Panster

Hello, I'm afraid that is something we cannot risk, the server that the email account is hosted on also contains our clients websites and emails as well. We have a web development company, and the possibility of exposing our clients web, personal, or financial information is something we cannot do. If there is no other way to figure out if the infection is solved, we will wipe the laptop. And I apologize if I have wasted your time in this. Pan

Hello, Here are the results of the FRST fix using the fixlist.txt you provided: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-06-2012 02 Ran by SYSTEM at 2012-06-11 13:23:11 Run:1 Running from H:\ ============================================== C:\Program Files (x86)\BabylonToolbar moved successfully. C:\Program Files (x86)\Ask.com moved successfully. ==== End of Fixlog ====

Hello, Here are the results of the FRST log produced by the FRST64 scan. Scan result of Farbar Recovery Scan Tool Version: 08-06-2012 02 Ran by SYSTEM at 08-06-2012 15:07:21 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated) HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.) HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation) HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation) HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation) HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation) HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.) HKLM-x32\...\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-17] (CyberLink Corp.) HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [320056 2009-06-24] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [1043968 2011-03-17] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-07-15] (Hewlett-Packard) HKU\JWB\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-06-17] (Hewlett-Packard Company) Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation) Tcpip\..\Interfaces\{7B5D90F8-DB72-4ADD-AD43-C9F3D991AA80}: [NameServer]75.75.75.75 Startup: C:\Users\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com) ==================== Services (Whitelisted) ====== 2 ADVService; "C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe" [25704 2011-11-23] (Amazon.com) 2 BBUpdate; "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [249648 2011-06-15] (Microsoft Corporation) 2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152688 2012-05-13] (Lavasoft Limited) 2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] () 2 vsmon; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -service [2435592 2011-03-17] (Check Point Software Technologies LTD) ========================== Drivers (Whitelisted) ============= 3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [138752 2009-05-26] (Intel® Corporation) 3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-11-06] () 0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69376 2011-11-03] (Lavasoft AB) 3 Point64; C:\Windows\System32\Drivers\Point64.sys [45416 2011-08-01] (Microsoft Corporation) 3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [216064 2009-06-04] (Realtek Semiconductor Corp.) 1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [458840 2010-05-15] (Check Point Software Technologies LTD) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x] 3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-06-08 15:07 - 2012-06-08 15:07 - 00000000 ____D C:\FRST 2012-06-08 08:53 - 2012-06-08 08:53 - 00001735 ____A C:\Users\JWB\Desktop\aswMBR.txt 2012-06-08 08:53 - 2012-06-08 08:53 - 00000512 ____A C:\Users\JWB\Desktop\MBR.dat 2012-06-07 20:25 - 2012-06-07 20:25 - 00061307 ____A C:\Users\JWB\Desktop\New Text Document.txt 2012-06-07 20:23 - 2012-06-07 20:25 - 00122698 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_23.23.52_log.txt 2012-06-07 16:36 - 2012-06-07 16:35 - 04731392 ____A (AVAST Software) C:\Users\JWB\Desktop\aswMBR.exe 2012-06-07 16:36 - 2012-06-07 16:35 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\JWB\Desktop\tdsskiller.exe 2012-06-06 20:00 - 2012-06-06 20:00 - 00000000 __SHD C:\$RECYCLE.BIN 2012-06-05 07:31 - 2012-06-05 07:31 - 00019726 ____A C:\ComboFix.txt 2012-06-05 07:21 - 2012-06-05 07:31 - 00000000 ____D C:\ComboFix 2012-05-30 10:38 - 2012-05-30 10:38 - 00000000 ____D C:\_OTL 2012-05-30 09:55 - 2012-05-30 09:55 - 00083836 ____A C:\Users\JWB\Desktop\Extras.Txt 2012-05-30 09:55 - 2012-05-30 09:55 - 00057716 ____A C:\Users\JWB\Desktop\OTL.Txt 2012-05-30 09:47 - 2012-05-30 09:28 - 00595968 ____A (OldTimer Tools) C:\Users\JWB\Desktop\OTL.exe 2012-05-29 19:14 - 2012-06-05 07:31 - 00000000 ____D C:\Qoobox 2012-05-29 19:14 - 2012-05-29 19:35 - 00000000 ____D C:\Windows\ERDNT 2012-05-29 19:14 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-05-29 19:14 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-05-29 19:14 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-05-29 19:14 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-05-29 19:14 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-05-29 19:14 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-05-29 19:14 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-05-29 19:14 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-05-29 19:07 - 2012-05-29 18:55 - 04530590 ____R (Swearware) C:\Users\JWB\Desktop\ComboFix.exe 2012-05-29 19:07 - 2012-05-29 18:55 - 00853862 ____A C:\Users\JWB\Desktop\SecurityCheck.exe 2012-05-27 14:20 - 2012-05-27 14:10 - 00607260 ____R (Swearware) C:\Users\JWB\Desktop\dds.scr 2012-05-27 11:48 - 2012-05-27 11:48 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-05-27 11:48 - 2012-05-19 18:01 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\JWB\Desktop\mbam-setup-1.61.0.1400.exe 2012-05-27 11:48 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-05-27 06:22 - 2012-05-27 06:22 - 234304633 ____A C:\Windows\MEMORY.DMP 2012-05-27 06:22 - 2012-05-27 06:22 - 00274872 ____A C:\Windows\Minidump\052712-17503-01.dmp 2012-05-27 06:22 - 2012-05-27 06:22 - 00000000 ____D C:\Windows\Minidump 2012-05-19 18:21 - 2012-05-27 11:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-19 18:21 - 2012-05-19 18:21 - 00000000 ____D C:\Users\JWB\AppData\Roaming\Malwarebytes 2012-05-19 18:21 - 2012-05-19 18:21 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-05-17 19:18 - 2012-05-27 09:20 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection 2012-05-17 19:18 - 2012-05-17 19:18 - 00000012 ____A C:\Users\JWB\Downloads\FSSC.dat 2012-05-17 19:18 - 2012-05-17 19:18 - 00000000 ____D C:\Users\JWB\AppData\Local\adaware 2012-05-17 19:17 - 2012-05-27 09:20 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2012-05-17 19:16 - 2012-05-17 19:21 - 00000000 ____D C:\Users\JWB\AppData\Roaming\Ad-Aware Antivirus 2012-05-10 18:45 - 2012-03-16 23:55 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-05-10 18:45 - 2012-03-02 22:29 - 01837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2012-05-10 18:45 - 2012-03-02 22:29 - 01541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2012-05-10 18:45 - 2012-03-02 22:29 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2012-05-10 18:45 - 2012-03-02 22:29 - 00320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2012-05-10 18:45 - 2012-03-02 22:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2012-05-10 18:45 - 2012-03-02 21:40 - 01170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2012-05-10 18:45 - 2012-03-02 21:40 - 01074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2012-05-10 18:45 - 2012-03-02 21:40 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2012-05-10 18:45 - 2012-03-02 21:40 - 00218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2012-05-10 18:45 - 2012-03-02 21:40 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2012-05-10 18:44 - 2012-04-01 21:34 - 05504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-10 18:44 - 2012-04-01 20:46 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-10 18:44 - 2012-04-01 20:46 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-10 18:44 - 2012-04-01 19:01 - 03143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-05-10 18:44 - 2012-03-30 03:09 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys ============ 3 Months Modified Files and Folders ============= 2012-06-08 12:04 - 2011-11-06 13:04 - 00000000 ____D C:\Windows\Internet Logs 2012-06-08 12:04 - 2011-11-05 22:45 - 00000290 ____A C:\Users\All Users\hpqp.ini 2012-06-08 12:04 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2012-06-08 12:03 - 2012-04-13 13:21 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-06-08 12:03 - 2011-11-06 15:10 - 00033301 ____A C:\Windows\setupact.log 2012-06-08 12:03 - 2011-11-05 22:39 - 01370311 ____A C:\Windows\WindowsUpdate.log 2012-06-08 12:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-06-08 12:02 - 2012-04-13 13:21 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-06-08 08:54 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-06-08 08:54 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-06-08 08:53 - 2012-06-08 08:53 - 00001735 ____A C:\Users\JWB\Desktop\aswMBR.txt 2012-06-08 08:53 - 2012-06-08 08:53 - 00000512 ____A C:\Users\JWB\Desktop\MBR.dat 2012-06-07 20:25 - 2012-06-07 20:25 - 00061307 ____A C:\Users\JWB\Desktop\New Text Document.txt 2012-06-07 20:25 - 2012-06-07 20:23 - 00122698 ____A C:\TDSSKiller.2.7.36.0_07.06.2012_23.23.52_log.txt 2012-06-07 16:35 - 2012-06-07 16:36 - 04731392 ____A (AVAST Software) C:\Users\JWB\Desktop\aswMBR.exe 2012-06-07 16:35 - 2012-06-07 16:36 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\JWB\Desktop\tdsskiller.exe 2012-06-06 20:08 - 2011-11-08 16:36 - 00000000 ____D C:\Users\JWB\AppData\Roaming\Spotify 2012-06-06 20:00 - 2012-06-06 20:00 - 00000000 __SHD C:\$RECYCLE.BIN 2012-06-05 07:31 - 2012-06-05 07:31 - 00019726 ____A C:\ComboFix.txt 2012-06-05 07:31 - 2012-06-05 07:21 - 00000000 ____D C:\ComboFix 2012-06-05 07:31 - 2012-05-29 19:14 - 00000000 ____D C:\Qoobox 2012-06-05 07:27 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-06-05 07:27 - 2009-07-13 18:34 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts 2012-06-05 07:26 - 2011-11-06 15:09 - 00002812 ____A C:\Windows\PFRO.log 2012-06-04 22:02 - 2011-11-06 14:02 - 00000000 ____D C:\Users\JWB\AppData\Roaming\XnView 2012-06-04 20:24 - 2011-11-09 21:33 - 00000021 ____A C:\Users\All Users\hpqp.txt 2012-05-30 10:38 - 2012-05-30 10:38 - 00000000 ____D C:\_OTL 2012-05-30 10:38 - 2012-05-07 20:43 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar 2012-05-30 10:38 - 2012-03-11 19:32 - 00000000 ____D C:\Program Files (x86)\Ask.com 2012-05-30 09:55 - 2012-05-30 09:55 - 00083836 ____A C:\Users\JWB\Desktop\Extras.Txt 2012-05-30 09:55 - 2012-05-30 09:55 - 00057716 ____A C:\Users\JWB\Desktop\OTL.Txt 2012-05-30 09:28 - 2012-05-30 09:47 - 00595968 ____A (OldTimer Tools) C:\Users\JWB\Desktop\OTL.exe 2012-05-29 19:35 - 2012-05-29 19:14 - 00000000 ____D C:\Windows\ERDNT 2012-05-29 19:24 - 2011-11-13 15:38 - 00000326 ____A C:\Windows\Tasks\HPCeeScheduleForJWB.job 2012-05-29 19:11 - 2011-11-06 13:18 - 00000000 ____D C:\users\JWB 2012-05-29 18:55 - 2012-05-29 19:07 - 04530590 ____R (Swearware) C:\Users\JWB\Desktop\ComboFix.exe 2012-05-29 18:55 - 2012-05-29 19:07 - 00853862 ____A C:\Users\JWB\Desktop\SecurityCheck.exe 2012-05-27 14:10 - 2012-05-27 14:20 - 00607260 ____R (Swearware) C:\Users\JWB\Desktop\dds.scr 2012-05-27 11:48 - 2012-05-27 11:48 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-05-27 11:48 - 2012-05-19 18:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-27 09:21 - 2011-11-09 21:33 - 00000000 ____D C:\Users\JWB\AppData\Local\QuickPlay 2012-05-27 09:21 - 2011-11-06 13:05 - 00000000 ____D C:\Windows\SysWOW64\ZoneLabs 2012-05-27 09:20 - 2012-05-17 19:18 - 00000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection 2012-05-27 09:20 - 2012-05-17 19:17 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus 2012-05-27 09:20 - 2011-11-08 16:36 - 00000000 ____D C:\Users\JWB\AppData\Local\Spotify 2012-05-27 09:20 - 2011-11-06 12:58 - 00000000 ____D C:\Users\All Users\Lavasoft 2012-05-27 09:20 - 2011-11-06 12:58 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2012-05-27 09:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2012-05-27 06:22 - 2012-05-27 06:22 - 234304633 ____A C:\Windows\MEMORY.DMP 2012-05-27 06:22 - 2012-05-27 06:22 - 00274872 ____A C:\Windows\Minidump\052712-17503-01.dmp 2012-05-27 06:22 - 2012-05-27 06:22 - 00000000 ____D C:\Windows\Minidump 2012-05-27 06:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\config\TxR 2012-05-19 18:21 - 2012-05-19 18:21 - 00000000 ____D C:\Users\JWB\AppData\Roaming\Malwarebytes 2012-05-19 18:21 - 2012-05-19 18:21 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-05-19 18:01 - 2012-05-27 11:48 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\JWB\Desktop\mbam-setup-1.61.0.1400.exe 2012-05-17 19:21 - 2012-05-17 19:16 - 00000000 ____D C:\Users\JWB\AppData\Roaming\Ad-Aware Antivirus 2012-05-17 19:18 - 2012-05-17 19:18 - 00000012 ____A C:\Users\JWB\Downloads\FSSC.dat 2012-05-17 19:18 - 2012-05-17 19:18 - 00000000 ____D C:\Users\JWB\AppData\Local\adaware 2012-05-11 05:11 - 2009-07-13 20:45 - 00355576 ____A C:\Windows\System32\FNTCACHE.DAT 2012-05-11 05:10 - 2009-08-17 10:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2012-05-11 04:52 - 2011-11-05 22:34 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-05-10 06:45 - 2011-11-06 13:18 - 00000000 ____D C:\Users\JWB\AppData\LocalLow 2012-05-09 13:19 - 2011-11-09 13:04 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat 2012-05-09 13:19 - 2011-11-09 13:04 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat 2012-05-04 20:52 - 2011-11-06 13:19 - 00085992 ____A C:\Users\JWB\AppData\Local\GDIPFONTCACHEV1.DAT 2012-04-29 18:55 - 2011-11-06 13:38 - 00000000 ____D C:\Users\JWB\Documents\Household 2012-04-26 20:42 - 2011-11-09 09:35 - 00034568 ____A C:\Users\JWB\Documents\stmt.txt 2012-04-26 19:31 - 2011-11-06 13:32 - 00000000 ____D C:\Users\JWB\Desktop\DCIM 2012-04-25 07:08 - 2012-01-01 23:11 - 01278462 ____A C:\Windows\ntbtlog.txt 2012-04-20 11:27 - 2012-04-13 13:21 - 00000000 ____D C:\Program Files (x86)\Google 2012-04-14 09:45 - 2012-04-14 09:45 - 00282382 ____A C:\Users\JWB\Documents\Kony2012.pdf 2012-04-13 13:21 - 2012-04-13 13:21 - 00000000 ____D C:\Users\JWB\AppData\Local\Google 2012-04-09 04:27 - 2011-11-06 13:40 - 00000000 ____D C:\Users\JWB\Documents\School 2012-04-04 12:56 - 2012-05-27 11:48 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-04-02 23:22 - 2012-04-02 23:22 - 00010226 ____A C:\Users\JWB\Documents\schedule alt.odt 2012-04-02 23:20 - 2011-11-06 13:40 - 00000000 ____D C:\Users\JWB\Documents\My Font Groups 2012-04-01 21:34 - 2012-05-10 18:44 - 05504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-04-01 20:46 - 2012-05-10 18:44 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-04-01 20:46 - 2012-05-10 18:44 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-04-01 19:01 - 2012-05-10 18:44 - 03143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-03-30 03:09 - 2012-05-10 18:44 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2012-03-23 08:07 - 2012-03-23 08:07 - 00065536 __ASH C:\Windows\System32\config\COMPONENTS{0ee1684a-72f6-11e1-a1fc-001f16ec93c6}.TxR.blf 2012-03-20 18:49 - 2012-03-20 18:49 - 00016384 __ASH C:\Users\JWB\Thumbs.db 2012-03-17 17:29 - 2012-03-11 19:31 - 00001155 ____A C:\Users\Public\Desktop\GOM Player.lnk 2012-03-16 23:55 - 2012-05-10 18:45 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys 2012-03-16 16:14 - 2012-03-16 16:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf 2012-03-16 16:14 - 2012-03-16 16:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_NuidFltr_01009.Wdf 2012-03-16 16:14 - 2012-03-16 16:14 - 00000000 ____D C:\Program Files\Microsoft IntelliPoint 2012-03-16 16:05 - 2012-03-16 16:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_dc3d_01009.Wdf 2012-03-13 19:05 - 2011-11-06 13:18 - 00000000 ____D C:\Users\JWB\AppData\Local\VirtualStore ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 17% Total physical RAM: 3999.19 MB Available physical RAM: 3304.75 MB Total Pagefile: 3997.34 MB Available Pagefile: 3291.9 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:220.82 GB) (Free:67.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] 2 Drive e: (RECOVERY) (Fixed) (Total:11.87 GB) (Free:2 GB) NTFS 4 Drive g: (NICE BOAT) (Removable) (Total:0.98 GB) (Free:0.98 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 232 GB 0 B Disk 1 Online 1008 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 199 MB 1024 KB Partition 2 Primary 220 GB 200 MB Partition 3 Primary 11 GB 221 GB ====================================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 220 GB Healthy ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E RECOVERY NTFS Partition 11 GB Healthy ====================================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1008 MB 16 KB ====================================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G NICE BOAT FAT Removable 1008 MB Healthy ====================================================================================================== ========================================================== Last Boot: 2012-06-06 21:58 ======================= End Of Log ==========================

I apologize for the delay in my response, the results for both scans are posted below. I have not tried reconnecting to the internet since the server hijack, but once to allow for the Avast virus definitions to be downloaded. I say this because I have not been able to judge any suspicious behavior because of no internet connection, and the only way I could tell would be from another server hijack, which I plan to avoid at all costs. We might end up trying to wipe the drive soon, but there are many scattered documents and customizations on the computer, which makes transferring data a little difficult. If you can help us fix our problem, I will not rush you but will continue to follow your directions. But if you do suggest a drive wipe, we are willing to do so if needed. 23:23:52.0943 2068 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 23:23:52.0959 2068 ============================================================ 23:23:52.0959 2068 Current date / time: 2012/06/07 23:23:52.0959 23:23:52.0959 2068 SystemInfo: 23:23:52.0959 2068 23:23:52.0959 2068 OS Version: 6.1.7600 ServicePack: 0.0 23:23:52.0959 2068 Product type: Workstation 23:23:52.0959 2068 ComputerName: STATION4 23:23:52.0959 2068 UserName: JWB 23:23:52.0959 2068 Windows directory: C:\Windows 23:23:52.0959 2068 System windows directory: C:\Windows 23:23:52.0959 2068 Running under WOW64 23:23:52.0959 2068 Processor architecture: Intel x64 23:23:52.0959 2068 Number of processors: 2 23:23:52.0959 2068 Page size: 0x1000 23:23:52.0959 2068 Boot type: Normal boot 23:23:52.0959 2068 ============================================================ 23:23:54.0051 2068 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x4BB4D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x19, Type 'K0', Flags 0x00000040 23:23:54.0066 2068 ============================================================ 23:23:54.0066 2068 \Device\Harddisk0\DR0: 23:23:54.0066 2068 MBR partitions: 23:23:54.0066 2068 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 23:23:54.0066 2068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B9A4000 23:23:54.0066 2068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BA08000, BlocksNum 0x17BD000 23:23:54.0066 2068 ============================================================ 23:23:54.0098 2068 C: <-> \Device\Harddisk0\DR0\Partition1 23:23:54.0129 2068 D: <-> \Device\Harddisk0\DR0\Partition2 23:23:54.0129 2068 ============================================================ 23:23:54.0129 2068 Initialize success 23:23:54.0129 2068 ============================================================ 23:23:58.0684 0288 ============================================================ 23:23:58.0684 0288 Scan started 23:23:58.0684 0288 Mode: Manual; 23:23:58.0684 0288 ============================================================ 23:24:00.0010 0288 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 23:24:00.0010 0288 1394ohci - ok 23:24:00.0057 0288 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 23:24:00.0057 0288 ACPI - ok 23:24:00.0088 0288 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 23:24:00.0088 0288 AcpiPmi - ok 23:24:00.0166 0288 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 23:24:00.0166 0288 AdobeARMservice - ok 23:24:00.0228 0288 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 23:24:00.0244 0288 adp94xx - ok 23:24:00.0275 0288 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 23:24:00.0275 0288 adpahci - ok 23:24:00.0306 0288 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 23:24:00.0306 0288 adpu320 - ok 23:24:00.0447 0288 ADVService (96a0ff09e226b023dc6aca253aacee2e) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe 23:24:00.0447 0288 ADVService - ok 23:24:00.0478 0288 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 23:24:00.0478 0288 AeLookupSvc - ok 23:24:00.0556 0288 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 23:24:00.0556 0288 AFD - ok 23:24:00.0603 0288 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 23:24:00.0603 0288 agp440 - ok 23:24:00.0634 0288 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 23:24:00.0634 0288 ALG - ok 23:24:00.0681 0288 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 23:24:00.0681 0288 aliide - ok 23:24:00.0696 0288 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 23:24:00.0696 0288 amdide - ok 23:24:00.0728 0288 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 23:24:00.0728 0288 AmdK8 - ok 23:24:00.0728 0288 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 23:24:00.0728 0288 AmdPPM - ok 23:24:00.0774 0288 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 23:24:00.0774 0288 amdsata - ok 23:24:00.0806 0288 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 23:24:00.0806 0288 amdsbs - ok 23:24:00.0852 0288 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 23:24:00.0852 0288 amdxata - ok 23:24:00.0899 0288 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 23:24:00.0899 0288 AppID - ok 23:24:00.0930 0288 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 23:24:00.0930 0288 AppIDSvc - ok 23:24:00.0977 0288 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 23:24:00.0977 0288 Appinfo - ok 23:24:01.0055 0288 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 23:24:01.0055 0288 arc - ok 23:24:01.0071 0288 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 23:24:01.0071 0288 arcsas - ok 23:24:01.0102 0288 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 23:24:01.0102 0288 AsyncMac - ok 23:24:01.0118 0288 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 23:24:01.0118 0288 atapi - ok 23:24:01.0196 0288 athr (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys 23:24:01.0211 0288 athr - ok 23:24:01.0336 0288 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 23:24:01.0352 0288 AudioEndpointBuilder - ok 23:24:01.0352 0288 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 23:24:01.0367 0288 AudioSrv - ok 23:24:01.0398 0288 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 23:24:01.0398 0288 AxInstSV - ok 23:24:01.0461 0288 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 23:24:01.0476 0288 b06bdrv - ok 23:24:01.0523 0288 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 23:24:01.0523 0288 b57nd60a - ok 23:24:01.0632 0288 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 23:24:01.0632 0288 BBSvc - ok 23:24:01.0710 0288 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 23:24:01.0710 0288 BBUpdate - ok 23:24:01.0742 0288 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 23:24:01.0742 0288 BDESVC - ok 23:24:01.0788 0288 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 23:24:01.0788 0288 Beep - ok 23:24:01.0866 0288 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 23:24:01.0866 0288 BFE - ok 23:24:01.0929 0288 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll 23:24:01.0944 0288 BITS - ok 23:24:01.0991 0288 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 23:24:02.0007 0288 blbdrive - ok 23:24:02.0038 0288 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 23:24:02.0038 0288 bowser - ok 23:24:02.0069 0288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:24:02.0069 0288 BrFiltLo - ok 23:24:02.0069 0288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:24:02.0069 0288 BrFiltUp - ok 23:24:02.0132 0288 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 23:24:02.0132 0288 BridgeMP - ok 23:24:02.0178 0288 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 23:24:02.0178 0288 Browser - ok 23:24:02.0210 0288 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 23:24:02.0210 0288 Brserid - ok 23:24:02.0241 0288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 23:24:02.0241 0288 BrSerWdm - ok 23:24:02.0241 0288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 23:24:02.0241 0288 BrUsbMdm - ok 23:24:02.0256 0288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 23:24:02.0256 0288 BrUsbSer - ok 23:24:02.0256 0288 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 23:24:02.0256 0288 BTHMODEM - ok 23:24:02.0288 0288 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 23:24:02.0288 0288 bthserv - ok 23:24:02.0350 0288 catchme - ok 23:24:02.0381 0288 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys 23:24:02.0397 0288 CAXHWAZL - ok 23:24:02.0444 0288 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 23:24:02.0444 0288 cdfs - ok 23:24:02.0475 0288 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 23:24:02.0475 0288 cdrom - ok 23:24:02.0522 0288 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 23:24:02.0522 0288 CertPropSvc - ok 23:24:02.0553 0288 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 23:24:02.0553 0288 circlass - ok 23:24:02.0600 0288 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 23:24:02.0600 0288 CLFS - ok 23:24:02.0678 0288 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:24:02.0678 0288 clr_optimization_v2.0.50727_32 - ok 23:24:02.0709 0288 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:24:02.0709 0288 clr_optimization_v2.0.50727_64 - ok 23:24:02.0802 0288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:24:02.0802 0288 clr_optimization_v4.0.30319_32 - ok 23:24:02.0834 0288 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:24:02.0834 0288 clr_optimization_v4.0.30319_64 - ok 23:24:02.0849 0288 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 23:24:02.0865 0288 CmBatt - ok 23:24:02.0880 0288 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 23:24:02.0880 0288 cmdide - ok 23:24:02.0943 0288 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 23:24:02.0943 0288 CNG - ok 23:24:03.0021 0288 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys 23:24:03.0036 0288 CnxtHdAudService - ok 23:24:03.0146 0288 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 23:24:03.0146 0288 Com4QLBEx - ok 23:24:03.0192 0288 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 23:24:03.0192 0288 Compbatt - ok 23:24:03.0224 0288 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 23:24:03.0224 0288 CompositeBus - ok 23:24:03.0239 0288 COMSysApp - ok 23:24:03.0255 0288 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 23:24:03.0255 0288 crcdisk - ok 23:24:03.0317 0288 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 23:24:03.0317 0288 CryptSvc - ok 23:24:03.0380 0288 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys 23:24:03.0380 0288 dc3d - ok 23:24:03.0442 0288 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 23:24:03.0442 0288 DcomLaunch - ok 23:24:03.0489 0288 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 23:24:03.0489 0288 defragsvc - ok 23:24:03.0520 0288 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 23:24:03.0520 0288 DfsC - ok 23:24:03.0567 0288 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 23:24:03.0567 0288 Dhcp - ok 23:24:03.0614 0288 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 23:24:03.0629 0288 discache - ok 23:24:03.0660 0288 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 23:24:03.0660 0288 Disk - ok 23:24:03.0692 0288 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 23:24:03.0692 0288 Dnscache - ok 23:24:03.0738 0288 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 23:24:03.0738 0288 dot3svc - ok 23:24:03.0754 0288 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 23:24:03.0770 0288 DPS - ok 23:24:03.0785 0288 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 23:24:03.0785 0288 drmkaud - ok 23:24:03.0863 0288 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 23:24:03.0879 0288 DXGKrnl - ok 23:24:03.0926 0288 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 23:24:03.0926 0288 EapHost - ok 23:24:04.0097 0288 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 23:24:04.0175 0288 ebdrv - ok 23:24:04.0316 0288 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 23:24:04.0316 0288 EFS - ok 23:24:04.0409 0288 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 23:24:04.0409 0288 ehRecvr - ok 23:24:04.0456 0288 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 23:24:04.0456 0288 ehSched - ok 23:24:04.0550 0288 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 23:24:04.0550 0288 elxstor - ok 23:24:04.0581 0288 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 23:24:04.0581 0288 ErrDev - ok 23:24:04.0643 0288 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 23:24:04.0643 0288 EventSystem - ok 23:24:04.0690 0288 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 23:24:04.0690 0288 exfat - ok 23:24:04.0706 0288 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 23:24:04.0706 0288 fastfat - ok 23:24:04.0768 0288 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 23:24:04.0784 0288 Fax - ok 23:24:04.0815 0288 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 23:24:04.0815 0288 fdc - ok 23:24:04.0846 0288 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 23:24:04.0846 0288 fdPHost - ok 23:24:04.0862 0288 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 23:24:04.0862 0288 FDResPub - ok 23:24:04.0893 0288 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 23:24:04.0893 0288 FileInfo - ok 23:24:04.0908 0288 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 23:24:04.0908 0288 Filetrace - ok 23:24:04.0940 0288 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 23:24:04.0940 0288 flpydisk - ok 23:24:04.0955 0288 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 23:24:04.0955 0288 FltMgr - ok 23:24:05.0018 0288 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 23:24:05.0033 0288 FontCache - ok 23:24:05.0096 0288 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:24:05.0096 0288 FontCache3.0.0.0 - ok 23:24:05.0142 0288 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 23:24:05.0142 0288 FsDepends - ok 23:24:05.0189 0288 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 23:24:05.0189 0288 Fs_Rec - ok 23:24:05.0236 0288 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 23:24:05.0236 0288 fvevol - ok 23:24:05.0283 0288 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 23:24:05.0283 0288 gagp30kx - ok 23:24:05.0392 0288 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 23:24:05.0392 0288 GameConsoleService - ok 23:24:05.0454 0288 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 23:24:05.0470 0288 gpsvc - ok 23:24:05.0579 0288 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:24:05.0579 0288 gupdate - ok 23:24:05.0610 0288 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:24:05.0610 0288 gupdatem - ok 23:24:05.0642 0288 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 23:24:05.0642 0288 hcw85cir - ok 23:24:05.0657 0288 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 23:24:05.0673 0288 HdAudAddService - ok 23:24:05.0704 0288 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 23:24:05.0704 0288 HDAudBus - ok 23:24:05.0720 0288 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 23:24:05.0720 0288 HidBatt - ok 23:24:05.0735 0288 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 23:24:05.0735 0288 HidBth - ok 23:24:05.0751 0288 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 23:24:05.0751 0288 HidIr - ok 23:24:05.0782 0288 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 23:24:05.0782 0288 hidserv - ok 23:24:05.0829 0288 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 23:24:05.0829 0288 HidUsb - ok 23:24:05.0844 0288 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 23:24:05.0860 0288 hkmsvc - ok 23:24:05.0876 0288 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 23:24:05.0876 0288 HomeGroupListener - ok 23:24:05.0907 0288 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 23:24:05.0907 0288 HomeGroupProvider - ok 23:24:06.0032 0288 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 23:24:06.0032 0288 HP Health Check Service - ok 23:24:06.0063 0288 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 23:24:06.0063 0288 HpqKbFiltr - ok 23:24:06.0156 0288 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 23:24:06.0156 0288 hpqwmiex - ok 23:24:06.0203 0288 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 23:24:06.0203 0288 HpSAMD - ok 23:24:06.0312 0288 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll 23:24:06.0328 0288 HsfXAudioService - ok 23:24:06.0406 0288 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys 23:24:06.0422 0288 HSF_DPV - ok 23:24:06.0546 0288 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 23:24:06.0562 0288 HTTP - ok 23:24:06.0578 0288 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 23:24:06.0578 0288 hwpolicy - ok 23:24:06.0593 0288 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 23:24:06.0593 0288 i8042prt - ok 23:24:06.0640 0288 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 23:24:06.0656 0288 iaStorV - ok 23:24:06.0765 0288 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:24:06.0765 0288 idsvc - ok 23:24:07.0186 0288 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys 23:24:07.0389 0288 igfx - ok 23:24:07.0514 0288 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 23:24:07.0514 0288 iirsp - ok 23:24:07.0576 0288 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 23:24:07.0576 0288 IKEEXT - ok 23:24:07.0638 0288 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys 23:24:07.0638 0288 IntcHdmiAddService - ok 23:24:07.0654 0288 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 23:24:07.0654 0288 intelide - ok 23:24:07.0685 0288 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 23:24:07.0685 0288 intelppm - ok 23:24:07.0732 0288 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 23:24:07.0732 0288 IPBusEnum - ok 23:24:07.0748 0288 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:24:07.0748 0288 IpFilterDriver - ok 23:24:07.0810 0288 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 23:24:07.0810 0288 iphlpsvc - ok 23:24:07.0810 0288 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 23:24:07.0826 0288 IPMIDRV - ok 23:24:07.0857 0288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 23:24:07.0857 0288 IPNAT - ok 23:24:07.0888 0288 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 23:24:07.0888 0288 IRENUM - ok 23:24:07.0904 0288 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 23:24:07.0904 0288 isapnp - ok 23:24:07.0935 0288 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 23:24:07.0935 0288 iScsiPrt - ok 23:24:07.0950 0288 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 23:24:07.0966 0288 kbdclass - ok 23:24:08.0013 0288 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 23:24:08.0013 0288 kbdhid - ok 23:24:08.0075 0288 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 23:24:08.0075 0288 KeyIso - ok 23:24:08.0091 0288 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 23:24:08.0091 0288 KSecDD - ok 23:24:08.0106 0288 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 23:24:08.0106 0288 KSecPkg - ok 23:24:08.0138 0288 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 23:24:08.0138 0288 ksthunk - ok 23:24:08.0184 0288 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 23:24:08.0184 0288 KtmRm - ok 23:24:08.0231 0288 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 23:24:08.0231 0288 LanmanServer - ok 23:24:08.0262 0288 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 23:24:08.0262 0288 LanmanWorkstation - ok 23:24:08.0465 0288 Lavasoft Ad-Aware Service (93b3ef77866490c7daba054f6cbfcd51) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe 23:24:08.0481 0288 Lavasoft Ad-Aware Service - ok 23:24:08.0637 0288 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 23:24:08.0637 0288 Lavasoft Kernexplorer - ok 23:24:08.0793 0288 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys 23:24:08.0793 0288 Lbd - ok 23:24:08.0871 0288 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 23:24:08.0871 0288 LightScribeService - ok 23:24:08.0918 0288 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 23:24:08.0918 0288 lltdio - ok 23:24:08.0949 0288 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 23:24:08.0964 0288 lltdsvc - ok 23:24:08.0980 0288 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 23:24:08.0980 0288 lmhosts - ok 23:24:09.0027 0288 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 23:24:09.0027 0288 LSI_FC - ok 23:24:09.0058 0288 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 23:24:09.0058 0288 LSI_SAS - ok 23:24:09.0074 0288 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:24:09.0074 0288 LSI_SAS2 - ok 23:24:09.0105 0288 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:24:09.0105 0288 LSI_SCSI - ok 23:24:09.0120 0288 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 23:24:09.0120 0288 luafv - ok 23:24:09.0167 0288 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 23:24:09.0167 0288 Mcx2Svc - ok 23:24:09.0214 0288 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 23:24:09.0214 0288 mdmxsdk - ok 23:24:09.0245 0288 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 23:24:09.0245 0288 megasas - ok 23:24:09.0276 0288 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 23:24:09.0276 0288 MegaSR - ok 23:24:09.0323 0288 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 23:24:09.0323 0288 MMCSS - ok 23:24:09.0339 0288 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 23:24:09.0339 0288 Modem - ok 23:24:09.0386 0288 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 23:24:09.0386 0288 monitor - ok 23:24:09.0417 0288 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 23:24:09.0417 0288 mouclass - ok 23:24:09.0448 0288 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 23:24:09.0448 0288 mouhid - ok 23:24:09.0479 0288 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 23:24:09.0479 0288 mountmgr - ok 23:24:09.0510 0288 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 23:24:09.0510 0288 mpio - ok 23:24:09.0526 0288 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 23:24:09.0526 0288 mpsdrv - ok 23:24:09.0588 0288 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 23:24:09.0588 0288 MpsSvc - ok 23:24:09.0620 0288 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 23:24:09.0620 0288 MRxDAV - ok 23:24:09.0651 0288 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 23:24:09.0651 0288 mrxsmb - ok 23:24:09.0682 0288 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:24:09.0682 0288 mrxsmb10 - ok 23:24:09.0698 0288 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:24:09.0713 0288 mrxsmb20 - ok 23:24:09.0729 0288 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 23:24:09.0729 0288 msahci - ok 23:24:09.0744 0288 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 23:24:09.0744 0288 msdsm - ok 23:24:09.0791 0288 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 23:24:09.0791 0288 MSDTC - ok 23:24:09.0838 0288 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 23:24:09.0838 0288 Msfs - ok 23:24:09.0838 0288 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 23:24:09.0838 0288 mshidkmdf - ok 23:24:09.0869 0288 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 23:24:09.0869 0288 msisadrv - ok 23:24:09.0916 0288 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 23:24:09.0916 0288 MSiSCSI - ok 23:24:09.0916 0288 msiserver - ok 23:24:09.0947 0288 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 23:24:09.0947 0288 MSKSSRV - ok 23:24:09.0947 0288 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 23:24:09.0947 0288 MSPCLOCK - ok 23:24:09.0963 0288 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 23:24:09.0963 0288 MSPQM - ok 23:24:10.0010 0288 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 23:24:10.0025 0288 MsRPC - ok 23:24:10.0041 0288 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 23:24:10.0041 0288 mssmbios - ok 23:24:10.0041 0288 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 23:24:10.0041 0288 MSTEE - ok 23:24:10.0072 0288 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 23:24:10.0072 0288 MTConfig - ok 23:24:10.0088 0288 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 23:24:10.0088 0288 Mup - ok 23:24:10.0134 0288 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 23:24:10.0150 0288 napagent - ok 23:24:10.0197 0288 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 23:24:10.0197 0288 NativeWifiP - ok 23:24:10.0259 0288 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 23:24:10.0259 0288 NDIS - ok 23:24:10.0290 0288 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 23:24:10.0290 0288 NdisCap - ok 23:24:10.0337 0288 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 23:24:10.0337 0288 NdisTapi - ok 23:24:10.0368 0288 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 23:24:10.0368 0288 Ndisuio - ok 23:24:10.0384 0288 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 23:24:10.0384 0288 NdisWan - ok 23:24:10.0400 0288 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 23:24:10.0400 0288 NDProxy - ok 23:24:10.0431 0288 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 23:24:10.0431 0288 NetBIOS - ok 23:24:10.0446 0288 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 23:24:10.0446 0288 NetBT - ok 23:24:10.0509 0288 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 23:24:10.0509 0288 Netlogon - ok 23:24:10.0556 0288 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 23:24:10.0571 0288 Netman - ok 23:24:10.0602 0288 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 23:24:10.0602 0288 netprofm - ok 23:24:10.0665 0288 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:24:10.0680 0288 NetTcpPortSharing - ok 23:24:10.0883 0288 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 23:24:11.0008 0288 netw5v64 - ok 23:24:11.0148 0288 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 23:24:11.0148 0288 nfrd960 - ok 23:24:11.0180 0288 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 23:24:11.0195 0288 NlaSvc - ok 23:24:11.0211 0288 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 23:24:11.0226 0288 Npfs - ok 23:24:11.0242 0288 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 23:24:11.0242 0288 nsi - ok 23:24:11.0242 0288 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 23:24:11.0242 0288 nsiproxy - ok 23:24:11.0351 0288 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 23:24:11.0367 0288 Ntfs - ok 23:24:11.0523 0288 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys 23:24:11.0523 0288 NuidFltr - ok 23:24:11.0554 0288 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 23:24:11.0554 0288 Null - ok 23:24:11.0585 0288 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 23:24:11.0601 0288 nvraid - ok 23:24:11.0616 0288 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 23:24:11.0616 0288 nvstor - ok 23:24:11.0648 0288 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 23:24:11.0663 0288 nv_agp - ok 23:24:11.0663 0288 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 23:24:11.0663 0288 ohci1394 - ok 23:24:11.0710 0288 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 23:24:11.0710 0288 p2pimsvc - ok 23:24:11.0741 0288 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 23:24:11.0741 0288 p2psvc - ok 23:24:11.0772 0288 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 23:24:11.0772 0288 Parport - ok 23:24:11.0835 0288 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 23:24:11.0835 0288 partmgr - ok 23:24:11.0866 0288 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 23:24:11.0866 0288 PcaSvc - ok 23:24:11.0897 0288 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 23:24:11.0897 0288 pci - ok 23:24:11.0913 0288 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 23:24:11.0913 0288 pciide - ok 23:24:11.0944 0288 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 23:24:11.0944 0288 pcmcia - ok 23:24:11.0991 0288 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 23:24:11.0991 0288 pcw - ok 23:24:12.0053 0288 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 23:24:12.0069 0288 PEAUTH - ok 23:24:12.0147 0288 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 23:24:12.0147 0288 PerfHost - ok 23:24:12.0225 0288 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 23:24:12.0240 0288 pla - ok 23:24:12.0287 0288 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 23:24:12.0287 0288 PlugPlay - ok 23:24:12.0318 0288 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 23:24:12.0318 0288 PNRPAutoReg - ok 23:24:12.0350 0288 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 23:24:12.0350 0288 PNRPsvc - ok 23:24:12.0428 0288 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys 23:24:12.0428 0288 Point64 - ok 23:24:12.0474 0288 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 23:24:12.0474 0288 PolicyAgent - ok 23:24:12.0506 0288 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 23:24:12.0506 0288 Power - ok 23:24:12.0552 0288 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 23:24:12.0552 0288 PptpMiniport - ok 23:24:12.0568 0288 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 23:24:12.0568 0288 Processor - ok 23:24:12.0599 0288 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 23:24:12.0599 0288 ProfSvc - ok 23:24:12.0662 0288 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 23:24:12.0662 0288 ProtectedStorage - ok 23:24:12.0708 0288 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 23:24:12.0708 0288 Psched - ok 23:24:12.0771 0288 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 23:24:12.0786 0288 ql2300 - ok 23:24:12.0911 0288 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 23:24:12.0911 0288 ql40xx - ok 23:24:12.0942 0288 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 23:24:12.0942 0288 QWAVE - ok 23:24:12.0958 0288 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 23:24:12.0974 0288 QWAVEdrv - ok 23:24:13.0005 0288 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 23:24:13.0005 0288 RasAcd - ok 23:24:13.0036 0288 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 23:24:13.0036 0288 RasAgileVpn - ok 23:24:13.0052 0288 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 23:24:13.0067 0288 RasAuto - ok 23:24:13.0083 0288 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 23:24:13.0083 0288 Rasl2tp - ok 23:24:13.0114 0288 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 23:24:13.0130 0288 RasMan - ok 23:24:13.0176 0288 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 23:24:13.0176 0288 RasPppoe - ok 23:24:13.0176 0288 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 23:24:13.0176 0288 RasSstp - ok 23:24:13.0208 0288 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 23:24:13.0208 0288 rdbss - ok 23:24:13.0223 0288 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 23:24:13.0239 0288 rdpbus - ok 23:24:13.0286 0288 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 23:24:13.0286 0288 RDPCDD - ok 23:24:13.0286 0288 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 23:24:13.0286 0288 RDPENCDD - ok 23:24:13.0301 0288 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 23:24:13.0301 0288 RDPREFMP - ok 23:24:13.0348 0288 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys 23:24:13.0348 0288 RDPWD - ok 23:24:13.0395 0288 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 23:24:13.0395 0288 rdyboost - ok 23:24:13.0442 0288 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 23:24:13.0442 0288 RemoteAccess - ok 23:24:13.0473 0288 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 23:24:13.0473 0288 RemoteRegistry - ok 23:24:13.0551 0288 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 23:24:13.0551 0288 RichVideo - ok 23:24:13.0566 0288 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 23:24:13.0582 0288 RpcEptMapper - ok 23:24:13.0613 0288 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 23:24:13.0613 0288 RpcLocator - ok 23:24:13.0644 0288 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll 23:24:13.0644 0288 RpcSs - ok 23:24:13.0707 0288 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 23:24:13.0707 0288 rspndr - ok 23:24:13.0738 0288 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys 23:24:13.0754 0288 RSUSBSTOR - ok 23:24:13.0800 0288 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 23:24:13.0800 0288 RTL8167 - ok 23:24:13.0816 0288 RtsUIR - ok 23:24:13.0863 0288 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 23:24:13.0863 0288 SamSs - ok 23:24:13.0894 0288 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 23:24:13.0894 0288 sbp2port - ok 23:24:13.0941 0288 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 23:24:13.0941 0288 SCardSvr - ok 23:24:13.0956 0288 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 23:24:13.0956 0288 scfilter - ok 23:24:14.0019 0288 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 23:24:14.0034 0288 Schedule - ok 23:24:14.0066 0288 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 23:24:14.0066 0288 SCPolicySvc - ok 23:24:14.0128 0288 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys 23:24:14.0128 0288 sdbus - ok 23:24:14.0159 0288 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 23:24:14.0159 0288 SDRSVC - ok 23:24:14.0190 0288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 23:24:14.0190 0288 secdrv - ok 23:24:14.0222 0288 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 23:24:14.0222 0288 seclogon - ok 23:24:14.0253 0288 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 23:24:14.0253 0288 SENS - ok 23:24:14.0284 0288 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 23:24:14.0284 0288 SensrSvc - ok 23:24:14.0300 0288 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 23:24:14.0300 0288 Serenum - ok 23:24:14.0331 0288 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 23:24:14.0331 0288 Serial - ok 23:24:14.0346 0288 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 23:24:14.0346 0288 sermouse - ok 23:24:14.0378 0288 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 23:24:14.0378 0288 SessionEnv - ok 23:24:14.0424 0288 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 23:24:14.0424 0288 sffdisk - ok 23:24:14.0440 0288 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 23:24:14.0440 0288 sffp_mmc - ok 23:24:14.0471 0288 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys 23:24:14.0471 0288 sffp_sd - ok 23:24:14.0502 0288 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 23:24:14.0502 0288 sfloppy - ok 23:24:14.0549 0288 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 23:24:14.0549 0288 SharedAccess - ok 23:24:14.0596 0288 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 23:24:14.0612 0288 ShellHWDetection - ok 23:24:14.0627 0288 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:24:14.0627 0288 SiSRaid2 - ok 23:24:14.0658 0288 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 23:24:14.0658 0288 SiSRaid4 - ok 23:24:14.0705 0288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 23:24:14.0705 0288 Smb - ok 23:24:14.0783 0288 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 23:24:14.0783 0288 SNMPTRAP - ok 23:24:14.0799 0288 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 23:24:14.0799 0288 spldr - ok 23:24:14.0846 0288 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 23:24:14.0846 0288 Spooler - ok 23:24:14.0986 0288 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 23:24:15.0048 0288 sppsvc - ok 23:24:15.0158 0288 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 23:24:15.0158 0288 sppuinotify - ok 23:24:15.0220 0288 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 23:24:15.0220 0288 srv - ok 23:24:15.0251 0288 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 23:24:15.0251 0288 srv2 - ok 23:24:15.0298 0288 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 23:24:15.0298 0288 SrvHsfHDA - ok 23:24:15.0345 0288 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 23:24:15.0360 0288 SrvHsfV92 - ok 23:24:15.0516 0288 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 23:24:15.0532 0288 SrvHsfWinac - ok 23:24:15.0563 0288 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 23:24:15.0563 0288 srvnet - ok 23:24:15.0610 0288 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 23:24:15.0626 0288 SSDPSRV - ok 23:24:15.0626 0288 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 23:24:15.0641 0288 SstpSvc - ok 23:24:15.0672 0288 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 23:24:15.0672 0288 stexstor - ok 23:24:15.0735 0288 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 23:24:15.0750 0288 stisvc - ok 23:24:15.0766 0288 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 23:24:15.0766 0288 swenum - ok 23:24:15.0828 0288 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 23:24:15.0828 0288 swprv - ok 23:24:15.0891 0288 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys 23:24:15.0891 0288 SynTP - ok 23:24:15.0984 0288 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 23:24:16.0031 0288 SysMain - ok 23:24:16.0140 0288 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 23:24:16.0156 0288 TabletInputService - ok 23:24:16.0172 0288 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 23:24:16.0187 0288 TapiSrv - ok 23:24:16.0218 0288 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 23:24:16.0218 0288 TBS - ok 23:24:16.0390 0288 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 23:24:16.0406 0288 Tcpip - ok 23:24:16.0624 0288 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 23:24:16.0640 0288 TCPIP6 - ok 23:24:16.0920 0288 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 23:24:16.0920 0288 tcpipreg - ok 23:24:16.0952 0288 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 23:24:16.0952 0288 TDPIPE - ok 23:24:16.0983 0288 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 23:24:16.0983 0288 TDTCP - ok 23:24:17.0030 0288 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 23:24:17.0030 0288 tdx - ok 23:24:17.0045 0288 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 23:24:17.0045 0288 TermDD - ok 23:24:17.0108 0288 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 23:24:17.0108 0288 TermService - ok 23:24:17.0123 0288 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 23:24:17.0139 0288 Themes - ok 23:24:17.0154 0288 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 23:24:17.0154 0288 THREADORDER - ok 23:24:17.0201 0288 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 23:24:17.0201 0288 TrkWks - ok 23:24:17.0264 0288 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 23:24:17.0264 0288 TrustedInstaller - ok 23:24:17.0279 0288 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 23:24:17.0279 0288 tssecsrv - ok 23:24:17.0342 0288 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 23:24:17.0342 0288 tunnel - ok 23:24:17.0357 0288 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 23:24:17.0357 0288 uagp35 - ok 23:24:17.0388 0288 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 23:24:17.0388 0288 udfs - ok 23:24:17.0420 0288 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 23:24:17.0435 0288 UI0Detect - ok 23:24:17.0451 0288 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 23:24:17.0451 0288 uliagpkx - ok 23:24:17.0498 0288 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 23:24:17.0498 0288 umbus - ok 23:24:17.0529 0288 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 23:24:17.0529 0288 UmPass - ok 23:24:17.0576 0288 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 23:24:17.0576 0288 upnphost - ok 23:24:17.0607 0288 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 23:24:17.0607 0288 usbccgp - ok 23:24:17.0622 0288 USBCCID - ok 23:24:17.0654 0288 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 23:24:17.0654 0288 usbcir - ok 23:24:17.0685 0288 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 23:24:17.0685 0288 usbehci - ok 23:24:17.0716 0288 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 23:24:17.0732 0288 usbhub - ok 23:24:17.0747 0288 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys 23:24:17.0747 0288 usbohci - ok 23:24:17.0778 0288 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 23:24:17.0778 0288 usbprint - ok 23:24:17.0810 0288 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:24:17.0810 0288 USBSTOR - ok 23:24:17.0825 0288 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys 23:24:17.0825 0288 usbuhci - ok 23:24:17.0888 0288 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 23:24:17.0903 0288 usbvideo - ok 23:24:17.0919 0288 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 23:24:17.0919 0288 UxSms - ok 23:24:17.0997 0288 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 23:24:17.0997 0288 VaultSvc - ok 23:24:18.0028 0288 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 23:24:18.0028 0288 vdrvroot - ok 23:24:18.0090 0288 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 23:24:18.0106 0288 vds - ok 23:24:18.0153 0288 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 23:24:18.0153 0288 vga - ok 23:24:18.0184 0288 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 23:24:18.0184 0288 VgaSave - ok 23:24:18.0200 0288 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 23:24:18.0200 0288 vhdmp - ok 23:24:18.0215 0288 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 23:24:18.0215 0288 viaide - ok 23:24:18.0246 0288 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 23:24:18.0246 0288 volmgr - ok 23:24:18.0262 0288 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 23:24:18.0278 0288 volmgrx - ok 23:24:18.0293 0288 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 23:24:18.0293 0288 volsnap - ok 23:24:18.0371 0288 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys 23:24:18.0371 0288 Vsdatant - ok 23:24:18.0449 0288 vsmon - ok 23:24:18.0512 0288 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 23:24:18.0512 0288 vsmraid - ok 23:24:18.0590 0288 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 23:24:18.0605 0288 VSS - ok 23:24:18.0730 0288 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 23:24:18.0730 0288 vwifibus - ok 23:24:18.0761 0288 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 23:24:18.0761 0288 vwififlt - ok 23:24:18.0808 0288 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 23:24:18.0808 0288 W32Time - ok 23:24:18.0839 0288 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 23:24:18.0839 0288 WacomPen - ok 23:24:18.0870 0288 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 23:24:18.0870 0288 WANARP - ok 23:24:18.0886 0288 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 23:24:18.0886 0288 Wanarpv6 - ok 23:24:18.0980 0288 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 23:24:18.0995 0288 WatAdminSvc - ok 23:24:19.0073 0288 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 23:24:19.0089 0288 wbengine - ok 23:24:19.0198 0288 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 23:24:19.0214 0288 WbioSrvc - ok 23:24:19.0245 0288 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 23:24:19.0245 0288 wcncsvc - ok 23:24:19.0276 0288 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 23:24:19.0276 0288 WcsPlugInService - ok 23:24:19.0338 0288 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 23:24:19.0338 0288 Wd - ok 23:24:19.0370 0288 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 23:24:19.0370 0288 Wdf01000 - ok 23:24:19.0416 0288 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 23:24:19.0416 0288 WdiServiceHost - ok 23:24:19.0416 0288 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 23:24:19.0416 0288 WdiSystemHost - ok 23:24:19.0448 0288 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 23:24:19.0448 0288 WebClient - ok 23:24:19.0479 0288 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 23:24:19.0479 0288 Wecsvc - ok 23:24:19.0526 0288 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 23:24:19.0526 0288 wercplsupport - ok 23:24:19.0557 0288 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 23:24:19.0557 0288 WerSvc - ok 23:24:19.0619 0288 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 23:24:19.0619 0288 WfpLwf - ok 23:24:19.0650 0288 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 23:24:19.0650 0288 WIMMount - ok 23:24:19.0713 0288 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys 23:24:19.0728 0288 winachsf - ok 23:24:19.0760 0288 WinDefend - ok 23:24:19.0775 0288 WinHttpAutoProxySvc - ok 23:24:19.0838 0288 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 23:24:19.0838 0288 Winmgmt - ok 23:24:19.0931 0288 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 23:24:19.0947 0288 WinRM - ok 23:24:20.0134 0288 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 23:24:20.0150 0288 Wlansvc - ok 23:24:20.0212 0288 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 23:24:20.0212 0288 WmiAcpi - ok 23:24:20.0274 0288 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 23:24:20.0274 0288 wmiApSrv - ok 23:24:20.0352 0288 WMPNetworkSvc - ok 23:24:20.0368 0288 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 23:24:20.0384 0288 WPCSvc - ok 23:24:20.0384 0288 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 23:24:20.0399 0288 WPDBusEnum - ok 23:24:20.0415 0288 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 23:24:20.0415 0288 ws2ifsl - ok 23:24:20.0446 0288 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll 23:24:20.0462 0288 wscsvc - ok 23:24:20.0462 0288 WSearch - ok 23:24:20.0571 0288 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 23:24:20.0602 0288 wuauserv - ok 23:24:20.0727 0288 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 23:24:20.0727 0288 WudfPf - ok 23:24:20.0758 0288 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 23:24:20.0758 0288 WUDFRd - ok 23:24:20.0789 0288 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 23:24:20.0789 0288 wudfsvc - ok 23:24:20.0820 0288 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 23:24:20.0820 0288 WwanSvc - ok 23:24:20.0867 0288 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys 23:24:20.0867 0288 XAudio - ok 23:24:20.0914 0288 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 23:24:20.0914 0288 yukonw7 - ok 23:24:20.0961 0288 MBR (0x1B8) (8065ab345e5f3212518e1e127758d69e) \Device\Harddisk0\DR0 23:24:21.0117 0288 \Device\Harddisk0\DR0 - ok 23:24:21.0132 0288 Boot (0x1200) (19aeb0d8f0355f65ae0c48884c51c1fa) \Device\Harddisk0\DR0\Partition0 23:24:21.0132 0288 \Device\Harddisk0\DR0\Partition0 - ok 23:24:21.0148 0288 Boot (0x1200) (ace762bdcc351084bb7bb50039c62459) \Device\Harddisk0\DR0\Partition1 23:24:21.0148 0288 \Device\Harddisk0\DR0\Partition1 - ok 23:24:21.0179 0288 Boot (0x1200) (9fef7041c5e9ca36849b5f477e9abbe0) \Device\Harddisk0\DR0\Partition2 23:24:21.0179 0288 \Device\Harddisk0\DR0\Partition2 - ok 23:24:21.0179 0288 ============================================================ 23:24:21.0179 0288 Scan finished 23:24:21.0179 0288 ============================================================ 23:24:21.0195 3012 Detected object count: 0 23:24:21.0195 3012 Actual detected object count: 0 aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-08 11:50:26 ----------------------------- 11:50:26.294 OS Version: Windows x64 6.1.7600 11:50:26.294 Number of processors: 2 586 0x170A 11:50:26.294 ComputerName: STATION4 UserName: JWB 11:50:29.055 Initialize success 11:51:31.779 AVAST engine download error: 0 11:52:07.690 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 11:52:07.690 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 11 11:52:07.705 Disk 0 MBR read successfully 11:52:07.705 Disk 0 MBR scan 11:52:07.721 Disk 0 unknown MBR code 11:52:07.737 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 11:52:07.737 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226120 MB offset 409600 11:52:07.768 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12154 MB offset 463503360 11:52:07.799 Disk 0 scanning C:\Windows\system32\drivers 11:52:14.273 Service scanning 11:52:49.139 Service Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys **LOCKED** 32 11:52:53.226 Modules scanning 11:52:53.226 Disk 0 trace - called modules: 11:52:53.788 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 11:52:53.804 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c7b4e0] 11:52:53.804 3 CLASSPNP.SYS[fffff880010d243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047b7060] 11:52:53.819 Scan finished successfully 11:53:15.347 Disk 0 MBR has been saved successfully to "C:\Users\JWB\Desktop\MBR.dat" 11:53:15.363 The log file has been saved successfully to "C:\Users\JWB\Desktop\aswMBR.txt"

I apologize for the delay in my response, but thank you for remaining persistent on your end. At the end of this message is the log created by ComboFix after running the CFScript, it was done in Reduced Functionality mode due to a window stating that ComboFix had expired. If this provides undesirable results, I will reperform the script in a way that you prescribe. In the post before your most recent, you asked that I check the computer for any abnormal behavior. I did so before running the ComboFix script by letting my mother use her laptop normally, connecting her back to the internet as well. The first thing she did was check her email, which is run off of servers that our family hosts. She could not log in, and we found instantly after this that we were then locked out of our server. Apparently, a SQL injection script was running on the browser when my mother entered her password, which it then used to log into our server and reset all the passwords including the root. Using a backdoor, we were able to regain control of the server and change the passwords. My father concluded that the laptop is being remotely controlled, and that a hard drive wipe would not solve the problem on the laptop. I have kept the laptop unconnected to the internet, and in the short window it was connected the previous events occurred. No other computers or devices in the network seem to have contracted the virus, and it still remains on the laptop. I have not reconnected it since then and will avoid doing so unless absolutely necessary as the infection seem extremely harmful. ComboFix 12-05-29.01 - JWB 06/05/2012 10:23:22.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2835 [GMT -5:00] Running from: c:\users\JWB\Desktop\ComboFix.exe Command switches used :: c:\users\JWB\Desktop\CFScript.txt AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 ))))))))))))))))))))))))))))))) . . 2012-06-05 15:25 . 2012-06-05 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-30 18:38 . 2012-05-30 18:38 -------- d-----w- C:\_OTL 2012-05-30 03:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F81D5BE6-649F-4C7B-89F9-3D3746EA80F2}\mpengine.dll 2012-05-27 19:48 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 02:21 . 2012-05-20 02:21 -------- d-----w- c:\users\JWB\AppData\Roaming\Malwarebytes 2012-05-20 02:21 . 2012-05-20 02:21 -------- d-----w- c:\programdata\Malwarebytes 2012-05-20 02:21 . 2012-05-27 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-18 03:18 . 2012-05-18 03:18 -------- d-----w- c:\users\JWB\AppData\Local\adaware 2012-05-18 03:18 . 2012-05-27 17:20 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-05-18 03:17 . 2012-05-27 17:20 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2012-05-18 03:16 . 2012-05-18 03:21 -------- d-----w- c:\users\JWB\AppData\Roaming\Ad-Aware Antivirus 2012-05-11 02:45 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 02:45 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 02:45 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 02:45 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-11 02:45 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-11 02:45 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-11 02:45 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-11 02:45 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-11 02:45 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-11 02:45 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-11 02:45 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-11 02:44 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 02:44 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 02:44 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 02:44 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 02:44 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 02:44 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 02:44 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 04:43 . 2012-05-30 18:38 -------- d-----w- c:\program files (x86)\BabylonToolbar . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2012-05-30_03.33.41 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-05-30 03:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-05 15:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-30 03:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-05 15:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-30 03:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-05 15:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-11-06 11:36 . 2012-06-05 15:19 72102 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-08-17 18:30 . 2012-06-05 14:48 39294 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-05 14:48 57094 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-11-06 22:47 . 2012-06-05 14:48 11266 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1389045141-546431936-601846973-1003_UserData.bin + 2011-11-10 21:12 . 2012-06-05 14:48 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat - 2011-11-10 21:12 . 2011-11-10 21:12 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat - 2012-05-30 03:24 . 2012-05-30 03:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-05 15:26 . 2012-06-05 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-05 15:26 . 2012-06-05 15:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-30 03:24 . 2012-05-30 03:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:36 . 2012-06-05 15:21 624412 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-27 22:22 624412 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-27 22:22 106756 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-06-05 15:21 106756 c:\windows\system32\perfc009.dat + 2009-08-17 22:02 . 2012-06-05 06:05 814592 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2012-05-30 03:23 331512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-05 15:26 331512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:34 . 2012-05-30 03:37 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2012-05-27 22:28 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat + 2011-11-06 22:43 . 2012-05-30 06:52 17758258 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1389045141-546431936-601846973-1003-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 116648] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-13 2152688] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 116648] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-06 17152] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 21:21] . 2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 21:21] . 2012-05-30 c:\windows\Tasks\HPCeeScheduleForJWB.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-17 21:38] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.theenglishcottage.com/webmail uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm TCP: Interfaces\{7B5D90F8-DB72-4ADD-AD43-C9F3D991AA80}: NameServer = 75.75.75.75 FF - ProfilePath - c:\users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\ FF - prefs.js: browser.search.selectedEngine - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=290412_1_ctrl FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 3cd4f9010000000000000c607632b9d8 FF - user.js: extensions.BabylonToolbar_i.hardId - 3cd4f9010000000000000c607632b9d8 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15468 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:43 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe . ************************************************************************** . Completion time: 2012-06-05 10:31:45 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-05 15:31 ComboFix2.txt 2012-05-30 03:37 . Pre-Run: 72,754,200,576 bytes free Post-Run: 72,568,684,544 bytes free . - - End Of File - - A78D727B6CD4A4AAF33C7B617BDEBD87

Hello, Below are the results of the custom script you provided to put in the Custom Scans/Fixes box. As for the state of the computer, I am unsure on how to judge if it is operating as it should without the infection. The only visible symptoms to me were that the browser rerouted links at random and always links clicked on through google, also that MalwareBytes was deleted at one point. Since I have started this topic, none of the symptoms have shown themselves. The computer seems to run much faster than it did before, and no other other suspicious activity is being displayed. Custom Scans/Fix result: ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully. File Protocol\Handler\ms-itss - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{397CFBAF-01FE-4A0D-950E-041F4905DC38}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{397CFBAF-01FE-4A0D-950E-041F4905DC38}\ not found. Registry value HKEY_USERS\S-1-5-21-1389045141-546431936-601846973-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully. C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully. HKEY_USERS\S-1-5-21-1389045141-546431936-601846973-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1389045141-546431936-601846973-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-1389045141-546431936-601846973-1003\Software\Microsoft\Internet Explorer\SearchScopes\{E75786E6-6CED-43E4-A207-43FDD9D1901F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E75786E6-6CED-43E4-A207-43FDD9D1901F}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: "https://midge.lookhosting.com:2096/" removed from browser.startup.homepage Prefs.js: "http://search.babylon.com/?affID=109935&tt=290412_1_ctrl&babsrc=KW_ss&mntrId=3cd4f9010000000000000c607632b9d8&q=" removed from keyword.URL C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions\toolbar@ask.com\searchplugins folder moved successfully. C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully. C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions\toolbar@ask.com\defaults folder moved successfully. C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully. C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions\toolbar@ask.com\chrome\content folder moved successfully. C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions\toolbar@ask.com\chrome folder moved successfully. C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions\toolbar@ask.com folder moved successfully. C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\searchplugins\askcom.xml moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully. C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully. C:\Users\JWB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber folder moved successfully. C:\Program Files (x86)\v-Grabber\imageformats folder moved successfully. C:\Program Files (x86)\v-Grabber\converter folder moved successfully. C:\Program Files (x86)\v-Grabber folder moved successfully. C:\Users\JWB\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully. C:\Users\JWB\AppData\Local\Babylon\Setup folder moved successfully. C:\Users\JWB\AppData\Local\Babylon folder moved successfully. C:\Users\JWB\AppData\Roaming\Babylon folder moved successfully. C:\ProgramData\Babylon folder moved successfully. C:\user.js moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\JWB\Desktop\cmd.bat deleted successfully. C:\Users\JWB\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: JWB ->Java cache emptied: 178374 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: JWB ->Flash cache emptied: 8193785 bytes User: Public Total Flash Files Cleaned = 8.00 mb OTL by OldTimer - Version 3.2.44.0 log created on 05302012_133846

Here are the results of the OTL scan: OTL logfile created on: 5/30/2012 12:52:05 PM - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\JWB\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.91 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 71.52% Memory free 7.81 Gb Paging File | 6.60 Gb Available in Paging File | 84.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 220.82 Gb Total Space | 69.42 Gb Free Space | 31.44% Space Free | Partition Type: NTFS Drive D: | 11.87 Gb Total Space | 2.00 Gb Free Space | 16.86% Space Free | Partition Type: NTFS Computer Name: STATION4 | User Name: JWB | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JWB\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com) PRC - C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b5b9223f5e18a1089a4fe3a896909d9d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation) SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (ADVService) -- C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation) DRV:64bit: - (cdfs) -- C:\Windows\SysNative\drivers\cdfs.sys (Microsoft Corporation) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {403CE8DA-BA42-478B-945D-BCD60FB70B3C} IE:64bit: - HKLM\..\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl IE:64bit: - HKLM\..\SearchScopes\{403CE8DA-BA42-478B-945D-BCD60FB70B3C}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {403CE8DA-BA42-478B-945D-BCD60FB70B3C} IE - HKLM\..\SearchScopes\{397CFBAF-01FE-4A0D-950E-041F4905DC38}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl IE - HKLM\..\SearchScopes\{403CE8DA-BA42-478B-945D-BCD60FB70B3C}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1389045141-546431936-601846973-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theenglis...age.com/webmail IE - HKU\S-1-5-21-1389045141-546431936-601846973-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1389045141-546431936-601846973-1003\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1389045141-546431936-601846973-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000c607632b9d8 IE - HKU\S-1-5-21-1389045141-546431936-601846973-1003\..\SearchScopes\{E75786E6-6CED-43E4-A207-43FDD9D1901F}: "URL" = http://websearch.ask...56-947E49C66D0F IE - HKU\S-1-5-21-1389045141-546431936-601846973-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "https://midge.lookhosting.com:2096/" FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109935&tt=290412_1_ctrl&babsrc=KW_ss&mntrId=3cd4f9010000000000000c607632b9d8&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/17 15:33:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/28 21:18:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/06 16:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JWB\AppData\Roaming\Mozilla\Extensions [2012/05/10 23:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions [2011/11/06 17:07:01 | 000,000,000 | ---D | M] (PlainOldFavorites) -- C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions\{7E7165E2-0767-448c-852F-5FA8714F2C37} [2012/03/11 22:32:35 | 000,000,000 | ---D | M] (GOM Player + Ask Toolbar) -- C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\extensions\toolbar@ask.com [2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\searchplugins\askcom.xml [2011/11/06 16:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/15 13:14:01 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\JWB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4P68J9EQ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2011/11/28 21:18:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/05/07 23:42:53 | 000,002,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/11/28 21:18:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/05/29 22:33:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (GOM Player + Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [updatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1389045141-546431936-601846973-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1389045141-546431936-601846973-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B5D90F8-DB72-4ADD-AD43-C9F3D991AA80}: NameServer = 75.75.75.75 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/30 12:47:24 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\JWB\Desktop\OTL.exe [2012/05/29 23:00:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/05/29 22:14:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/05/29 22:14:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/05/29 22:14:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/05/29 22:14:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/29 22:14:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/29 22:07:17 | 004,530,590 | R--- | C] (Swearware) -- C:\Users\JWB\Desktop\ComboFix.exe [2012/05/27 17:20:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\JWB\Desktop\dds.scr [2012/05/27 14:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/27 14:48:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/05/27 14:48:25 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\JWB\Desktop\mbam-setup-1.61.0.1400.exe [2012/05/27 09:22:25 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2012/05/19 21:21:43 | 000,000,000 | ---D | C] -- C:\Users\JWB\AppData\Roaming\Malwarebytes [2012/05/19 21:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/19 21:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/05/17 22:18:13 | 000,000,000 | ---D | C] -- C:\Users\JWB\AppData\Local\adaware [2012/05/17 22:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012/05/17 22:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012/05/17 22:16:08 | 000,000,000 | ---D | C] -- C:\Users\JWB\AppData\Roaming\Ad-Aware Antivirus [2012/05/10 21:45:06 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/05/10 21:45:05 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2012/05/10 21:45:05 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012/05/10 21:45:05 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2012/05/10 21:45:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2012/05/10 21:44:32 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/05/10 21:44:29 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/05/10 21:44:29 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/05/07 23:43:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar [2012/05/07 23:42:25 | 000,000,000 | ---D | C] -- C:\Users\JWB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber [2012/05/07 23:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\v-Grabber [2012/05/07 23:42:04 | 000,000,000 | ---D | C] -- C:\Users\JWB\AppData\Local\Babylon [2012/05/07 23:42:02 | 000,000,000 | ---D | C] -- C:\Users\JWB\AppData\Roaming\Babylon [2012/05/07 23:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/30 12:46:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/30 12:28:22 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\JWB\Desktop\OTL.exe [2012/05/30 12:26:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/30 08:29:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/30 08:29:44 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/30 08:23:47 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini [2012/05/30 08:23:46 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/30 08:22:04 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys [2012/05/29 22:33:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/05/29 22:24:16 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJWB.job [2012/05/29 21:55:58 | 004,530,590 | R--- | M] (Swearware) -- C:\Users\JWB\Desktop\ComboFix.exe [2012/05/29 21:55:12 | 000,853,862 | ---- | M] () -- C:\Users\JWB\Desktop\SecurityCheck.exe [2012/05/27 17:22:52 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/27 17:22:52 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/27 17:22:52 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/27 17:10:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\JWB\Desktop\dds.scr [2012/05/27 14:48:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/27 09:22:21 | 234,304,633 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/05/19 21:01:02 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JWB\Desktop\mbam-setup-1.61.0.1400.exe [2012/05/11 08:11:18 | 000,355,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/09 16:19:23 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012/05/09 16:19:23 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012/05/07 23:43:02 | 000,000,254 | ---- | M] () -- C:\user.js [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/29 22:14:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/05/29 22:14:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/05/29 22:14:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/05/29 22:14:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/05/29 22:14:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/05/29 22:07:17 | 000,853,862 | ---- | C] () -- C:\Users\JWB\Desktop\SecurityCheck.exe [2012/05/27 14:48:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/27 09:22:21 | 234,304,633 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/05/07 23:43:02 | 000,000,254 | ---- | C] () -- C:\user.js [2011/12/20 23:29:41 | 000,000,512 | ---- | C] () -- C:\Users\JWB\AppData\Roaming\wklnhst.dat [2011/11/09 16:04:30 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011/11/09 16:04:30 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011/11/06 01:45:05 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini [2011/02/11 20:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011/02/11 20:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011/02/11 20:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin < End of report >

Hello Gringo, I do believe you helped me previously in the bleeping computer forums. I look forward to your continued help. I have copied into this reply at the bottom both files generated by the Security Check and Combofix in their respective orders. The computer itself I have not touched since I last ran MalwareBytes, but I tried using the browser before running all the programs you listed in your post. The browser did not reroute at all. This again was before the scans you just provided, so I do not know if the problem is fixed or not. The last time I ran MalwareBytes it detected more items (8) than its previous scan (5), I don't know if it's a possibility MalwareBytes found the problem or not. Considering that the infection did uninstall MalwareBytes before the most recent scan I ran, which I had to reinstall it for, I do want to take extra precautions in making sure the infection is dealt with. After running Security Check and Combofix, the browser still does not reroute links. I also tried using multiple browsers to see if it was browser specific, and the results were the same. Upon restarting the computer though, my mother reported it booting up much faster than normal. Other miscellaneous and irrelevant problems she was having (java errors, notifications popping up) were fixed too, I assume this is due to some sort of reset that Combofix used. In the end, the problem appears fixed, but if you could, I would greatly appreciate a quick look over to make sure the infection is gone. Also, any advice on how to best avoid problems like this happening in the future or changes I should make to the computer I would greatly appreciate as well. Best Regards, Pan Results of screen317's Security Check version 0.99.41 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Lavasoft Ad-Watch Live! Anti-Virus WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware version 1.61.0.1400 Java™ 6 Update 29 Java version out of date! Adobe Flash Player 11.0.1.152 Flash Player out of Date! Adobe Reader X (10.1.1) Mozilla Firefox (8.0.1) ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Zone Labs ZoneAlarm zlclient.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ComboFix 12-05-29.01 - JWB 05/29/2012 22:16:07.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2498 [GMT -5:00] Running from: c:\users\JWB\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 ))))))))))))))))))))))))))))))) . . 2012-05-30 03:22 . 2012-05-30 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-30 03:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F81D5BE6-649F-4C7B-89F9-3D3746EA80F2}\mpengine.dll 2012-05-27 19:48 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-20 02:21 . 2012-05-20 02:21 -------- d-----w- c:\users\JWB\AppData\Roaming\Malwarebytes 2012-05-20 02:21 . 2012-05-20 02:21 -------- d-----w- c:\programdata\Malwarebytes 2012-05-20 02:21 . 2012-05-27 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-18 03:18 . 2012-05-18 03:18 -------- d-----w- c:\users\JWB\AppData\Local\adaware 2012-05-18 03:18 . 2012-05-27 17:20 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection 2012-05-18 03:17 . 2012-05-27 17:20 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus 2012-05-18 03:16 . 2012-05-18 03:21 -------- d-----w- c:\users\JWB\AppData\Roaming\Ad-Aware Antivirus 2012-05-11 02:45 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-11 02:45 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll 2012-05-11 02:45 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-11 02:45 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-11 02:45 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-11 02:45 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-11 02:45 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-05-11 02:45 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-11 02:45 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-11 02:45 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-11 02:45 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-11 02:44 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-11 02:44 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 02:44 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-11 02:44 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-11 02:44 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-11 02:44 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-11 02:44 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-08 04:43 . 2012-05-08 04:43 254 ----a-w- C:\user.js 2012-05-08 04:43 . 2012-05-27 17:20 -------- d-----w- c:\program files (x86)\BabylonToolbar 2012-05-08 04:42 . 2012-05-27 22:05 -------- d-----w- c:\program files (x86)\v-Grabber 2012-05-08 04:42 . 2012-05-08 04:42 -------- d-----w- c:\users\JWB\AppData\Local\Babylon 2012-05-08 04:42 . 2012-05-08 04:42 -------- d-----w- c:\users\JWB\AppData\Roaming\Babylon 2012-05-08 04:42 . 2012-05-08 04:42 -------- d-----w- c:\programdata\Babylon . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-01 06:54 . 2012-04-11 13:40 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:45 . 2012-04-11 13:40 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:40 . 2012-04-11 13:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:35 . 2012-04-11 13:40 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:49 . 2012-04-11 13:40 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:45 . 2012-04-11 13:40 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:40 . 2012-04-11 13:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}] 2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264] "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056] "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 116648] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-05-13 2152688] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 116648] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-11-06 17152] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 21:21] . 2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-13 21:21] . 2012-05-30 c:\windows\Tasks\HPCeeScheduleForJWB.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-08-17 21:38] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.theenglishcottage.com/webmail uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm TCP: Interfaces\{7B5D90F8-DB72-4ADD-AD43-C9F3D991AA80}: NameServer = 75.75.75.75 FF - ProfilePath - c:\users\JWB\AppData\Roaming\Mozilla\Firefox\Profiles\4p68j9eq.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxps://midge.lookhosting.com:2096/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109935&tt=290412_1_ctrl&babsrc=KW_ss&mntrId=3cd4f9010000000000000c607632b9d8&q= FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=290412_1_ctrl FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 3cd4f9010000000000000c607632b9d8 FF - user.js: extensions.BabylonToolbar_i.hardId - 3cd4f9010000000000000c607632b9d8 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15468 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:43 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe . ************************************************************************** . Completion time: 2012-05-29 22:37:30 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-30 03:37 . Pre-Run: 74,151,350,272 bytes free Post-Run: 74,428,735,488 bytes free . - - End Of File - - A247B0C688E561A32352E562254970E9

Hello, this is my first time posting in the MalwareBytes forums so I do hope I have followed instructions correctly. My mom's laptop has been infected by a toolbar that she agreed to use while quickly installing some program. She says she can't remember what the program was, but there was a Babylon Toolbar on all the browsers afterwards. At first I could get rid of the toolbar, but links began to reroute when searched through google to ad websites. I tried running Malware which detected 3 items. I removed them and gave the computer back to my mom. The toolbar didn't come back but the broswer kept rerouting. After another scan with MalwareBytes, 5 items were found. The probelm still persisted. And after a third run the same 5 infections were found. I left the computer alone for a few days and when I came back MalwareBytes had been deleted. I found this out today, and I know this has gotten much more harmful than it was. I was able to reinstall MalwareBytes, and I did run another scan which found 7 items. I did not delete the,. and I have all the logs if that will help. I understand this now more than a simple browser injector, and I hope you are able to help me. I will provide any information as needed. Attached is the DDS.txt, and I did not upload the Attach.txt because it said in the file not to unless requested. Best Regards, Pan DDS.txt