aqt395

Babylon - no repeat of symptoms so far. Pehaps it worked.

OTL results below: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-4222434223-3108062619-2612777320-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-4222434223-3108062619-2612777320-1000\Software\Microsoft\Internet Explorer\SearchScopes\{414CFD41-A668-49E1-805B-85429E3CB9E1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414CFD41-A668-49E1-805B-85429E3CB9E1}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully. C:\ProgramData\Babylon folder moved successfully. C:\Users\home\AppData\Roaming\mcs.rma moved successfully. C:\Users\home\AppData\Roaming\C02049 moved successfully. C:\Users\home\AppData\Roaming\Babylon folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: home ->Temp folder emptied: 16875489 bytes ->Temporary Internet Files folder emptied: 19048814 bytes ->Flash cache emptied: 291 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5073 bytes RecycleBin emptied: 7745304 bytes Total Files Cleaned = 42.00 mb OTL by OldTimer - Version 3.2.36.1 log created on 03102012_133144 Files\Folders moved on Reboot... C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJD7DZZ2\google_com[1].htm moved successfully. C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJD7DZZ2\malwarebytes_org[1].htm moved successfully. C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRM16CN4\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully. C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IRM16CN4\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Users\home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DWUJX0TU\fastbutton[1].htm moved successfully. Registry entries deleted on Reboot... I also installed MS Essentials, downloaded the updtates and run a Full Scan on default settings. Nothing was detected. So far so good.

Maniac, Glad to be here. Looking forward to taking care of this thing. Also, please note, this machine was recently reinstalled (I'm guessing), so if you see any Lenovo or other bloatware that does or seems to cause trouble, please feel free to disposition of it. OTL.Txt OTL logfile created on: 3/8/2012 7:31:35 PM - Run 1 OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\home\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.95 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.05% Memory free 3.89 Gb Paging File | 2.75 Gb Available in Paging File | 70.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137.62 Gb Total Space | 118.59 Gb Free Space | 86.17% Space Free | Partition Type: NTFS Drive Q: | 10.25 Gb Total Space | 5.80 Gb Free Space | 56.54% Space Free | Partition Type: NTFS Computer Name: HOME-THINK | User Name: home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/08 19:31:07 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/09/04 17:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe PRC - [2009/09/04 15:28:16 | 000,242,976 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe PRC - [2009/09/04 15:28:12 | 000,124,192 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2009/09/04 15:11:58 | 000,335,872 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2009/08/19 19:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009/08/19 02:54:48 | 000,132,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2009/08/06 15:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/08/03 22:00:14 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe PRC - [2009/08/03 22:00:00 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe PRC - [2009/07/14 20:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009/07/14 01:15:36 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/01 21:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2009/07/01 21:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe PRC - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe PRC - [2009/03/13 03:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009/02/02 04:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012/02/25 03:11:35 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll MOD - [2012/02/25 03:11:29 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll MOD - [2012/02/25 03:10:56 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MOD - [2012/02/25 03:10:52 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d71769228ebe7732ae31ac194fe00ff0\Accessibility.ni.dll MOD - [2012/02/25 03:10:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2011/12/09 00:58:34 | 000,133,616 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.shdocvw\1.1.0.0__aafc021ca424f5ad\Interop.shdocvw.dll MOD - [2011/12/09 00:58:34 | 000,054,768 | ---- | M] () -- C:\Windows\assembly\GAC_32\pcdtoolbar\1.0.0.160__aafc021ca424f5ad\pcdtoolbar.dll MOD - [2009/08/23 13:04:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL MOD - [2009/07/01 21:03:24 | 000,132,384 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll MOD - [2009/05/28 01:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ========== Win32 Services (SafeList) ========== SRV - [2012/02/20 03:01:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/09/04 17:58:06 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009/09/04 15:28:16 | 000,242,976 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2009/09/04 15:28:12 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2009/08/28 17:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2009/08/23 13:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2009/08/06 15:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2009/08/03 22:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel® SRV - [2009/08/03 22:00:00 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel® SRV - [2009/07/14 20:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/03 04:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2009/07/01 21:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/04/28 21:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2011/12/19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2011/12/09 00:58:45 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2009/08/23 13:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2009/08/18 01:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{C4B36920-79E24793-06000000}_0) DRV - [2009/08/18 01:08:14 | 000,020,848 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06000000}_0) DRV - [2009/07/22 00:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel® DRV - [2009/07/02 13:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2009/07/01 04:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel® DRV - [2009/06/29 16:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2009/06/29 16:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2009/06/22 22:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel® DRV - [2009/06/11 03:04:22 | 003,486,208 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2009/05/13 18:40:38 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel® DRV - [2009/04/28 21:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2008/05/12 04:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {EAB0824F-18DE-4E7D-A1BA-BCF8829C0015} IE - HKLM\..\SearchScopes\{EAB0824F-18DE-4E7D-A1BA-BCF8829C0015}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\..\SearchScopes,DefaultScope = {414CFD41-A668-49E1-805B-85429E3CB9E1} IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\..\SearchScopes\{414CFD41-A668-49E1-805B-85429E3CB9E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) [2012/01/21 19:55:01 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2012/03/06 19:42:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4222434223-3108062619-2612777320-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{966E00A3-7EA2-4113-9160-4A02874EE488}: DhcpNameServer = 167.206.245.130 167.206.245.129 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/08 19:30:59 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe [2012/03/06 21:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab [2012/03/06 21:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/03/06 20:19:36 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012/03/06 19:44:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/03/06 19:40:14 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/03/06 19:40:14 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\temp [2012/03/06 19:35:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/03/05 20:49:17 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Roaming\Malwarebytes [2012/03/05 20:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/05 20:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/03/05 20:49:09 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/03/05 20:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/03/05 19:58:32 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Conexant [2012/03/05 19:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/02/21 23:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012/02/21 23:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012/02/20 03:36:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2012/02/20 03:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012/02/12 13:31:23 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\odbcWebcdrom [2012/02/11 17:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012/02/11 17:53:42 | 000,000,000 | ---D | C] -- C:\Users\home\AppData\Local\Google [2012/02/11 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google ========== Files - Modified Within 30 Days ========== [2012/03/08 19:32:12 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/03/08 19:31:07 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\home\Desktop\OTL.exe [2012/03/08 19:27:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/03/08 19:26:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/03/07 19:20:57 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/03/07 19:20:57 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/03/07 19:20:48 | 000,021,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/07 19:20:48 | 000,021,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/07 19:13:50 | 000,001,422 | ---- | M] () -- C:\Users\home\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/03/07 19:13:19 | 1566,580,736 | -HS- | M] () -- C:\hiberfil.sys [2012/03/06 22:22:32 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012/03/06 19:42:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/03/05 20:49:10 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/26 19:50:14 | 000,002,693 | ---- | M] () -- C:\Users\home\Desktop\Word 2007.lnk [2012/02/26 17:26:29 | 000,870,128 | ---- | M] () -- C:\Users\home\AppData\Roaming\mcs.rma [2012/02/26 17:26:29 | 000,000,004 | ---- | M] () -- C:\Users\home\AppData\Roaming\C02049 [2012/02/22 02:23:38 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat [2012/02/20 03:39:02 | 000,412,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/02/15 20:03:50 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job ========== Files Created - No Company Name ========== [2012/03/07 19:13:50 | 000,001,428 | ---- | C] () -- C:\Users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/03/06 22:22:32 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012/03/05 20:49:10 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/02/26 19:50:14 | 000,002,693 | ---- | C] () -- C:\Users\home\Desktop\Word 2007.lnk [2012/02/22 02:23:38 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat [2012/02/11 17:53:44 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/11 17:53:43 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/05 11:58:50 | 000,870,128 | ---- | C] () -- C:\Users\home\AppData\Roaming\mcs.rma [2012/02/05 11:58:50 | 000,000,004 | ---- | C] () -- C:\Users\home\AppData\Roaming\C02049 [2011/12/09 01:40:20 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2011/12/09 01:40:20 | 000,232,448 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2011/12/09 01:40:20 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2011/12/09 01:40:20 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2011/12/09 01:40:20 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2011/12/09 00:51:56 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2011/12/09 00:51:56 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2011/12/09 00:51:56 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2011/12/09 00:51:56 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin ========== LOP Check ========== [2012/01/21 19:54:59 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\Babylon [2012/01/17 20:47:27 | 000,000,000 | ---D | M] -- C:\Users\home\AppData\Roaming\InterVideo [2012/02/15 20:03:50 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2009/07/13 23:53:46 | 000,010,374 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > and Extras.Txt. OTL Extras logfile created on: 3/8/2012 7:31:35 PM - Run 1 OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\home\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.95 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 54.05% Memory free 3.89 Gb Paging File | 2.75 Gb Available in Paging File | 70.64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137.62 Gb Total Space | 118.59 Gb Free Space | 86.17% Space Free | Partition Type: NTFS Drive Q: | 10.25 Gb Total Space | 5.80 Gb Free Space | 56.54% Space Free | Partition Type: NTFS Computer Name: HOME-THINK | User Name: home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility "{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16 "{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar "{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System "{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{5C111F14-D9BE-459D-B0B6-B4D082F03749}" = Mobile Broadband Connect "{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in "{7A408D56-A9CF-4219-9F78-23E6B48A1C0D}" = Verizon Wireless Mobile Broadband Self Activation "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager and Intel® Turbo Memory "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) "1D1219CED4DAD562C114C845725DCA2DCB312803" = Windows Driver Package - Sonix (SNP2UVC) Image (08/03/2009 5.8.53003.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter "E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 "ESET Online Scanner" = ESET Online Scanner v3 "HDMI" = Intel® Graphics Media Accelerator Driver "HECI" = Intel® Management Engine Interface "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "Lenovo Welcome_is1" = Lenovo Welcome "LENOVO.SMIIF" = Lenovo System Interface Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "MESOL" = Intel® Active Management Technology "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "OnScreenDisplay" = On Screen Display "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "Power Management Driver" = ThinkPad Power Management Driver "PROPLUS" = Microsoft Office Professional Plus 2007 "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7 "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2/19/2012 1:08:29 PM | Computer Name = home-THINK | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2/19/2012 1:09:24 PM | Computer Name = home-THINK | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax. Error - 2/19/2012 3:52:23 PM | Computer Name = home-THINK | Source = Application Hang | ID = 1002 Description = The program Skype.exe version 5.5.0.124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1630 Start Time: 01ccef2108d0a1d2 Termination Time: 18 Application Path: C:\Program Files\Skype\Phone\Skype.exe Report Id: Error - 2/20/2012 5:08:34 AM | Computer Name = home-THINK | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax. Error - 2/20/2012 5:08:49 AM | Computer Name = home-THINK | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\Kobo\drivers\dpinst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 2/20/2012 5:09:26 AM | Computer Name = home-THINK | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax. Error - 2/22/2012 12:44:28 AM | Computer Name = home-THINK | Source = System Restore | ID = 8193 Description = Error - 2/22/2012 12:52:24 AM | Computer Name = home-THINK | Source = PerfNet | ID = 2004 Description = Error - 2/22/2012 12:54:27 AM | Computer Name = home-THINK | Source = PerfNet | ID = 2004 Description = Error - 2/22/2012 1:00:26 AM | Computer Name = home-THINK | Source = PerfNet | ID = 2004 Description = [ System Events ] Error - 2/22/2012 1:18:49 AM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/22/2012 1:18:49 AM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 2/22/2012 1:21:11 AM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 Error - 2/22/2012 10:28:11 PM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 Error - 2/23/2012 10:17:02 PM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 Error - 2/25/2012 4:28:42 AM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 Error - 2/26/2012 6:23:42 PM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error - 2/26/2012 9:59:14 PM | Computer Name = home-THINK | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR3. Error - 2/26/2012 9:59:15 PM | Computer Name = home-THINK | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk2\DR3. Error - 2/26/2012 10:04:54 PM | Computer Name = home-THINK | Source = Service Control Manager | ID = 7000 Description = The MCSTRM service failed to start due to the following error: %%2 < End of report >

Babylon search causing problems. Every new Tab in IE8 defaults to Babylon search Team, After repeated MBAM runs and some poking around on the internets I found the following guidance on how to remedy Babylon Search: "I don´t know if it is possible to find it in any menu in IE (at least I didn´t), but you can change it in the windows registry. Open a dos shell, or execute "RegEdit" through the launch menu. Find the key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\About URLs\Tabs and change the entry that points to babylon search, to the one you desire (be it google, bing, or whatever)." The Registry change worked, the new Tab in IE8 no longer defaults to Babylon search. However I'm still concerned Babylon still resides somewhere or some other malware is not detected. Your assistance is greatly appreciated. Thanks in advance, Below is a recent MBAB Log. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.07.07 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 home :: HOME-THINK [limited] 3/7/2012 7:17:05 PM mbam-log-2012-03-07 (19-17-05).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 278762 Time elapsed: 20 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

In the process of implementing your recommendation. Ran into some problems: "To remove Combofix and it's quarantine folder: Click Start -> Run, and copy/paste the following bolded text in the Open: box and select OK: "%userprofile%\desktop\combofix.exe" /uninstall This will do the following: * Uninstall Combofix and all its associated files and folders. * Flush your system restore points and create a new restore point. * Rehide your system files and folders * Reset your system clock * Disable autorun to prevent USB flash drive infections (you can access any attached devices through through Windows Explorer (Windows key + E) or through Start -> Computer)" This part didn't really work. ComboFix said it did uninstall itself successfully, and the icon is gone from desktop, but the other bullet points were not completed. I tried to download fresh version of ComboFix - no change. Should I just do all these things manually?

Let's give it one more day and if all is OK - exactly. However, let me ask you question. In your recommendation can you also account for computer performance. For example.This laptop runs reasonably with Vista, but when I installed Online Armor as a firewall solution - it became painfully slow. Maybe ComboFix fixed that as well, I don't know.

Yes, it's winter wonderland here too. Not as much snow as they promised. More like rain / ice around here. But looks pretty anyway. very much on schedule. Just like Weather Channel promised. 2011-02-02 08:36:21 . 2011-02-02 08:36:21 722 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Octoshape add-in for Adobe Flash Player.reg.dat 2011-02-02 08:36:21 . 2011-02-02 08:36:21 2,410 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1.reg.dat 2011-02-02 08:34:34 . 2011-02-02 08:34:34 928 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg.dat 2011-02-02 08:34:32 . 2011-02-02 08:34:32 942 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-OrderReminder.reg.dat 2011-02-02 08:34:29 . 2011-02-02 08:34:29 976 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Corel Photo Downloader.reg.dat 2011-02-02 08:34:24 . 2011-02-02 08:34:24 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat 2011-02-02 08:34:24 . 2011-02-02 08:34:24 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat 2011-02-02 08:32:29 . 2011-02-02 08:32:29 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC}.reg.dat 2011-02-02 08:32:20 . 2011-02-02 08:32:20 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc}.reg.dat 2011-02-02 04:03:21 . 2011-02-02 09:13:57 14,932 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2011-02-02 03:51:28 . 2011-02-02 09:06:24 310 ----a-w- C:\Qoobox\Quarantine\catchme.log 2009-08-13 01:54:21 . 2009-08-13 01:55:43 18,015,723 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\vlc-1.0.1-win32.exe.vir 2009-03-28 00:39:05 . 2008-01-19 07:36:46 3,584 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\nt.dll.vir 2009-03-28 00:37:59 . 2008-01-19 07:33:37 96,768 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\wininit.exe.vir 2007-05-24 02:02:31 . 2007-05-24 02:04:22 1,132,112 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\pswi_preloaded.exe.vir 2006-12-21 20:12:19 . 2006-12-18 19:50:54 4,096 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\THUMBS.DB.vir http://www.virustotal.com/file-scan/report...2b10-1296699092 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: jNjLm04200 Submission date: 2011-02-03 02:11:32 (UTC) Current status: queued queued (#78) analysing finished Result: 0/ 43 (0.0%) Per your suggestion I did ran couple of searches in IE, Chrome and Firefox. All appeared OK. And the pages load faster, without hesitation like they did in the past when links were redirected. I'll keep trying out searches just to be sure.

Westchester Country NY - great place, I used to work there and live just across the river in Rockland. Great area! Well, the script ran and here is the result. Volume in drive C is VISTA Volume Serial Number is 6C57-AA0F Directory of c:\users\Serge\AppData\Roaming\spcgfmeua 01/15/2011 08:02 PM <DIR> . 01/15/2011 08:02 PM <DIR> .. 0 File(s) 0 bytes Total Files Listed: 0 File(s) 0 bytes 2 Dir(s) 35,977,887,744 bytes free Volume in drive C is VISTA Volume Serial Number is 6C57-AA0F Directory of c:\programdata\jNjLm04200 01/09/2011 07:16 PM <DIR> . 01/09/2011 07:16 PM <DIR> .. 01/09/2011 05:41 PM 94 jNjLm04200 1 File(s) 94 bytes Total Files Listed: 1 File(s) 94 bytes 2 Dir(s) 35,977,883,648 bytes free Also run ESET Online scan. C:\Qoobox\Quarantine\C\Windows\System32\nt.dll.vir Win32/Bamital.EZ trojan This is the result. The dir itself - it looks like it was established by ComboFix and has dome ComboFix entries in it. Hope it helps.

Well, ComboFix was fighting some good fights there. Couple (more like 7-8) tries later it completed the job. The files you noticed, they appear in log as well: ........ 2011-01-16 00:55 . 2011-01-16 01:02 -------- d-----w- c:\users\Serge\AppData\Roaming\spcgfmeua 2011-01-09 22:31 . 2011-01-10 00:16 -------- d-----w- c:\programdata\jNjLm04200 ........... I'm attaching 2 logs from ComboFix. the 1st one - ComboFix 1st.txt - sort of did the job, but there were some incomplete entries. The second: ComboFix.txt was the final and complete process. ComboFix_1st.txt ComboFix.txt

GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-02-01 18:59:25 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK8009GAH rev.BQ001A Running: e6gigjin.exe; Driver: C:\Users\Serge\AppData\Local\Temp\pgdiyuow.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x8D853328] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x8D851A8C] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x8D85155E] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x8D852824] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x8D85164C] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x8D8581F8] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x8D85146A] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x8D84F4F2] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThread [0x8D850634] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x8D850D22] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x8D85132C] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x8D85224C] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x8D858554] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x8D84F7B4] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenThread [0x8D8508B0] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x8D8525D6] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x8D852940] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestPort [0x8D851CB0] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x8D851F14] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRestoreKey [0x8D857FF0] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x8D8510CE] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x8D85186E] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetContextThread [0x8D850BCC] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x8D852FDC] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x8D852186] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x8D8511FE] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x8D850F7A] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x8D850E40] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateProcess [0x8D850472] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x8D850A66] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x8D852414] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x8D852700] SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x8D850768] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetTimerEx + 364 820BFA28 4 Bytes [28, 33, 85, 8D] .text ntkrnlpa.exe!KeSetTimerEx + 370 820BFA34 8 Bytes [8C, 1A, 85, 8D, 5E, 15, 85, ...] {MOV WORD [EDX], DS; TEST [EBP-0x727aeaa2], ECX} .text ntkrnlpa.exe!KeSetTimerEx + 3C4 820BFA88 4 Bytes [24, 28, 85, 8D] .text ntkrnlpa.exe!KeSetTimerEx + 3F4 820BFAB8 4 Bytes [4C, 16, 85, 8D] .text ntkrnlpa.exe!KeSetTimerEx + 40C 820BFAD0 4 Bytes [F8, 81, 85, 8D] .text ... ---- User code sections - GMER 1.0.15 ---- The rest is attached as Ark. txt - file too long to post ark.txt

Also, these two folders look suspicious due to random naming: 011-01-16 00:55:52 -------- d-----w- c:\users\serge\appdata\roaming\spcgfmeua - Folder exists, date of creation appears to be suspect. 2011-01-09 22:31:30 -------- d-----w- c:\progra~2\jNjLm04200 Can't seem to find it. agree, probably a suspect You can check out what's in there and report back. 2011/02/02 01:32:23.0074 5096 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03 2011/02/02 01:32:23.0510 5096 ================================================================================ 2011/02/02 01:32:23.0510 5096 SystemInfo: 2011/02/02 01:32:23.0510 5096 2011/02/02 01:32:23.0510 5096 OS Version: 6.0.6001 ServicePack: 1.0 2011/02/02 01:32:23.0510 5096 Product type: Workstation 2011/02/02 01:32:23.0510 5096 ComputerName: TIGERTIGER 2011/02/02 01:32:23.0510 5096 UserName: Serge 2011/02/02 01:32:23.0510 5096 Windows directory: C:\Windows 2011/02/02 01:32:23.0510 5096 System windows directory: C:\Windows 2011/02/02 01:32:23.0510 5096 Processor architecture: Intel x86 2011/02/02 01:32:23.0510 5096 Number of processors: 1 2011/02/02 01:32:23.0510 5096 Page size: 0x1000 2011/02/02 01:32:23.0510 5096 Boot type: Normal boot 2011/02/02 01:32:23.0510 5096 ================================================================================ 2011/02/02 01:32:25.0663 5096 Initialize success 2011/02/02 01:32:30.0109 5744 ================================================================================ 2011/02/02 01:32:30.0109 5744 Scan started 2011/02/02 01:32:30.0109 5744 Mode: Manual; 2011/02/02 01:32:30.0109 5744 ================================================================================ 2011/02/02 01:32:32.0012 5744 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 2011/02/02 01:32:32.0496 5744 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/02/02 01:32:32.0917 5744 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/02/02 01:32:33.0432 5744 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/02/02 01:32:33.0682 5744 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/02/02 01:32:34.0181 5744 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys 2011/02/02 01:32:34.0664 5744 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/02/02 01:32:34.0898 5744 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/02/02 01:32:35.0320 5744 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/02/02 01:32:35.0725 5744 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/02/02 01:32:36.0131 5744 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/02/02 01:32:36.0256 5744 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/02/02 01:32:36.0646 5744 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/02/02 01:32:37.0192 5744 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/02/02 01:32:37.0691 5744 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/02/02 01:32:38.0143 5744 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/02/02 01:32:38.0658 5744 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/02/02 01:32:39.0344 5744 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 2011/02/02 01:32:39.0922 5744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/02/02 01:32:41.0216 5744 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/02/02 01:32:41.0731 5744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/02/02 01:32:42.0371 5744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/02/02 01:32:42.0979 5744 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/02/02 01:32:43.0541 5744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/02/02 01:32:44.0056 5744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/02/02 01:32:44.0726 5744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/02/02 01:32:45.0382 5744 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/02/02 01:32:46.0084 5744 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/02/02 01:32:46.0598 5744 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/02/02 01:32:47.0098 5744 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys 2011/02/02 01:32:47.0737 5744 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys 2011/02/02 01:32:48.0455 5744 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys 2011/02/02 01:32:49.0001 5744 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys 2011/02/02 01:32:49.0500 5744 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/02/02 01:32:50.0857 5744 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/02/02 01:32:51.0434 5744 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys 2011/02/02 01:32:51.0980 5744 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys 2011/02/02 01:32:52.0511 5744 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 2011/02/02 01:32:53.0010 5744 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/02/02 01:32:53.0712 5744 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 2011/02/02 01:32:54.0242 5744 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/02/02 01:32:54.0757 5744 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/02/02 01:32:55.0397 5744 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/02/02 01:32:56.0052 5744 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/02/02 01:32:56.0598 5744 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/02/02 01:32:57.0253 5744 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys 2011/02/02 01:32:57.0924 5744 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys 2011/02/02 01:32:58.0579 5744 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 2011/02/02 01:32:59.0156 5744 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys 2011/02/02 01:32:59.0843 5744 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/02/02 01:33:00.0389 5744 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 2011/02/02 01:33:00.0888 5744 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\Windows\system32\DRIVERS\e100b325.sys 2011/02/02 01:33:01.0387 5744 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/02/02 01:33:01.0886 5744 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 2011/02/02 01:33:02.0386 5744 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/02/02 01:33:02.0963 5744 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/02/02 01:33:03.0852 5744 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 2011/02/02 01:33:04.0367 5744 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 2011/02/02 01:33:05.0006 5744 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/02/02 01:33:05.0568 5744 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/02/02 01:33:06.0223 5744 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/02/02 01:33:06.0956 5744 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/02/02 01:33:07.0565 5744 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 2011/02/02 01:33:08.0017 5744 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/02/02 01:33:08.0548 5744 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/02/02 01:33:09.0172 5744 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/02/02 01:33:09.0920 5744 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/02/02 01:33:10.0482 5744 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/02/02 01:33:11.0090 5744 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/02/02 01:33:11.0777 5744 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/02/02 01:33:12.0463 5744 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 2011/02/02 01:33:12.0978 5744 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/02/02 01:33:13.0602 5744 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/02/02 01:33:14.0554 5744 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/02/02 01:33:15.0256 5744 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/02/02 01:33:15.0942 5744 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys 2011/02/02 01:33:18.0610 5744 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/02/02 01:33:19.0140 5744 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/02/02 01:33:20.0794 5744 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/02/02 01:33:21.0652 5744 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/02/02 01:33:22.0307 5744 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/02/02 01:33:22.0681 5744 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/02/02 01:33:23.0243 5744 IntcAzAudAddService (0789485ffae865458e0f079dcbf4fcd2) C:\Windows\system32\drivers\RTKVHDA.sys 2011/02/02 01:33:23.0789 5744 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/02/02 01:33:24.0272 5744 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/02/02 01:33:24.0756 5744 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/02/02 01:33:25.0458 5744 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/02/02 01:33:25.0895 5744 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/02/02 01:33:26.0347 5744 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/02/02 01:33:26.0722 5744 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/02/02 01:33:27.0361 5744 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/02/02 01:33:27.0876 5744 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/02/02 01:33:28.0562 5744 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/02/02 01:33:29.0249 5744 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/02/02 01:33:29.0608 5744 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/02/02 01:33:30.0372 5744 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 2011/02/02 01:33:30.0934 5744 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/02/02 01:33:31.0183 5744 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/02/02 01:33:31.0636 5744 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/02/02 01:33:31.0979 5744 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/02/02 01:33:32.0291 5744 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/02/02 01:33:32.0650 5744 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/02/02 01:33:33.0211 5744 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/02/02 01:33:33.0913 5744 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/02/02 01:33:34.0475 5744 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/02/02 01:33:35.0021 5744 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/02/02 01:33:35.0660 5744 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/02/02 01:33:36.0347 5744 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/02/02 01:33:36.0768 5744 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/02/02 01:33:37.0220 5744 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/02/02 01:33:37.0766 5744 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/02/02 01:33:38.0266 5744 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 2011/02/02 01:33:38.0765 5744 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/02/02 01:33:39.0264 5744 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/02/02 01:33:39.0810 5744 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/02/02 01:33:40.0231 5744 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2011/02/02 01:33:40.0840 5744 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/02/02 01:33:41.0479 5744 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/02/02 01:33:42.0134 5744 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/02/02 01:33:42.0743 5744 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/02/02 01:33:43.0367 5744 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/02/02 01:33:44.0038 5744 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/02/02 01:33:44.0786 5744 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 2011/02/02 01:33:45.0348 5744 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/02/02 01:33:45.0894 5744 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/02/02 01:33:46.0487 5744 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 2011/02/02 01:33:47.0064 5744 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 2011/02/02 01:33:47.0735 5744 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 2011/02/02 01:33:48.0250 5744 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/02/02 01:33:48.0952 5744 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/02/02 01:33:49.0451 5744 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/02/02 01:33:49.0872 5744 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/02/02 01:33:50.0387 5744 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/02/02 01:33:50.0855 5744 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 2011/02/02 01:33:51.0838 5744 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys 2011/02/02 01:33:53.0678 5744 NETw5v32 (054ba4a208c7aaf4f787e4f5466755e6) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/02/02 01:33:54.0630 5744 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/02/02 01:33:55.0270 5744 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 2011/02/02 01:33:56.0003 5744 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/02/02 01:33:57.0032 5744 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 2011/02/02 01:33:57.0719 5744 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/02/02 01:33:58.0561 5744 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/02/02 01:33:59.0170 5744 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/02/02 01:33:59.0684 5744 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/02/02 01:34:00.0293 5744 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/02/02 01:34:00.0932 5744 NWADI (aa62ba29ef342d805555196f46fcaa4e) C:\Windows\system32\DRIVERS\NWADIenum.sys 2011/02/02 01:34:02.0196 5744 NWUSBModem (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbmdm.sys 2011/02/02 01:34:02.0758 5744 NWUSBPort (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbser.sys 2011/02/02 01:34:03.0257 5744 NWUSBPort2 (d03072d7a3e4bf86e530f7abe18309fc) C:\Windows\system32\DRIVERS\nwusbser2.sys 2011/02/02 01:34:04.0084 5744 OADevice (422cf292a3fd758418c5b79405c93331) C:\Windows\system32\drivers\OADriver.sys 2011/02/02 01:34:04.0614 5744 oahlpXX (7c6d7532a8fcbcbda241215e808354c2) C:\Windows\system32\drivers\oahlp32.sys 2011/02/02 01:34:05.0129 5744 OAmon (6243e6db6399a95fd401090fc0d0c3ab) C:\Windows\system32\drivers\OAmon.sys 2011/02/02 01:34:05.0534 5744 OAnet (2e3c6c23b2c618517685a5137c0611cb) C:\Windows\system32\DRIVERS\oanet.sys 2011/02/02 01:34:06.0034 5744 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/02/02 01:34:06.0548 5744 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/02/02 01:34:07.0126 5744 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 2011/02/02 01:34:07.0703 5744 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/02/02 01:34:08.0358 5744 PCASp50 (803c8e7f4d00fe832c1f3871514fec85) C:\Windows\system32\Drivers\PCASp50.sys 2011/02/02 01:34:08.0998 5744 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 2011/02/02 01:34:09.0559 5744 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys 2011/02/02 01:34:10.0152 5744 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/02/02 01:34:10.0994 5744 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/02/02 01:34:11.0806 5744 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/02/02 01:34:12.0367 5744 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/02/02 01:34:12.0960 5744 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 2011/02/02 01:34:13.0506 5744 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys 2011/02/02 01:34:14.0192 5744 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/02/02 01:34:14.0848 5744 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/02/02 01:34:15.0425 5744 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/02/02 01:34:16.0064 5744 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/02/02 01:34:16.0704 5744 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/02/02 01:34:17.0390 5744 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/02/02 01:34:17.0999 5744 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 2011/02/02 01:34:18.0623 5744 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 2011/02/02 01:34:19.0153 5744 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/02/02 01:34:19.0637 5744 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys 2011/02/02 01:34:20.0214 5744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/02/02 01:34:20.0822 5744 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 2011/02/02 01:34:21.0462 5744 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/02/02 01:34:22.0273 5744 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys 2011/02/02 01:34:22.0804 5744 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 2011/02/02 01:34:23.0334 5744 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/02/02 01:34:24.0114 5744 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/02/02 01:34:24.0785 5744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/02/02 01:34:25.0643 5744 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/02/02 01:34:26.0126 5744 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/02/02 01:34:26.0563 5744 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/02/02 01:34:27.0156 5744 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/02/02 01:34:27.0640 5744 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/02/02 01:34:28.0154 5744 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/02/02 01:34:28.0903 5744 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/02/02 01:34:29.0714 5744 shpf (571aed0899d559671672ea9da3fdf4cf) C:\Windows\system32\DRIVERS\shpf.sys 2011/02/02 01:34:30.0401 5744 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/02/02 01:34:31.0087 5744 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/02/02 01:34:31.0992 5744 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/02/02 01:34:32.0772 5744 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 2011/02/02 01:34:33.0505 5744 SNC (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys 2011/02/02 01:34:34.0254 5744 SPI (6832cda4c9336294df1df124f6627b6c) C:\Windows\system32\DRIVERS\SonyPI.sys 2011/02/02 01:34:35.0096 5744 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/02/02 01:34:35.0736 5744 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys 2011/02/02 01:34:36.0563 5744 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys 2011/02/02 01:34:37.0109 5744 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys 2011/02/02 01:34:38.0076 5744 StkAMini (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys 2011/02/02 01:34:38.0575 5744 StkScan (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys 2011/02/02 01:34:39.0137 5744 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/02/02 01:34:39.0776 5744 swmsflt (851681f7d3200e2a646c5ee4d4e9883d) C:\Windows\System32\drivers\swmsflt.sys 2011/02/02 01:34:40.0369 5744 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/02/02 01:34:41.0040 5744 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/02/02 01:34:41.0492 5744 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/02/02 01:34:42.0226 5744 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys 2011/02/02 01:34:43.0052 5744 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys 2011/02/02 01:34:43.0567 5744 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 2011/02/02 01:34:44.0051 5744 TcUsb (009aede9fe870c247014450dc1e01d5d) C:\Windows\system32\Drivers\tcusb.sys 2011/02/02 01:34:44.0612 5744 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/02/02 01:34:45.0221 5744 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/02/02 01:34:45.0736 5744 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 2011/02/02 01:34:46.0250 5744 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 2011/02/02 01:34:46.0921 5744 ti21sony (7c7445b4c2bd46c56abb3499da52b75c) C:\Windows\system32\drivers\ti21sony.sys 2011/02/02 01:34:47.0842 5744 toshidpt (e362d54fd394999c4178936396664e57) C:\Windows\system32\drivers\Toshidpt.sys 2011/02/02 01:34:48.0434 5744 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys 2011/02/02 01:34:48.0980 5744 tosrfbd (42a23ff09bd172fa3f6a3a0a589ef1b0) C:\Windows\system32\DRIVERS\tosrfbd.sys 2011/02/02 01:34:49.0558 5744 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys 2011/02/02 01:34:50.0072 5744 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys 2011/02/02 01:34:50.0634 5744 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\Windows\system32\DRIVERS\Tosrfhid.sys 2011/02/02 01:34:51.0258 5744 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys 2011/02/02 01:34:51.0773 5744 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\Windows\system32\drivers\tosrfsnd.sys 2011/02/02 01:34:52.0381 5744 tosrfusb (18dfe8b766af237119537a12e8401ebf) C:\Windows\system32\DRIVERS\tosrfusb.sys 2011/02/02 01:34:53.0036 5744 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys 2011/02/02 01:34:53.0770 5744 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/02/02 01:34:54.0331 5744 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/02/02 01:34:54.0877 5744 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys 2011/02/02 01:34:55.0517 5744 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/02/02 01:34:56.0188 5744 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 2011/02/02 01:34:57.0046 5744 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/02/02 01:34:57.0498 5744 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/02/02 01:34:57.0966 5744 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/02/02 01:34:58.0496 5744 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/02/02 01:34:59.0167 5744 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/02/02 01:34:59.0932 5744 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys 2011/02/02 01:35:00.0634 5744 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/02/02 01:35:01.0336 5744 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/02/02 01:35:01.0850 5744 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 2011/02/02 01:35:02.0506 5744 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 2011/02/02 01:35:03.0161 5744 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/02/02 01:35:03.0691 5744 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/02/02 01:35:04.0175 5744 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/02/02 01:35:04.0752 5744 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/02/02 01:35:05.0485 5744 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/02/02 01:35:06.0094 5744 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/02/02 01:35:06.0967 5744 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/02/02 01:35:07.0513 5744 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/02/02 01:35:08.0028 5744 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/02/02 01:35:08.0527 5744 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/02/02 01:35:09.0198 5744 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/02/02 01:35:09.0697 5744 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/02/02 01:35:10.0368 5744 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 2011/02/02 01:35:10.0914 5744 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 2011/02/02 01:35:11.0413 5744 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/02/02 01:35:12.0006 5744 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/02/02 01:35:12.0630 5744 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/02 01:35:12.0677 5744 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/02/02 01:35:13.0254 5744 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/02/02 01:35:13.0831 5744 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/02/02 01:35:14.0393 5744 WimFltr (c8d53a13e867d5a7eafb19400016560f) C:\Windows\system32\DRIVERS\wimfltr.sys 2011/02/02 01:35:14.0986 5744 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/02/02 01:35:15.0953 5744 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys 2011/02/02 01:35:16.0780 5744 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/02/02 01:35:17.0544 5744 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/02/02 01:35:18.0090 5744 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys 2011/02/02 01:35:18.0683 5744 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2011/02/02 01:35:19.0135 5744 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/02/02 01:35:19.0744 5744 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 2011/02/02 01:35:20.0336 5744 ================================================================================ 2011/02/02 01:35:20.0336 5744 Scan finished 2011/02/02 01:35:20.0336 5744 ================================================================================ 2011/02/02 01:35:42.0348 4860 Deinitialize success

1. To Launch Combofix Click Start --> Run, and enter (copy/paste)this command exactly as shown: "%userprofile%\desktop\iexplore.exe" /killall 2. When finished, it will produce a logfile located at C:\ComboFix.txt 3. Post the contents of that log in your next reply. Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Please post C:\ComboFix.txt in your next reply. If You have problems running Combofix then try running it in "Safe Mode with Networking" as follows: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading normally, the Advanced Options Menu should appear; Select the option, to run Windows in "Safe Mode with Networking", then press Enter. Choose your usual account, and launch Combofix as directed above. Please Copy/Paste the following logs into your next reply: 1. ARK.txt 2. TDSSKiller 3. Combofix.txt Thank you for looking into this. I got thru most of this stuff OK. However, when doing the last part - combofix - ran into a problem. It started doing its thing, the screen was updating with progress steps all the way to 30-40+. Eventually it said it will restart comouter. It went to shut down and nothing happened for a while.... Well, after finally restarting. The computer starts w/o Windows Explorer both in regular and safe mode. So I can't see the desktop, even though it appears to be running somewhere. CTRL ALT DEL works and brings up Task Manager. It has an option for "Create New Task", so I'm trying to restart Combofix.

Good day! Google redirects are taking over. It started with Google Chrome, then in IE 7. I tried various things tips n this forum and others at random. Some appeared to produce some results, but the redirect persisted. About 2-3 days ago Firefox started redirects too. Need help with the trouble. I'm attaching some of the logs from the programs I ran lately, including * attach.txt and * ark.txt Also, - I uninstalled and installed new Java, - updated Windows Update (except to IE 8), - updated Firefox - Disabled System Restore. I'm outmatched by this problem. Need expert help. Thank you in advance. ================================== ++++++++++++++++++++++++++++++++++ Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5654 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 2/1/2011 6:40:14 PM mbam-log-2011-02-01 (18-40-14).txt Scan type: Quick scan Objects scanned: 148883 Time elapsed: 6 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ++++++++++++++++++++++++++++ ============================ DDS (Ver_10-12-12.02) - NTFSx86 Run by Serge at 17:58:56.72 on Tue 02/01/2011 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23 Microsoft