - ok

13:17:52.0743 3996 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

13:17:52.0743 3996 volmgr - ok

13:17:52.0758 3996 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

13:17:52.0774 3996 volmgrx - ok

13:17:52.0789 3996 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

13:17:52.0789 3996 volsnap - ok

13:17:52.0821 3996 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

13:17:52.0836 3996 vsmraid - ok

13:17:52.0883 3996 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

13:17:52.0930 3996 VSS - ok

13:17:52.0945 3996 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

13:17:52.0945 3996 vwifibus - ok

13:17:52.0961 3996 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

13:17:52.0977 3996 vwififlt - ok

13:17:53.0008 3996 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

13:17:53.0008 3996 vwifimp - ok

13:17:53.0055 3996 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

13:17:53.0070 3996 W32Time - ok

13:17:53.0086 3996 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

13:17:53.0086 3996 WacomPen - ok

13:17:53.0133 3996 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:17:53.0133 3996 WANARP - ok

13:17:53.0148 3996 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:17:53.0148 3996 Wanarpv6 - ok

13:17:53.0257 3996 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

13:17:53.0304 3996 WatAdminSvc - ok

13:17:53.0367 3996 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

13:17:53.0413 3996 wbengine - ok

13:17:53.0460 3996 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

13:17:53.0476 3996 WbioSrvc - ok

13:17:53.0507 3996 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

13:17:53.0523 3996 wcncsvc - ok

13:17:53.0554 3996 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

13:17:53.0569 3996 WcsPlugInService - ok

13:17:53.0601 3996 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

13:17:53.0601 3996 Wd - ok

13:17:53.0632 3996 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:17:53.0647 3996 Wdf01000 - ok

13:17:53.0663 3996 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:17:53.0663 3996 WdiServiceHost - ok

13:17:53.0679 3996 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:17:53.0679 3996 WdiSystemHost - ok

13:17:53.0710 3996 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

13:17:53.0725 3996 WebClient - ok

13:17:53.0741 3996 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

13:17:53.0741 3996 Wecsvc - ok

13:17:53.0772 3996 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

13:17:53.0772 3996 wercplsupport - ok

13:17:53.0803 3996 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

13:17:53.0803 3996 WerSvc - ok

13:17:53.0866 3996 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

13:17:53.0866 3996 WfpLwf - ok

13:17:53.0881 3996 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

13:17:53.0897 3996 WIMMount - ok

13:17:54.0006 3996 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

13:17:54.0037 3996 WinDefend - ok

13:17:54.0037 3996 WinHttpAutoProxySvc - ok

13:17:54.0115 3996 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

13:17:54.0115 3996 Winmgmt - ok

13:17:54.0193 3996 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

13:17:54.0240 3996 WinRM - ok

13:17:54.0303 3996 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

13:17:54.0334 3996 Wlansvc - ok

13:17:54.0381 3996 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

13:17:54.0381 3996 WmiAcpi - ok

13:17:54.0459 3996 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

13:17:54.0459 3996 wmiApSrv - ok

13:17:54.0568 3996 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:17:54.0615 3996 WMPNetworkSvc - ok

13:17:54.0646 3996 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

13:17:54.0661 3996 WPCSvc - ok

13:17:54.0708 3996 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

13:17:54.0708 3996 WPDBusEnum - ok

13:17:54.0755 3996 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

13:17:54.0755 3996 ws2ifsl - ok

13:17:54.0786 3996 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll

13:17:54.0786 3996 wscsvc - ok

13:17:54.0802 3996 WSearch - ok

13:17:54.0895 3996 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

13:17:54.0958 3996 wuauserv - ok

13:17:54.0989 3996 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

13:17:55.0005 3996 WudfPf - ok

13:17:55.0036 3996 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:17:55.0036 3996 WUDFRd - ok

13:17:55.0098 3996 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

13:17:55.0098 3996 wudfsvc - ok

13:17:55.0145 3996 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

13:17:55.0161 3996 WwanSvc - ok

13:17:55.0192 3996 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:17:55.0254 3996 \Device\Harddisk0\DR0 - ok

13:17:55.0270 3996 Boot (0x1200) (7ef4f5ffa007777457f9170bf81cc197) \Device\Harddisk0\DR0\Partition0

13:17:55.0270 3996 \Device\Harddisk0\DR0\Partition0 - ok

13:17:55.0285 3996 Boot (0x1200) (d1f645201fcabad361e29e5c1fb9b7e2) \Device\Harddisk0\DR0\Partition1

13:17:55.0285 3996 \Device\Harddisk0\DR0\Partition1 - ok

13:17:55.0285 3996 ============================================================

13:17:55.0285 3996 Scan finished

13:17:55.0285 3996 ============================================================

13:17:55.0363 3220 Detected object count: 0

13:17:55.0363 3220 Actual detected object count: 0

13:18:07.0360 2200 Deinitialize success

Share this post


Link to post
Share on other sites

Appears also clean.

Please download aswMBR.exe and save it to your desktop.

  • Double click aswMBR.exe to start the tool.
    Vista/Windows 7 users: Right click to "Run as Administrator
  • The tool may ask you
    This application can use AVAST! Free Antivirus to scanning
    Would you like to download latest AVAST! virus definitions ?
    Please click Yes ( The download could take some time )
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Share this post


Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-05 10:36:45

-----------------------------

10:36:45.977 OS Version: Windows 6.1.7601 Service Pack 1

10:36:45.977 Number of processors: 2 586 0xF0D

10:36:45.977 ComputerName: RICH-PC UserName: rich

10:36:48.177 Initialize success

10:38:54.373 AVAST engine defs: 12040500

10:39:12.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

10:39:12.453 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11

10:39:12.516 Disk 0 MBR read successfully

10:39:12.531 Disk 0 MBR scan

10:39:12.531 Disk 0 Windows 7 default MBR code

10:39:12.609 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 141 MB offset 63

10:39:12.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 290816

10:39:12.874 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294862 MB offset 21262336

10:39:13.046 Disk 0 scanning sectors +625139712

10:39:13.186 Disk 0 scanning C:\Windows\system32\drivers

10:41:35.677 Service scanning

10:41:54.257 Modules scanning

10:45:52.204 Disk 0 trace - called modules:

10:45:52.344 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys

10:45:52.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d8f7b8]

10:45:52.391 3 CLASSPNP.SYS[8afd659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85c7a030]

10:45:55.199 AVAST engine scan C:\Windows

10:51:43.501 AVAST engine scan C:\Windows\system32

11:30:49.585 AVAST engine scan C:\Windows\system32\drivers

11:33:24.668 AVAST engine scan C:\Users\rich

12:10:32.360 File: C:\Users\rich\AppData\Roaming\Cakewalk\Cakewalk\ivzucplz.dll **INFECTED** Win32:Malware-gen

12:29:12.059 File: C:\Users\rich\AppData\Roaming\Media Center Programs\Media Center Programs\ezbdzgg.dll **INFECTED** Win32:Rootkit-gen [Rtk]

13:10:05.003 AVAST engine scan C:\ProgramData

13:36:57.621 Scan finished successfully

13:38:47.876 Disk 0 MBR has been saved successfully to "C:\Users\rich\Desktop\MBR.dat"

13:38:47.885 The log file has been saved successfully to "C:\Users\rich\Desktop\aswMBR.txt"

MBR.zip

Share this post


Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Share this post


Link to post
Share on other sites

ComboFix 12-04-05.06 - rich 04/05/2012 15:57:52.5.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.1765 [GMT -5:00]

Running from: c:\users\rich\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))

.

.

2012-04-05 21:03 . 2012-04-05 21:03 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-04-05 21:03 . 2012-04-05 21:03 -------- d-----w- c:\users\postgres\AppData\Local\temp

2012-04-05 21:03 . 2012-04-05 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-03 15:43 . 2012-04-03 15:43 -------- d-----w- c:\users\rich\AppData\Local\Diagnostics

2012-04-03 15:27 . 2012-04-03 15:27 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-30 23:33 . 2012-04-05 21:03 -------- d-----w- c:\users\rich\AppData\Local\temp

2012-03-14 18:23 . 2012-03-14 18:23 -------- d-----w- c:\program files\M-Audio

2012-03-11 00:15 . 2012-03-11 00:15 -------- d-----w- c:\windows\system32\bassmididrv

2012-03-10 22:39 . 2012-03-10 22:39 -------- d-----w- c:\users\rich\TruePianos Settings

2012-03-10 22:39 . 2012-03-30 22:55 -------- d-----w- c:\users\rich\AppData\Roaming\Cakewalk

2012-03-10 22:35 . 2012-03-10 22:36 -------- d-----w- c:\program files\Common Files\Native Instruments

2012-03-10 22:35 . 2012-03-10 22:35 -------- d-----w- c:\program files\Common Files\Digidesign

2012-03-10 22:34 . 2012-03-10 22:35 -------- d-----w- c:\program files\Native Instruments

2012-03-10 22:27 . 2006-11-30 21:49 368640 ----a-w- c:\windows\system32\ReWire.dll

2012-03-10 22:27 . 2006-02-24 16:00 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-03-10 22:27 . 2006-02-24 16:00 487424 ----a-w- c:\windows\system32\msvcp70.dll

2012-03-10 22:27 . 2006-02-24 16:00 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-03-10 22:27 . 2006-02-24 16:00 344064 ----a-w- c:\windows\system32\msvcr70.dll

2012-03-10 22:27 . 2006-02-24 16:00 1047552 ----a-w- c:\windows\system32\mfc71u.dll

2012-03-10 22:27 . 2006-02-24 16:00 1060864 ----a-w- c:\windows\system32\mfc71.dll

2012-03-10 22:26 . 2012-03-16 18:36 -------- d-----w- C:\Cakewalk Projects

2012-03-10 22:26 . 2012-03-10 22:33 -------- d-----w- c:\programdata\Cakewalk

2012-03-10 22:26 . 2012-03-10 22:33 -------- d-----w- c:\program files\Cakewalk

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-14 16:26 . 2011-05-16 02:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]

"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 644104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 158344]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]

S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 91556802

*NewlyCreated* - ASWMBR

*Deregistered* - 91556802

*Deregistered* - aswMBR

*Deregistered* - pxldrpow

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.0]

"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.0]

"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-05 16:04:33

ComboFix-quarantined-files.txt 2012-04-05 21:04

ComboFix2.txt 2012-04-03 15:38

ComboFix3.txt 2011-08-22 16:32

ComboFix4.txt 2011-08-21 14:53

.

Pre-Run: 233,308,356,608 bytes free

Post-Run: 233,373,519,872 bytes free

.

- - End Of File - - 1BC23575C4345C52CC89180C209DB690

Share this post


Link to post
Share on other sites

Hy there.

The logfiles appears clean. So let me find out a few details first.

Does the redirections appears with both Browsers ? IE and/or FF

Do you notice any other issues, like a slow startup .....

Do you have an USB stick handy or are you able to burn a CD ?

Share this post


Link to post
Share on other sites

Thank you.

Download OTL to your Desktop.

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Share this post


Link to post
Share on other sites

It only created the OTL.txt. There wasn't an Extras.txt. Here's the one it did make.

OTL logfile created on: 4/8/2012 9:26:20 AM - Run 2

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\rich\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 79.82% Memory free

5.99 Gb Paging File | 5.33 Gb Available in Paging File | 88.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 287.95 Gb Total Space | 217.55 Gb Free Space | 75.55% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.35 Gb Free Space | 53.48% Space Free | Partition Type: NTFS

Computer Name: RICH-PC | User Name: rich | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/08 09:25:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\rich\Desktop\OTL.exe

PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/03/22 13:10:37 | 000,094,720 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe

PRC - [2011/03/22 13:09:59 | 004,913,152 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\9.0\bin\postgres.exe

PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/12/07 16:08:32 | 000,644,104 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe

PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/08/18 05:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2011/03/22 13:10:37 | 000,094,720 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-9.0)

SRV - [2010/11/20 10:51:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/08/18 05:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\rich\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2010/12/07 16:08:18 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)

DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2009/08/18 06:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 70 EB D6 7C 88 CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 8D 87 63 0E D9 0A 74 4E AD EF 61 F3 47 7C 9F 33 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/15 21:03:57 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/26 10:40:46 | 000,000,000 | ---D | M]

[2011/05/15 21:04:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rich\AppData\Roaming\Mozilla\Extensions

[2012/03/30 17:55:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\extensions

[2011/06/11 19:04:43 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\kvtcmbdk.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

[2011/11/28 22:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/08/22 21:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}

[2011/11/28 22:16:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\ZUFOGUHMWK@ZUFOGUHMWK.ORG.XPI

[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/03 03:53:41 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/03/22 13:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/03/30 18:31:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)

O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{855A61B4-F3AB-4273-AA7C-3A9801B994B6}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96E1D7E3-0FF9-4000-AC2A-8104715BC0B7}: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 09:25:11 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\rich\Desktop\OTL.exe

[2012/04/05 16:04:35 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/04/05 16:03:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/04/05 10:36:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\rich\Desktop\aswMBR.exe

[2012/04/04 13:17:17 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\rich\Desktop\tdsskiller.exe

[2012/04/03 10:43:40 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Local\Diagnostics

[2012/04/03 10:29:42 | 004,449,976 | R--- | C] (Swearware) -- C:\Users\rich\Desktop\ComboFix.exe

[2012/04/03 10:27:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/03/30 18:33:07 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Local\temp

[2012/03/30 18:22:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/03/30 18:22:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/03/30 18:22:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/03/14 13:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio

[2012/03/14 13:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio

[2012/03/10 19:15:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\bassmididrv

[2012/03/10 19:15:01 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BASSMIDI System Synth

[2012/03/10 17:39:58 | 000,000,000 | ---D | C] -- C:\Users\rich\TruePianos Settings

[2012/03/10 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\rich\Documents\Cakewalk

[2012/03/10 17:39:31 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Roaming\Cakewalk

[2012/03/10 17:37:13 | 000,000,000 | ---D | C] -- C:\Users\rich\Documents\Native Instruments

[2012/03/10 17:35:22 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments

[2012/03/10 17:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments

[2012/03/10 17:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments

[2012/03/10 17:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign

[2012/03/10 17:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments

[2012/03/10 17:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities

[2012/03/10 17:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk

[2012/03/10 17:27:21 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll

[2012/03/10 17:26:45 | 000,000,000 | ---D | C] -- C:\Cakewalk Projects

[2012/03/10 17:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Cakewalk

[2012/03/10 17:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk

========== Files - Modified Within 30 Days ==========

[2012/04/08 09:25:13 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\rich\Desktop\OTL.exe

[2012/04/08 09:19:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/07 08:01:08 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/07 08:01:08 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/05 16:09:50 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/05 16:09:50 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/05 16:05:30 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/05 15:56:21 | 004,449,976 | R--- | M] (Swearware) -- C:\Users\rich\Desktop\ComboFix.exe

[2012/04/05 13:39:31 | 000,000,567 | ---- | M] () -- C:\Users\rich\Desktop\MBR.zip

[2012/04/05 13:38:47 | 000,000,512 | ---- | M] () -- C:\Users\rich\Desktop\MBR.dat

[2012/04/05 10:36:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\rich\Desktop\aswMBR.exe

[2012/04/04 13:17:18 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\rich\Desktop\tdsskiller.exe

[2012/04/03 13:15:57 | 000,302,592 | ---- | M] () -- C:\Users\rich\Desktop\gmer.exe

[2012/03/30 18:31:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/03/16 13:34:24 | 269,658,397 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/03/14 13:24:50 | 000,291,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/03/10 19:22:41 | 000,000,047 | ---- | M] () -- C:\Windows\bassmidi.sflist

[2012/03/10 19:15:01 | 000,068,068 | ---- | M] () -- C:\Windows\System32\bassmididrvuninstall.exe

[2012/03/10 17:33:48 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\SONAR 8 Producer Edition.lnk

========== Files Created - No Company Name ==========

[2012/04/05 13:39:31 | 000,000,567 | ---- | C] () -- C:\Users\rich\Desktop\MBR.zip

[2012/04/05 13:38:47 | 000,000,512 | ---- | C] () -- C:\Users\rich\Desktop\MBR.dat

[2012/04/03 13:17:02 | 000,302,592 | ---- | C] () -- C:\Users\rich\Desktop\gmer.exe

[2012/03/30 18:22:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/03/30 18:22:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/03/30 18:22:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/03/30 18:22:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/03/30 18:22:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/03/10 19:22:41 | 000,000,047 | ---- | C] () -- C:\Windows\bassmidi.sflist

[2012/03/10 19:15:01 | 000,068,068 | ---- | C] () -- C:\Windows\System32\bassmididrvuninstall.exe

[2012/03/10 17:33:48 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\SONAR 8 Producer Edition.lnk

[2011/07/27 23:45:00 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011/07/27 23:43:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/07/26 22:30:12 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011/06/24 11:31:49 | 000,000,024 | ---- | C] () -- C:\ProgramData\1cba34b0

[2011/05/15 21:04:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/04/03 11:46:28 | 000,011,936 | -HS- | C] () -- C:\Users\rich\AppData\Local\704g2smt3les0vhg27bh254kl6878srlwy60

[2011/04/03 11:46:28 | 000,011,936 | -HS- | C] () -- C:\ProgramData\704g2smt3les0vhg27bh254kl6878srlwy60

[2011/04/03 11:36:46 | 000,000,120 | ---- | C] () -- C:\Users\rich\AppData\Local\Btemutejefifino.dat

[2011/04/03 11:36:46 | 000,000,000 | ---- | C] () -- C:\Users\rich\AppData\Local\Vsuqu.bin

[2010/11/20 01:09:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/08/29 15:15:21 | 000,000,792 | ---- | C] () -- C:\Windows\System32\RTSLCS.dll

========== LOP Check ==========

[2011/08/22 22:46:32 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\794570693DE38B612A5551A88025B00F

[2010/11/21 11:40:31 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Absolute Poker

[2012/03/30 17:55:07 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Cakewalk

[2011/05/31 23:27:27 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\MakeMusic

[2011/05/26 14:16:17 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Mp3tag

[2011/04/09 07:53:54 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\postgresql

[2011/06/29 14:15:22 | 000,030,410 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2012/04/05 16:03:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2011/08/21 16:51:31 | 000,000,000 | ---D | M] -- C:\Boot

[2012/03/16 13:36:22 | 000,000,000 | ---D | M] -- C:\Cakewalk Projects

[2008/10/03 17:03:59 | 000,000,000 | ---D | M] -- C:\DELL

[2011/01/02 13:18:04 | 000,000,000 | ---D | M] -- C:\derby-10.7.1.1

[2008/09/17 18:46:38 | 000,000,000 | ---D | M] -- C:\doctemp

[2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2008/03/11 05:47:38 | 000,000,000 | ---D | M] -- C:\Drivers

[2011/05/12 22:09:30 | 000,000,000 | ---D | M] -- C:\eclipse

[2009/01/24 14:29:53 | 000,000,000 | ---D | M] -- C:\emacs

[2011/03/24 08:18:29 | 000,000,000 | ---D | M] -- C:\glassfish3

[2011/05/26 15:10:38 | 000,000,000 | ---D | M] -- C:\home

[2010/01/07 20:07:46 | 000,000,000 | R--D | M] -- C:\MSOCache

[2009/07/13 21:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2008/10/24 22:04:10 | 000,000,000 | ---D | M] -- C:\Poker Application

[2012/03/14 13:23:27 | 000,000,000 | R--D | M] -- C:\Program Files

[2012/03/10 17:34:11 | 000,000,000 | ---D | M] -- C:\ProgramData

[2011/05/31 23:26:33 | 000,000,000 | ---D | M] -- C:\PSFONTS

[2012/04/05 16:04:35 | 000,000,000 | ---D | M] -- C:\Qoobox

[2010/11/20 01:25:30 | 000,000,000 | ---D | M] -- C:\Recovery

[2012/04/08 09:27:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012/04/03 10:27:18 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine

[2011/04/08 23:25:38 | 000,000,000 | R--D | M] -- C:\Users

[2012/04/05 16:04:35 | 000,000,000 | ---D | M] -- C:\Windows

[2010/11/20 00:55:56 | 000,000,000 | ---D | M] -- C:\Windows.old

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: EXPLORER.EXE >

[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2010/08/29 15:05:59 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\explorer.exe

[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2010/08/29 15:03:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2010/08/29 15:03:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2010/08/29 15:05:59 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >

[2008/01/20 21:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows.old\Windows\regedit.exe

[2008/01/20 21:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe

[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe

[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009/07/13 20:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

< MD5 for: USERINIT.EXE >

[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe

[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >

[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\System32\wininit.exe

[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe

[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2010/08/29 15:05:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010/08/29 15:05:58 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe

[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\System32\winlogon.exe

[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-08 16:45:54

< End of report >

Share this post


Link to post
Share on other sites

No Problem.

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Custom.jpg Box:

:otl
() (No name found) -- C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\ZUFOGUHMWK@ZUFOGUHMWK.ORG.XPI
:commands
[emptytemp]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

I see no evidence of an AntiVirus program on your system. This must be resolved. Connecting to the Internet without antivirus protection is a "Welcome" doormat for malware.

Here are a few very good free Antivirus products which are available:

Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Install, update definitions, and run a full system scan with the Anti-Virus of your choice.

I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Let me know if the redirections are still present

Share this post


Link to post
Share on other sites

Used Avaste. Might try the MS one. The redirect is still there, though the behavior is a little different. After right clicking on a link and having it change to a numbered address, once I move off the link then the redirect is gone. IE still changes things to google URLs. Is that normal?

All processes killed

========== OTL ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56502 bytes

User: Public

->Temp folder emptied: 0 bytes

User: rich

->Temp folder emptied: 3459 bytes

->Temporary Internet Files folder emptied: 38999458 bytes

->Java cache emptied: 157625 bytes

->FireFox cache emptied: 168728331 bytes

->Flash cache emptied: 55153 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 198.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04082012_164646

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Hm. Looks like the Script wont work.

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Custom.jpg Box:

:files
C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\ZUFOGUHMWK@ZUFOGUHMWK.ORG.XPI
:commands
[reboot]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Share this post


Link to post
Share on other sites

Seems to have worked. Now everything redirects to the "http://www.google.com?url" addresses. The numbered addresses aren't coming up anymore.

========== FILES ==========

C:\USERS\RICH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KVTCMBDK.DEFAULT\EXTENSIONS\zufoguhmwk@zufoguhmwk.org.xpi moved successfully.

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.39.2 log created on 04092012_120802

Share this post


Link to post
Share on other sites

Hy there. Could you give me a little bit more details ? I am not sure what you mean with "redirects me to" ...

What happens, when you look for something in google and then clicking on the link ?

Share this post


Link to post
Share on other sites

If I search for "malwarebytes", the actual address that is shown in the results is www.malwarebytes.org, but if I right click and select Copy Link Location, it gives this,

http://www.google.com/url?sa=t&rct=j&q=malwarebytes&source=web&cd=1&sqi=2&ved=0CEIQFjAA&url=http%3A%2F%2Fwww.malwarebytes.org%2F&ei=JiKDT9zJCoXS2AXct_n7Bw&usg=AFQjCNF1rUbMKiFgRseh32Zb1S3MP3pO3w&cad=rja

Share this post


Link to post
Share on other sites

It does end up taking me to the right address if I follow the link.

Share this post


Link to post
Share on other sites

Does this happen with IE and FF ?

Share this post


Link to post
Share on other sites

From poking around online, it looks like the redirect to "goole.com/url" type addresses is google doing some annoying usage tracking stuff.

Share this post


Link to post
Share on other sites

Good research. :)

I also think this is the reason for. Odd is, that it does not appear on "my" google. Maybe because I am from Austria but also read something about this in German for "logged in" users.

I tried to log out and in, no changes at all.

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Custom.jpg Box:

:otl
[2011/04/03 11:46:28 | 000,011,936 | -HS- | C] () -- C:\Users\rich\AppData\Local\704g2smt3les0vhg27bh254kl6878srlwy60
[2011/04/03 11:46:28 | 000,011,936 | -HS- | C] () -- C:\ProgramData\704g2smt3les0vhg27bh254kl6878srlwy60
[2011/04/03 11:36:46 | 000,000,120 | ---- | C] () -- C:\Users\rich\AppData\Local\Btemutejefifino.dat
[2011/04/03 11:36:46 | 000,000,000 | ---- | C] () -- C:\Users\rich\AppData\Local\Vsuqu.bin
:files
dir /s /a /b "C:\ProgramData\1cba34b0" /c
:commands
[reboot]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Go here to run an online scanner from ESET.

  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Start
  • Wait for the scan to finish

  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name.
  • Push the Back button.
  • Push Finish

Please post this logfile in your next reply

Share this post


Link to post
Share on other sites

========== OTL ==========

C:\Users\rich\AppData\Local\704g2smt3les0vhg27bh254kl6878srlwy60 moved successfully.

C:\ProgramData\704g2smt3les0vhg27bh254kl6878srlwy60 moved successfully.

C:\Users\rich\AppData\Local\Btemutejefifino.dat moved successfully.

C:\Users\rich\AppData\Local\Vsuqu.bin moved successfully.

========== FILES ==========

< dir /s /a /b "C:\ProgramData\1cba34b0" /c >

C:\ProgramData\1cba34b0

C:\Users\rich\Desktop\cmd.bat deleted successfully.

C:\Users\rich\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

OTL by OldTimer - Version 3.2.39.2 log created on 04102012_111032

C:\TDSSKiller_Quarantine\03.04.2012_10.26.30\tdlfs0000\tsk0003.dta a variant of Win32/Olmarik.AOV trojan

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.