Jump to content

redirect on Google Chrome


Recommended Posts

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

CCleaner

Java 6 Update 22

Java 6 Update 33

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 11.1.102.62

Adobe Reader X 10.0.1 Adobe Reader out of Date!

Mozilla Firefox 12.0 Firefox out of Date!

Google Chrome 19.0.1084.56

Google Chrome 20.0.1132.47

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Here it is, and Thanks!

ComboFix 12-07-07.04 - Bill 07/08/2012 0:33.1.1 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1014.394 [GMT -4:00]

Running from: c:\users\Bill\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\CouponAlert_2pEI

c:\users\Bill\AppData\Roaming\AdVantage

c:\users\Bill\AppData\Roaming\Google Talk

c:\users\Bill\AppData\Roaming\system32

.

.

((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))

.

.

2012-07-08 04:50 . 2012-07-08 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-06 20:13 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BF922BB-6D55-4A2F-A19D-25CE9AD9C141}\mpengine.dll

2012-06-29 02:10 . 2012-06-29 02:10 -------- d-----w- c:\program files\iPod

2012-06-25 21:56 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-25 21:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-06-25 21:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-06-25 21:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-06-25 21:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-06-24 18:07 . 2012-06-24 18:07 -------- d-----w- c:\program files\Common Files\Java

2012-06-24 18:06 . 2012-06-24 18:06 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-24 18:02 . 2012-06-24 18:02 -------- d-----w- c:\programdata\McAfee

2012-06-24 15:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-06-24 15:56 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-06-24 15:56 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-06-24 15:56 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-06-24 15:56 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-24 15:55 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-24 15:55 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-24 15:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-24 15:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-06-24 15:55 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-24 15:54 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-24 15:54 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-24 15:54 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-24 15:54 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-24 15:54 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-24 15:54 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-06-24 15:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-06-24 15:54 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-24 15:54 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-24 15:54 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-24 15:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-06-24 15:48 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-06-24 15:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 15:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 15:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 15:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 15:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-24 15:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 15:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 15:44 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 15:44 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-24 15:25 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-06-24 15:25 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-06-24 15:24 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-06-24 15:24 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-06-24 15:24 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-06-24 15:24 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-06-24 15:23 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-06-24 15:23 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-24 15:23 . 2012-06-24 15:23 -------- d-----w- c:\programdata\AVAST Software

2012-06-24 15:23 . 2012-06-24 15:23 -------- d-----w- c:\program files\AVAST Software

2012-06-22 00:45 . 2012-06-22 00:45 388096 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-22 00:45 . 2012-06-22 00:45 -------- d-----w- c:\program files\Trend Micro

2012-06-18 22:50 . 2012-06-18 22:50 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-18 22:50 . 2012-06-18 22:50 -------- d-----w- c:\program files\7-Zip

2012-06-18 22:50 . 2012-06-18 22:50 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-18 22:50 . 2012-06-18 22:50 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-24 18:06 . 2011-05-19 20:43 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-06-18 22:50 . 2011-05-19 22:12 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-02-01 23:17 1487240 ------w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

.

c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 15:25]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 15:25]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002Core.job

- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 00:55]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002UA.job

- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 00:55]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113959&tt=060612_7_&babsrc=KW_ss&mntrId=78db3950000000000000061f3a75ca90&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=060612_7_

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 78db3950000000000000061f3a75ca90

FF - user.js: extensions.BabylonToolbar_i.hardId - 78db3950000000000000061f3a75ca90

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15509

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:50

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-08 01:03:06

ComboFix-quarantined-files.txt 2012-07-08 05:03

ComboFix2.txt 2011-04-29 00:59

.

Pre-Run: 19,422,400,512 bytes free

Post-Run: 19,762,978,816 bytes free

.

- - End Of File - - 6C257FE69B04108EC8B1EFCD3ED79407

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

01:50:21.0792 4728 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

01:50:22.0136 4728 ============================================================

01:50:22.0136 4728 Current date / time: 2012/07/08 01:50:22.0136

01:50:22.0136 4728 SystemInfo:

01:50:22.0136 4728

01:50:22.0136 4728 OS Version: 6.1.7601 ServicePack: 1.0

01:50:22.0136 4728 Product type: Workstation

01:50:22.0136 4728 ComputerName: BILL-PC

01:50:22.0136 4728 UserName: Bill

01:50:22.0136 4728 Windows directory: C:\Windows

01:50:22.0136 4728 System windows directory: C:\Windows

01:50:22.0136 4728 Processor architecture: Intel x86

01:50:22.0136 4728 Number of processors: 1

01:50:22.0136 4728 Page size: 0x1000

01:50:22.0136 4728 Boot type: Normal boot

01:50:22.0136 4728 ============================================================

01:50:23.0867 4728 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

01:50:23.0930 4728 ============================================================

01:50:23.0930 4728 \Device\Harddisk0\DR0:

01:50:23.0961 4728 MBR partitions:

01:50:23.0961 4728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1

01:50:23.0961 4728 ============================================================

01:50:24.0054 4728 C: <-> \Device\Harddisk0\DR0\Partition0

01:50:24.0054 4728 ============================================================

01:50:24.0054 4728 Initialize success

01:50:24.0054 4728 ============================================================

01:50:27.0564 4532 ============================================================

01:50:27.0564 4532 Scan started

01:50:27.0564 4532 Mode: Manual;

01:50:27.0564 4532 ============================================================

01:50:28.0859 4532 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

01:50:28.0859 4532 1394ohci - ok

01:50:28.0922 4532 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

01:50:28.0922 4532 ACPI - ok

01:50:28.0953 4532 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

01:50:28.0953 4532 AcpiPmi - ok

01:50:29.0015 4532 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys

01:50:29.0031 4532 adp94xx - ok

01:50:29.0078 4532 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys

01:50:29.0078 4532 adpahci - ok

01:50:29.0156 4532 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys

01:50:29.0171 4532 adpu320 - ok

01:50:29.0234 4532 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

01:50:29.0234 4532 AeLookupSvc - ok

01:50:29.0327 4532 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

01:50:29.0327 4532 AFD - ok

01:50:29.0452 4532 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys

01:50:29.0468 4532 AgereSoftModem - ok

01:50:29.0530 4532 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

01:50:29.0530 4532 agp440 - ok

01:50:29.0577 4532 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys

01:50:29.0577 4532 aic78xx - ok

01:50:29.0655 4532 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

01:50:29.0655 4532 ALG - ok

01:50:29.0686 4532 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

01:50:29.0686 4532 aliide - ok

01:50:29.0733 4532 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

01:50:29.0733 4532 amdagp - ok

01:50:29.0795 4532 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

01:50:29.0811 4532 amdide - ok

01:50:29.0827 4532 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys

01:50:29.0842 4532 AmdK8 - ok

01:50:29.0858 4532 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys

01:50:29.0858 4532 AmdPPM - ok

01:50:29.0920 4532 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

01:50:29.0920 4532 amdsata - ok

01:50:29.0967 4532 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys

01:50:29.0967 4532 amdsbs - ok

01:50:29.0983 4532 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

01:50:29.0998 4532 amdxata - ok

01:50:30.0029 4532 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

01:50:30.0045 4532 AppID - ok

01:50:30.0092 4532 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

01:50:30.0092 4532 AppIDSvc - ok

01:50:30.0139 4532 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

01:50:30.0139 4532 Appinfo - ok

01:50:30.0310 4532 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

01:50:30.0326 4532 Apple Mobile Device - ok

01:50:30.0404 4532 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

01:50:30.0404 4532 AppMgmt - ok

01:50:30.0466 4532 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys

01:50:30.0466 4532 arc - ok

01:50:30.0497 4532 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys

01:50:30.0497 4532 arcsas - ok

01:50:30.0560 4532 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys

01:50:30.0560 4532 aswFsBlk - ok

01:50:30.0622 4532 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys

01:50:30.0622 4532 aswMonFlt - ok

01:50:30.0638 4532 aswRdr (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys

01:50:30.0653 4532 aswRdr - ok

01:50:30.0716 4532 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys

01:50:30.0731 4532 aswSnx - ok

01:50:30.0778 4532 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys

01:50:30.0794 4532 aswSP - ok

01:50:30.0825 4532 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys

01:50:30.0825 4532 aswTdi - ok

01:50:30.0887 4532 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

01:50:30.0903 4532 AsyncMac - ok

01:50:30.0919 4532 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

01:50:30.0919 4532 atapi - ok

01:50:31.0059 4532 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys

01:50:31.0090 4532 athr - ok

01:50:31.0184 4532 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

01:50:31.0184 4532 AudioEndpointBuilder - ok

01:50:31.0199 4532 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

01:50:31.0215 4532 Audiosrv - ok

01:50:31.0309 4532 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

01:50:31.0309 4532 avast! Antivirus - ok

01:50:31.0387 4532 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

01:50:31.0387 4532 AxInstSV - ok

01:50:31.0480 4532 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys

01:50:31.0496 4532 b06bdrv - ok

01:50:31.0558 4532 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

01:50:31.0558 4532 b57nd60x - ok

01:50:31.0605 4532 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

01:50:31.0605 4532 BDESVC - ok

01:50:31.0621 4532 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

01:50:31.0621 4532 Beep - ok

01:50:31.0839 4532 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

01:50:31.0839 4532 BFE - ok

01:50:31.0933 4532 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll

01:50:31.0948 4532 BITS - ok

01:50:31.0995 4532 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

01:50:32.0011 4532 blbdrive - ok

01:50:32.0151 4532 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

01:50:32.0151 4532 Bonjour Service - ok

01:50:32.0213 4532 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

01:50:32.0229 4532 bowser - ok

01:50:32.0245 4532 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys

01:50:32.0245 4532 BrFiltLo - ok

01:50:32.0276 4532 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys

01:50:32.0276 4532 BrFiltUp - ok

01:50:32.0307 4532 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

01:50:32.0307 4532 Bridge - ok

01:50:32.0338 4532 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

01:50:32.0338 4532 BridgeMP - ok

01:50:32.0401 4532 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

01:50:32.0416 4532 Browser - ok

01:50:32.0479 4532 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

01:50:32.0494 4532 Brserid - ok

01:50:32.0525 4532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

01:50:32.0525 4532 BrSerWdm - ok

01:50:32.0557 4532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

01:50:32.0557 4532 BrUsbMdm - ok

01:50:32.0572 4532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

01:50:32.0572 4532 BrUsbSer - ok

01:50:32.0603 4532 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys

01:50:32.0603 4532 BTHMODEM - ok

01:50:32.0681 4532 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

01:50:32.0681 4532 bthserv - ok

01:50:32.0791 4532 catchme - ok

01:50:32.0853 4532 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

01:50:32.0853 4532 cdfs - ok

01:50:32.0915 4532 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

01:50:32.0915 4532 cdrom - ok

01:50:32.0993 4532 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

01:50:32.0993 4532 CertPropSvc - ok

01:50:33.0009 4532 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys

01:50:33.0009 4532 circlass - ok

01:50:33.0056 4532 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

01:50:33.0056 4532 CLFS - ok

01:50:33.0181 4532 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

01:50:33.0196 4532 clr_optimization_v2.0.50727_32 - ok

01:50:33.0321 4532 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

01:50:33.0321 4532 clr_optimization_v4.0.30319_32 - ok

01:50:33.0368 4532 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

01:50:33.0368 4532 CmBatt - ok

01:50:33.0399 4532 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

01:50:33.0399 4532 cmdide - ok

01:50:33.0461 4532 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

01:50:33.0477 4532 CNG - ok

01:50:33.0508 4532 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

01:50:33.0508 4532 Compbatt - ok

01:50:33.0571 4532 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys

01:50:33.0571 4532 CompositeBus - ok

01:50:33.0586 4532 COMSysApp - ok

01:50:33.0649 4532 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys

01:50:33.0649 4532 crcdisk - ok

01:50:33.0711 4532 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll

01:50:33.0711 4532 CryptSvc - ok

01:50:33.0789 4532 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

01:50:33.0805 4532 CSC - ok

01:50:33.0883 4532 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

01:50:33.0883 4532 CscService - ok

01:50:33.0976 4532 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

01:50:33.0976 4532 DcomLaunch - ok

01:50:34.0054 4532 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

01:50:34.0054 4532 defragsvc - ok

01:50:34.0132 4532 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

01:50:34.0148 4532 DfsC - ok

01:50:34.0210 4532 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

01:50:34.0226 4532 Dhcp - ok

01:50:34.0241 4532 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

01:50:34.0241 4532 discache - ok

01:50:34.0304 4532 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys

01:50:34.0304 4532 Disk - ok

01:50:34.0366 4532 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys

01:50:34.0366 4532 dmvsc - ok

01:50:34.0429 4532 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

01:50:34.0429 4532 Dnscache - ok

01:50:34.0507 4532 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

01:50:34.0507 4532 dot3svc - ok

01:50:34.0538 4532 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

01:50:34.0538 4532 DPS - ok

01:50:34.0600 4532 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

01:50:34.0600 4532 drmkaud - ok

01:50:34.0694 4532 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

01:50:34.0709 4532 DXGKrnl - ok

01:50:34.0772 4532 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

01:50:34.0787 4532 EapHost - ok

01:50:35.0021 4532 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys

01:50:35.0084 4532 ebdrv - ok

01:50:35.0224 4532 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

01:50:35.0224 4532 EFS - ok

01:50:35.0318 4532 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

01:50:35.0333 4532 ehRecvr - ok

01:50:35.0365 4532 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

01:50:35.0365 4532 ehSched - ok

01:50:35.0567 4532 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys

01:50:35.0567 4532 elxstor - ok

01:50:35.0614 4532 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

01:50:35.0614 4532 ErrDev - ok

01:50:35.0723 4532 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

01:50:35.0739 4532 EventSystem - ok

01:50:36.0020 4532 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

01:50:36.0020 4532 exfat - ok

01:50:36.0051 4532 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

01:50:36.0051 4532 fastfat - ok

01:50:36.0160 4532 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

01:50:36.0160 4532 Fax - ok

01:50:36.0223 4532 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys

01:50:36.0223 4532 fdc - ok

01:50:36.0269 4532 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

01:50:36.0269 4532 fdPHost - ok

01:50:36.0301 4532 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

01:50:36.0301 4532 FDResPub - ok

01:50:36.0332 4532 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

01:50:36.0332 4532 FileInfo - ok

01:50:36.0347 4532 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

01:50:36.0347 4532 Filetrace - ok

01:50:36.0379 4532 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys

01:50:36.0379 4532 flpydisk - ok

01:50:36.0425 4532 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

01:50:36.0425 4532 FltMgr - ok

01:50:36.0519 4532 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

01:50:36.0535 4532 FontCache - ok

01:50:36.0675 4532 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

01:50:36.0675 4532 FontCache3.0.0.0 - ok

01:50:36.0737 4532 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

01:50:36.0737 4532 FsDepends - ok

01:50:36.0784 4532 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

01:50:36.0784 4532 Fs_Rec - ok

01:50:36.0815 4532 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

01:50:36.0815 4532 fvevol - ok

01:50:36.0878 4532 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys

01:50:36.0878 4532 gagp30kx - ok

01:50:36.0956 4532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

01:50:36.0956 4532 GEARAspiWDM - ok

01:50:37.0049 4532 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

01:50:37.0049 4532 gpsvc - ok

01:50:37.0143 4532 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

01:50:37.0159 4532 gupdate - ok

01:50:37.0159 4532 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe

01:50:37.0174 4532 gupdatem - ok

01:50:37.0221 4532 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

01:50:37.0221 4532 hcw85cir - ok

01:50:37.0315 4532 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

01:50:37.0315 4532 HdAudAddService - ok

01:50:37.0361 4532 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys

01:50:37.0361 4532 HDAudBus - ok

01:50:37.0393 4532 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys

01:50:37.0393 4532 HidBatt - ok

01:50:37.0424 4532 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys

01:50:37.0424 4532 HidBth - ok

01:50:37.0486 4532 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys

01:50:37.0486 4532 HidIr - ok

01:50:37.0549 4532 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

01:50:37.0549 4532 hidserv - ok

01:50:37.0611 4532 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

01:50:37.0611 4532 HidUsb - ok

01:50:37.0673 4532 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

01:50:37.0689 4532 hkmsvc - ok

01:50:37.0720 4532 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

01:50:37.0736 4532 HomeGroupListener - ok

01:50:37.0798 4532 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

01:50:37.0814 4532 HomeGroupProvider - ok

01:50:37.0861 4532 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

01:50:37.0876 4532 HpSAMD - ok

01:50:37.0939 4532 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

01:50:37.0939 4532 HTTP - ok

01:50:37.0970 4532 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

01:50:37.0970 4532 hwpolicy - ok

01:50:38.0048 4532 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

01:50:38.0048 4532 i8042prt - ok

01:50:38.0126 4532 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

01:50:38.0141 4532 iaStorV - ok

01:50:38.0297 4532 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

01:50:38.0313 4532 idsvc - ok

01:50:38.0875 4532 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys

01:50:39.0031 4532 igfx - ok

01:50:39.0374 4532 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys

01:50:39.0374 4532 iirsp - ok

01:50:39.0467 4532 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

01:50:39.0483 4532 IKEEXT - ok

01:50:39.0530 4532 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

01:50:39.0530 4532 intelide - ok

01:50:39.0592 4532 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

01:50:39.0592 4532 intelppm - ok

01:50:39.0623 4532 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

01:50:39.0655 4532 IPBusEnum - ok

01:50:39.0686 4532 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

01:50:39.0701 4532 IpFilterDriver - ok

01:50:39.0967 4532 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

01:50:39.0967 4532 iphlpsvc - ok

01:50:40.0029 4532 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

01:50:40.0029 4532 IPMIDRV - ok

01:50:40.0076 4532 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

01:50:40.0076 4532 IPNAT - ok

01:50:40.0216 4532 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe

01:50:40.0232 4532 iPod Service - ok

01:50:40.0310 4532 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

01:50:40.0310 4532 IRENUM - ok

01:50:40.0341 4532 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

01:50:40.0341 4532 isapnp - ok

01:50:40.0388 4532 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

01:50:40.0388 4532 iScsiPrt - ok

01:50:40.0450 4532 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

01:50:40.0450 4532 kbdclass - ok

01:50:40.0481 4532 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

01:50:40.0481 4532 kbdhid - ok

01:50:40.0528 4532 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

01:50:40.0528 4532 KeyIso - ok

01:50:40.0559 4532 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

01:50:40.0559 4532 KSecDD - ok

01:50:40.0591 4532 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

01:50:40.0606 4532 KSecPkg - ok

01:50:40.0669 4532 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

01:50:40.0684 4532 KtmRm - ok

01:50:40.0747 4532 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll

01:50:40.0762 4532 LanmanServer - ok

01:50:40.0825 4532 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

01:50:40.0840 4532 LanmanWorkstation - ok

01:50:40.0934 4532 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

01:50:40.0934 4532 lltdio - ok

01:50:40.0996 4532 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

01:50:41.0012 4532 lltdsvc - ok

01:50:41.0043 4532 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

01:50:41.0043 4532 lmhosts - ok

01:50:41.0090 4532 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys

01:50:41.0090 4532 LSI_FC - ok

01:50:41.0121 4532 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys

01:50:41.0121 4532 LSI_SAS - ok

01:50:41.0152 4532 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys

01:50:41.0152 4532 LSI_SAS2 - ok

01:50:41.0183 4532 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys

01:50:41.0183 4532 LSI_SCSI - ok

01:50:41.0215 4532 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

01:50:41.0215 4532 luafv - ok

01:50:41.0277 4532 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

01:50:41.0277 4532 Mcx2Svc - ok

01:50:41.0324 4532 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys

01:50:41.0324 4532 megasas - ok

01:50:41.0371 4532 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys

01:50:41.0386 4532 MegaSR - ok

01:50:41.0495 4532 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

01:50:41.0495 4532 Microsoft Office Groove Audit Service - ok

01:50:41.0558 4532 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

01:50:41.0558 4532 MMCSS - ok

01:50:41.0589 4532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

01:50:41.0605 4532 Modem - ok

01:50:41.0683 4532 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

01:50:41.0683 4532 monitor - ok

01:50:41.0729 4532 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

01:50:41.0729 4532 mouclass - ok

01:50:41.0761 4532 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys

01:50:41.0761 4532 mouhid - ok

01:50:41.0792 4532 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

01:50:41.0792 4532 mountmgr - ok

01:50:41.0854 4532 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

01:50:41.0870 4532 MozillaMaintenance - ok

01:50:41.0917 4532 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

01:50:41.0917 4532 mpio - ok

01:50:41.0948 4532 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

01:50:41.0948 4532 mpsdrv - ok

01:50:42.0041 4532 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

01:50:42.0041 4532 MpsSvc - ok

01:50:42.0104 4532 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

01:50:42.0104 4532 MRxDAV - ok

01:50:42.0182 4532 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

01:50:42.0197 4532 mrxsmb - ok

01:50:42.0229 4532 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

01:50:42.0229 4532 mrxsmb10 - ok

01:50:42.0260 4532 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

01:50:42.0260 4532 mrxsmb20 - ok

01:50:42.0291 4532 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

01:50:42.0291 4532 msahci - ok

01:50:42.0338 4532 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

01:50:42.0338 4532 msdsm - ok

01:50:42.0400 4532 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

01:50:42.0400 4532 MSDTC - ok

01:50:42.0447 4532 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

01:50:42.0463 4532 Msfs - ok

01:50:42.0494 4532 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

01:50:42.0494 4532 mshidkmdf - ok

01:50:42.0525 4532 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

01:50:42.0525 4532 msisadrv - ok

01:50:42.0587 4532 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

01:50:42.0603 4532 MSiSCSI - ok

01:50:42.0619 4532 msiserver - ok

01:50:42.0650 4532 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

01:50:42.0650 4532 MSKSSRV - ok

01:50:42.0681 4532 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

01:50:42.0681 4532 MSPCLOCK - ok

01:50:42.0697 4532 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

01:50:42.0697 4532 MSPQM - ok

01:50:42.0743 4532 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

01:50:42.0743 4532 MsRPC - ok

01:50:42.0806 4532 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

01:50:42.0806 4532 mssmbios - ok

01:50:42.0837 4532 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

01:50:42.0837 4532 MSTEE - ok

01:50:42.0853 4532 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys

01:50:42.0853 4532 MTConfig - ok

01:50:42.0884 4532 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

01:50:42.0899 4532 Mup - ok

01:50:42.0977 4532 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

01:50:42.0977 4532 napagent - ok

01:50:43.0055 4532 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

01:50:43.0055 4532 NativeWifiP - ok

01:50:43.0149 4532 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

01:50:43.0165 4532 NDIS - ok

01:50:43.0196 4532 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

01:50:43.0196 4532 NdisCap - ok

01:50:43.0243 4532 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

01:50:43.0243 4532 NdisTapi - ok

01:50:43.0274 4532 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

01:50:43.0274 4532 Ndisuio - ok

01:50:43.0305 4532 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

01:50:43.0305 4532 NdisWan - ok

01:50:43.0367 4532 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

01:50:43.0367 4532 NDProxy - ok

01:50:43.0399 4532 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

01:50:43.0399 4532 NetBIOS - ok

01:50:43.0430 4532 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

01:50:43.0430 4532 NetBT - ok

01:50:43.0477 4532 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

01:50:43.0492 4532 Netlogon - ok

01:50:43.0555 4532 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

01:50:43.0570 4532 Netman - ok

01:50:43.0633 4532 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

01:50:43.0648 4532 netprofm - ok

01:50:43.0757 4532 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

01:50:43.0757 4532 NetTcpPortSharing - ok

01:50:43.0820 4532 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys

01:50:43.0820 4532 nfrd960 - ok

01:50:43.0882 4532 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

01:50:43.0882 4532 NlaSvc - ok

01:50:43.0913 4532 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

01:50:43.0913 4532 Npfs - ok

01:50:43.0929 4532 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

01:50:43.0945 4532 nsi - ok

01:50:43.0960 4532 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

01:50:43.0960 4532 nsiproxy - ok

01:50:44.0101 4532 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

01:50:44.0132 4532 Ntfs - ok

01:50:44.0179 4532 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

01:50:44.0179 4532 Null - ok

01:50:44.0225 4532 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

01:50:44.0225 4532 nvraid - ok

01:50:44.0257 4532 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

01:50:44.0272 4532 nvstor - ok

01:50:44.0303 4532 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

01:50:44.0319 4532 nv_agp - ok

01:50:44.0444 4532 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

01:50:44.0459 4532 odserv - ok

01:50:44.0491 4532 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

01:50:44.0491 4532 ohci1394 - ok

01:50:44.0584 4532 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

01:50:44.0584 4532 ose - ok

01:50:44.0662 4532 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

01:50:44.0662 4532 p2pimsvc - ok

01:50:44.0709 4532 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

01:50:44.0725 4532 p2psvc - ok

01:50:44.0771 4532 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys

01:50:44.0771 4532 Parport - ok

01:50:44.0818 4532 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

01:50:44.0818 4532 partmgr - ok

01:50:44.0849 4532 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys

01:50:44.0849 4532 Parvdm - ok

01:50:44.0881 4532 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

01:50:44.0896 4532 PcaSvc - ok

01:50:44.0927 4532 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

01:50:44.0927 4532 pci - ok

01:50:44.0959 4532 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

01:50:44.0959 4532 pciide - ok

01:50:44.0990 4532 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys

01:50:44.0990 4532 pcmcia - ok

01:50:45.0052 4532 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

01:50:45.0068 4532 pcw - ok

01:50:45.0115 4532 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

01:50:45.0130 4532 PEAUTH - ok

01:50:45.0239 4532 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

01:50:45.0255 4532 PeerDistSvc - ok

01:50:45.0427 4532 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

01:50:45.0473 4532 pla - ok

01:50:45.0676 4532 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

01:50:45.0692 4532 PlugPlay - ok

01:50:45.0739 4532 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

01:50:45.0739 4532 PNRPAutoReg - ok

01:50:45.0801 4532 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

01:50:45.0801 4532 PNRPsvc - ok

01:50:45.0879 4532 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

01:50:45.0895 4532 PolicyAgent - ok

01:50:45.0957 4532 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

01:50:45.0973 4532 Power - ok

01:50:46.0082 4532 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

01:50:46.0082 4532 PptpMiniport - ok

01:50:46.0113 4532 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys

01:50:46.0113 4532 Processor - ok

01:50:46.0175 4532 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll

01:50:46.0191 4532 ProfSvc - ok

01:50:46.0207 4532 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

01:50:46.0222 4532 ProtectedStorage - ok

01:50:46.0253 4532 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

01:50:46.0269 4532 Psched - ok

01:50:46.0363 4532 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys

01:50:46.0394 4532 ql2300 - ok

01:50:46.0565 4532 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys

01:50:46.0565 4532 ql40xx - ok

01:50:46.0643 4532 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

01:50:46.0643 4532 QWAVE - ok

01:50:46.0675 4532 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

01:50:46.0675 4532 QWAVEdrv - ok

01:50:46.0706 4532 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

01:50:46.0706 4532 RasAcd - ok

01:50:46.0768 4532 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

01:50:46.0768 4532 RasAgileVpn - ok

01:50:46.0799 4532 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

01:50:46.0799 4532 RasAuto - ok

01:50:46.0862 4532 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

01:50:46.0862 4532 Rasl2tp - ok

01:50:46.0955 4532 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

01:50:46.0971 4532 RasMan - ok

01:50:47.0002 4532 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

01:50:47.0002 4532 RasPppoe - ok

01:50:47.0033 4532 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

01:50:47.0033 4532 RasSstp - ok

01:50:47.0065 4532 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

01:50:47.0080 4532 rdbss - ok

01:50:47.0096 4532 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

01:50:47.0096 4532 rdpbus - ok

01:50:47.0127 4532 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

01:50:47.0127 4532 RDPCDD - ok

01:50:47.0189 4532 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

01:50:47.0189 4532 RDPDR - ok

01:50:47.0252 4532 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

01:50:47.0252 4532 RDPENCDD - ok

01:50:47.0283 4532 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

01:50:47.0283 4532 RDPREFMP - ok

01:50:47.0361 4532 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

01:50:47.0361 4532 RdpVideoMiniport - ok

01:50:47.0423 4532 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys

01:50:47.0423 4532 RDPWD - ok

01:50:47.0486 4532 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

01:50:47.0486 4532 rdyboost - ok

01:50:47.0548 4532 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

01:50:47.0548 4532 RemoteAccess - ok

01:50:47.0611 4532 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

01:50:47.0626 4532 RemoteRegistry - ok

01:50:47.0673 4532 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

01:50:47.0689 4532 RpcEptMapper - ok

01:50:47.0751 4532 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

01:50:47.0751 4532 RpcLocator - ok

01:50:47.0798 4532 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

01:50:47.0798 4532 RpcSs - ok

01:50:47.0876 4532 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

01:50:47.0876 4532 rspndr - ok

01:50:47.0923 4532 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

01:50:47.0923 4532 s3cap - ok

01:50:47.0954 4532 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

01:50:47.0969 4532 SamSs - ok

01:50:48.0016 4532 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

01:50:48.0016 4532 sbp2port - ok

01:50:48.0063 4532 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

01:50:48.0079 4532 SCardSvr - ok

01:50:48.0094 4532 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

01:50:48.0094 4532 scfilter - ok

01:50:48.0172 4532 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

01:50:48.0188 4532 Schedule - ok

01:50:48.0250 4532 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

01:50:48.0250 4532 SCPolicySvc - ok

01:50:48.0297 4532 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

01:50:48.0313 4532 SDRSVC - ok

01:50:48.0375 4532 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

01:50:48.0375 4532 secdrv - ok

01:50:48.0406 4532 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

01:50:48.0406 4532 seclogon - ok

01:50:48.0453 4532 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll

01:50:48.0469 4532 SENS - ok

01:50:48.0500 4532 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

01:50:48.0515 4532 SensrSvc - ok

01:50:48.0547 4532 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys

01:50:48.0547 4532 Serenum - ok

01:50:48.0578 4532 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys

01:50:48.0578 4532 Serial - ok

01:50:48.0609 4532 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys

01:50:48.0609 4532 sermouse - ok

01:50:48.0687 4532 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

01:50:48.0703 4532 SessionEnv - ok

01:50:48.0749 4532 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

01:50:48.0749 4532 sffdisk - ok

01:50:48.0781 4532 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

01:50:48.0781 4532 sffp_mmc - ok

01:50:48.0812 4532 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

01:50:48.0812 4532 sffp_sd - ok

01:50:48.0827 4532 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys

01:50:48.0827 4532 sfloppy - ok

01:50:48.0937 4532 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

01:50:48.0937 4532 SharedAccess - ok

01:50:49.0015 4532 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

01:50:49.0030 4532 ShellHWDetection - ok

01:50:49.0093 4532 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

01:50:49.0093 4532 sisagp - ok

01:50:49.0139 4532 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys

01:50:49.0139 4532 SiSRaid2 - ok

01:50:49.0186 4532 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys

01:50:49.0186 4532 SiSRaid4 - ok

01:50:49.0217 4532 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

01:50:49.0217 4532 Smb - ok

01:50:49.0295 4532 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

01:50:49.0295 4532 SNMPTRAP - ok

01:50:49.0358 4532 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

01:50:49.0358 4532 spldr - ok

01:50:49.0420 4532 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

01:50:49.0420 4532 Spooler - ok

01:50:49.0732 4532 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

01:50:49.0795 4532 sppsvc - ok

01:50:49.0966 4532 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

01:50:49.0966 4532 sppuinotify - ok

01:50:50.0060 4532 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

01:50:50.0060 4532 srv - ok

01:50:50.0107 4532 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

01:50:50.0107 4532 srv2 - ok

01:50:50.0138 4532 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

01:50:50.0153 4532 srvnet - ok

01:50:50.0185 4532 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

01:50:50.0185 4532 SSDPSRV - ok

01:50:50.0216 4532 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

01:50:50.0231 4532 SstpSvc - ok

01:50:50.0278 4532 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys

01:50:50.0278 4532 stexstor - ok

01:50:50.0372 4532 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

01:50:50.0387 4532 StiSvc - ok

01:50:50.0497 4532 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

01:50:50.0512 4532 storflt - ok

01:50:50.0559 4532 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

01:50:50.0559 4532 storvsc - ok

01:50:50.0606 4532 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

01:50:50.0606 4532 swenum - ok

01:50:50.0902 4532 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

01:50:50.0918 4532 swprv - ok

01:50:50.0980 4532 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys

01:50:50.0996 4532 Synth3dVsc - ok

01:50:51.0074 4532 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

01:50:51.0105 4532 SysMain - ok

01:50:51.0167 4532 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

01:50:51.0167 4532 TabletInputService - ok

01:50:51.0214 4532 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

01:50:51.0214 4532 TapiSrv - ok

01:50:51.0245 4532 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

01:50:51.0245 4532 TBS - ok

01:50:51.0401 4532 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

01:50:51.0417 4532 Tcpip - ok

01:50:51.0464 4532 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

01:50:51.0479 4532 TCPIP6 - ok

01:50:51.0620 4532 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

01:50:51.0620 4532 tcpipreg - ok

01:50:51.0651 4532 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

01:50:51.0651 4532 TDPIPE - ok

01:50:51.0698 4532 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

01:50:51.0698 4532 TDTCP - ok

01:50:51.0745 4532 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

01:50:51.0745 4532 tdx - ok

01:50:51.0823 4532 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys

01:50:51.0823 4532 TermDD - ok

01:50:51.0885 4532 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys

01:50:51.0885 4532 terminpt - ok

01:50:51.0963 4532 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

01:50:51.0979 4532 TermService - ok

01:50:52.0010 4532 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

01:50:52.0025 4532 Themes - ok

01:50:52.0088 4532 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

01:50:52.0088 4532 THREADORDER - ok

01:50:52.0259 4532 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

01:50:52.0259 4532 TomTomHOMEService - ok

01:50:52.0322 4532 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

01:50:52.0337 4532 TrkWks - ok

01:50:52.0431 4532 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

01:50:52.0447 4532 TrustedInstaller - ok

01:50:52.0478 4532 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

01:50:52.0478 4532 tssecsrv - ok

01:50:52.0540 4532 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

01:50:52.0540 4532 TsUsbFlt - ok

01:50:52.0571 4532 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys

01:50:52.0571 4532 TsUsbGD - ok

01:50:52.0618 4532 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys

01:50:52.0634 4532 tsusbhub - ok

01:50:52.0681 4532 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

01:50:52.0681 4532 tunnel - ok

01:50:52.0712 4532 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys

01:50:52.0727 4532 uagp35 - ok

01:50:52.0774 4532 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

01:50:52.0774 4532 udfs - ok

01:50:52.0837 4532 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

01:50:52.0852 4532 UI0Detect - ok

01:50:52.0915 4532 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

01:50:52.0915 4532 uliagpkx - ok

01:50:52.0961 4532 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

01:50:52.0961 4532 umbus - ok

01:50:52.0993 4532 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys

01:50:52.0993 4532 UmPass - ok

01:50:53.0055 4532 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

01:50:53.0071 4532 UmRdpService - ok

01:50:53.0133 4532 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

01:50:53.0149 4532 upnphost - ok

01:50:53.0195 4532 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys

01:50:53.0211 4532 USBAAPL - ok

01:50:53.0258 4532 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

01:50:53.0258 4532 usbccgp - ok

01:50:53.0320 4532 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

01:50:53.0336 4532 usbcir - ok

01:50:53.0367 4532 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

01:50:53.0367 4532 usbehci - ok

01:50:53.0414 4532 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

01:50:53.0429 4532 usbhub - ok

01:50:53.0445 4532 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

01:50:53.0445 4532 usbohci - ok

01:50:53.0476 4532 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

01:50:53.0476 4532 usbprint - ok

01:50:53.0539 4532 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

01:50:53.0539 4532 usbscan - ok

01:50:53.0601 4532 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

01:50:53.0601 4532 USBSTOR - ok

01:50:53.0617 4532 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

01:50:53.0617 4532 usbuhci - ok

01:50:53.0679 4532 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

01:50:53.0679 4532 UxSms - ok

01:50:53.0741 4532 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

01:50:53.0741 4532 VaultSvc - ok

01:50:53.0804 4532 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

01:50:53.0804 4532 vdrvroot - ok

01:50:53.0851 4532 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

01:50:53.0866 4532 vds - ok

01:50:53.0944 4532 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

01:50:53.0944 4532 vga - ok

01:50:53.0975 4532 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

01:50:53.0975 4532 VgaSave - ok

01:50:53.0991 4532 VGPU - ok

01:50:54.0038 4532 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

01:50:54.0038 4532 vhdmp - ok

01:50:54.0100 4532 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

01:50:54.0100 4532 viaagp - ok

01:50:54.0116 4532 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys

01:50:54.0131 4532 ViaC7 - ok

01:50:54.0147 4532 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

01:50:54.0147 4532 viaide - ok

01:50:54.0209 4532 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

01:50:54.0225 4532 vmbus - ok

01:50:54.0256 4532 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

01:50:54.0256 4532 VMBusHID - ok

01:50:54.0319 4532 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

01:50:54.0319 4532 volmgr - ok

01:50:54.0350 4532 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

01:50:54.0365 4532 volmgrx - ok

01:50:54.0412 4532 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

01:50:54.0412 4532 volsnap - ok

01:50:54.0475 4532 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys

01:50:54.0475 4532 vsmraid - ok

01:50:54.0599 4532 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

01:50:54.0631 4532 VSS - ok

01:50:54.0677 4532 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

01:50:54.0677 4532 vwifibus - ok

01:50:54.0724 4532 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

01:50:54.0724 4532 vwififlt - ok

01:50:54.0755 4532 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

01:50:54.0755 4532 vwifimp - ok

01:50:55.0052 4532 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

01:50:55.0083 4532 W32Time - ok

01:50:55.0130 4532 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys

01:50:55.0130 4532 WacomPen - ok

01:50:55.0177 4532 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

01:50:55.0177 4532 WANARP - ok

01:50:55.0192 4532 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

01:50:55.0192 4532 Wanarpv6 - ok

01:50:55.0348 4532 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

01:50:55.0379 4532 WatAdminSvc - ok

01:50:55.0504 4532 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

01:50:55.0535 4532 wbengine - ok

01:50:55.0613 4532 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

01:50:55.0613 4532 WbioSrvc - ok

01:50:55.0676 4532 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

01:50:55.0691 4532 wcncsvc - ok

01:50:55.0723 4532 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

01:50:55.0723 4532 WcsPlugInService - ok

01:50:56.0175 4532 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys

01:50:56.0175 4532 Wd - ok

01:50:56.0237 4532 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

01:50:56.0253 4532 Wdf01000 - ok

01:50:56.0315 4532 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

01:50:56.0331 4532 WdiServiceHost - ok

01:50:56.0331 4532 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

01:50:56.0347 4532 WdiSystemHost - ok

01:50:56.0378 4532 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

01:50:56.0393 4532 WebClient - ok

01:50:56.0409 4532 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

01:50:56.0425 4532 Wecsvc - ok

01:50:56.0456 4532 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

01:50:56.0456 4532 wercplsupport - ok

01:50:56.0518 4532 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

01:50:56.0518 4532 WerSvc - ok

01:50:56.0581 4532 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

01:50:56.0581 4532 WfpLwf - ok

01:50:56.0612 4532 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

01:50:56.0612 4532 WIMMount - ok

01:50:56.0752 4532 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

01:50:56.0768 4532 WinDefend - ok

01:50:56.0783 4532 WinHttpAutoProxySvc - ok

01:50:56.0893 4532 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

01:50:56.0893 4532 Winmgmt - ok

01:50:57.0017 4532 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

01:50:57.0049 4532 WinRM - ok

01:50:57.0205 4532 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys

01:50:57.0205 4532 WinUsb - ok

01:50:57.0392 4532 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

01:50:57.0407 4532 Wlansvc - ok

01:50:57.0470 4532 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

01:50:57.0470 4532 WmiAcpi - ok

01:50:57.0563 4532 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

01:50:57.0563 4532 wmiApSrv - ok

01:50:57.0953 4532 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

01:50:57.0985 4532 WMPNetworkSvc - ok

01:50:58.0047 4532 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

01:50:58.0047 4532 WPCSvc - ok

01:50:58.0078 4532 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

01:50:58.0078 4532 WPDBusEnum - ok

01:50:58.0172 4532 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

01:50:58.0172 4532 ws2ifsl - ok

01:50:58.0203 4532 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll

01:50:58.0203 4532 wscsvc - ok

01:50:58.0219 4532 WSearch - ok

01:50:58.0375 4532 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

01:50:58.0406 4532 wuauserv - ok

01:50:58.0999 4532 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

01:50:59.0014 4532 WudfPf - ok

01:50:59.0061 4532 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

01:50:59.0061 4532 WUDFRd - ok

01:50:59.0139 4532 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

01:50:59.0155 4532 wudfsvc - ok

01:50:59.0186 4532 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

01:50:59.0201 4532 WwanSvc - ok

01:50:59.0342 4532 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys

01:50:59.0404 4532 xusb21 - ok

01:50:59.0638 4532 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

01:51:00.0044 4532 \Device\Harddisk0\DR0 - ok

01:51:00.0059 4532 Boot (0x1200) (223de565a2230fcc265c28e0ad4a3210) \Device\Harddisk0\DR0\Partition0

01:51:00.0059 4532 \Device\Harddisk0\DR0\Partition0 - ok

01:51:00.0059 4532 ============================================================

01:51:00.0059 4532 Scan finished

01:51:00.0059 4532 ============================================================

01:51:00.0075 2052 Detected object count: 0

01:51:00.0075 2052 Actual detected object count: 0

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-08 01:58:37

-----------------------------

01:58:37.526 OS Version: Windows 6.1.7601 Service Pack 1

01:58:37.526 Number of processors: 1 586 0x1601

01:58:37.526 ComputerName: BILL-PC UserName: Bill

01:58:38.368 Initialize success

01:58:38.571 AVAST engine defs: 12070701

01:58:56.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

01:58:56.449 Disk 0 Vendor: Hitachi_HTS542580K9SA00 BBBOC31P Size: 76319MB BusType: 11

01:58:56.495 Disk 0 MBR read successfully

01:58:56.511 Disk 0 MBR scan

01:58:56.511 Disk 0 Windows 7 default MBR code

01:58:56.511 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63

01:58:56.542 Disk 0 scanning sectors +156280320

01:58:56.636 Disk 0 scanning C:\Windows\system32\drivers

01:59:11.138 Service scanning

01:59:41.434 Modules scanning

01:59:52.511 Disk 0 trace - called modules:

01:59:52.527 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys

01:59:52.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f33030]

01:59:53.042 3 CLASSPNP.SYS[871ad59e] -> nt!IofCallDriver -> [0x84e54c10]

01:59:53.042 5 ACPI.sys[86cc53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84e4a030]

01:59:54.180 AVAST engine scan C:\Windows

01:59:57.145 AVAST engine scan C:\Windows\system32

02:02:28.730 AVAST engine scan C:\Windows\system32\drivers

02:02:41.787 AVAST engine scan C:\Users\Bill

02:12:05.193 AVAST engine scan C:\ProgramData

02:13:03.930 Scan finished successfully

02:13:47.305 Verifying

02:13:57.321 Disk 0 Windows 601 MBR fixed successfully

02:14:11.314 Disk 0 MBR has been saved successfully to "C:\Users\Bill\Desktop\MBR.dat"

02:14:11.314 The log file has been saved successfully to "C:\Users\Bill\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::

Folder::
c:\program files\Ask.com
FireFox::
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113959&tt=060612_7_&babsrc=KW_ss&mntrId=78db3950000000000000061f3a75ca90&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 78db3950000000000000061f3a75ca90
FF - user.js: extensions.BabylonToolbar_i.hardId - 78db3950000000000000061f3a75ca90
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15509
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

The computer is still redirecting. Here is the latest log file.

ComboFix 12-07-07.04 - Bill 07/08/2012 9:41.2.1 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1014.360 [GMT -4:00]

Running from: c:\users\Bill\Desktop\ComboFix.exe

Command switches used :: c:\users\Bill\Desktop\cfScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Ask.com

c:\program files\Ask.com\assets\oobe\b.png

c:\program files\Ask.com\assets\oobe\bl.png

c:\program files\Ask.com\assets\oobe\br.png

c:\program files\Ask.com\assets\oobe\l.png

c:\program files\Ask.com\assets\oobe\pointer.png

c:\program files\Ask.com\assets\oobe\r.png

c:\program files\Ask.com\assets\oobe\t.png

c:\program files\Ask.com\assets\oobe\tl.png

c:\program files\Ask.com\assets\oobe\tr.png

c:\program files\Ask.com\cobrand.ico

c:\program files\Ask.com\config.xml

c:\program files\Ask.com\favicon.ico

c:\program files\Ask.com\fv_9db5.ico

c:\program files\Ask.com\GenericAskToolbar.dll

c:\program files\Ask.com\mupcfg.xml

c:\program files\Ask.com\SaUpdate.exe

c:\program files\Ask.com\UpdateTask.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))

.

.

2012-07-08 13:59 . 2012-07-08 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-08 09:00 . 2012-07-08 09:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BF922BB-6D55-4A2F-A19D-25CE9AD9C141}\offreg.dll

2012-07-06 20:13 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BF922BB-6D55-4A2F-A19D-25CE9AD9C141}\mpengine.dll

2012-06-29 02:10 . 2012-06-29 02:10 -------- d-----w- c:\program files\iPod

2012-06-25 21:56 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-25 21:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-06-25 21:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-06-25 21:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll

2012-06-25 21:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll

2012-06-24 18:07 . 2012-06-24 18:07 -------- d-----w- c:\program files\Common Files\Java

2012-06-24 18:06 . 2012-06-24 18:06 476936 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-06-24 18:02 . 2012-06-24 18:02 -------- d-----w- c:\programdata\McAfee

2012-06-24 15:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-06-24 15:56 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-06-24 15:56 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-06-24 15:56 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-06-24 15:56 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-06-24 15:55 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll

2012-06-24 15:55 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-24 15:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-24 15:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-06-24 15:55 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll

2012-06-24 15:54 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys

2012-06-24 15:54 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-24 15:54 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-24 15:54 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-24 15:54 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-06-24 15:54 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-06-24 15:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-06-24 15:54 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-24 15:54 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll

2012-06-24 15:54 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-24 15:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-06-24 15:48 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-06-24 15:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-24 15:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-24 15:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-24 15:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-24 15:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-24 15:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-24 15:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-24 15:44 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-24 15:44 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-24 15:25 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-06-24 15:25 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-06-24 15:24 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-06-24 15:24 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-06-24 15:24 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-06-24 15:24 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-06-24 15:23 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-06-24 15:23 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-06-24 15:23 . 2012-06-24 15:23 -------- d-----w- c:\programdata\AVAST Software

2012-06-24 15:23 . 2012-06-24 15:23 -------- d-----w- c:\program files\AVAST Software

2012-06-22 00:45 . 2012-06-22 00:45 388096 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-22 00:45 . 2012-06-22 00:45 -------- d-----w- c:\program files\Trend Micro

2012-06-18 22:50 . 2012-06-18 22:50 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-06-18 22:50 . 2012-06-18 22:50 -------- d-----w- c:\program files\7-Zip

2012-06-18 22:50 . 2012-06-18 22:50 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe

2012-06-18 22:50 . 2012-06-18 22:50 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-24 18:06 . 2011-05-19 20:43 472840 ----a-w- c:\windows\system32\deployJava1.dll

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-06-18 22:50 . 2011-05-19 22:12 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

.

c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 37647026

*NewlyCreated* - ASWMBR

*Deregistered* - 37647026

*Deregistered* - aswMBR

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 15:25]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 15:25]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002Core.job

- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 00:55]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002UA.job

- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 00:55]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-08 10:08:45

ComboFix-quarantined-files.txt 2012-07-08 14:08

ComboFix2.txt 2012-07-08 05:03

ComboFix3.txt 2011-04-29 00:59

.

Pre-Run: 19,547,127,808 bytes free

Post-Run: 19,620,110,336 bytes free

.

- - End Of File - - 3DDDE36763B22BBEF4DC2271311464CF

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

OTL logfile created on: 7/8/2012 7:37:42 PM - Run 1

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bill\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.99 Mb Total Physical Memory | 480.29 Mb Available Physical Memory | 47.37% Memory free

1.99 Gb Paging File | 1.01 Gb Available in Paging File | 50.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 17.86 Gb Free Space | 23.97% Space Free | Partition Type: NTFS

Computer Name: BILL-PC | User Name: Bill | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bill\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

PRC - C:\Program Files\IObit\Game Booster 3\gbtray.exe (IObit)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\IObit\Game Booster 3\sqlite3.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Program Files\WinRAR\RarExt.dll ()

========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found

DRV - (mbr) -- C:\ComboFix\mbr.sys File not found

DRV - (catchme) -- C:\Users\Bill\AppData\Local\Temp\catchme.sys File not found

DRV - (aswMBR) -- C:\Users\Bill\AppData\Local\Temp\aswMBR.sys File not found

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)

DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)

DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113959&tt=060612_7_&babsrc=SP_ss&mntrId=78db3950000000000000061f3a75ca90

IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bill\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bill\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/04 08:39:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/28 22:03:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/28 22:03:13 | 000,000,000 | ---D | M]

[2011/06/29 21:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Extensions

[2011/06/29 21:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

[2012/06/18 18:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\extensions

[2012/06/24 14:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/06/24 14:06:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2009/07/13 19:11:12 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\BILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\718TW7JI.DEFAULT\EXTENSIONS\VHEWRNWLFG@VHEWRNWLFG.ORG.XPI

[2012/06/18 18:50:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/03/18 15:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/03/18 15:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/06/18 18:50:10 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012/03/15 11:51:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/03/15 11:51:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Bill\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bill\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bill\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll

CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Bill\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: TimelineRemove = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\

CHR - Extension: avast! WebRep = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: privacyscore by PrivacyChoice = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd\1.4.2_0\

CHR - Extension: Gmail = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/08 09:59:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKU\S-1-5-21-333680662-3317831912-918726619-1002..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)

O4 - HKU\S-1-5-21-333680662-3317831912-918726619-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-333680662-3317831912-918726619-1002..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKU\S-1-5-21-333680662-3317831912-918726619-1002..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()

O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-333680662-3317831912-918726619-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-333680662-3317831912-918726619-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1976FBF0-6ECC-4C71-A667-6B5547EA0FE1}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 18:39:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe

[2012/07/08 10:08:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/07/08 10:08:49 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/07/08 00:30:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/08 00:30:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/08 00:30:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/08 00:29:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/08 00:28:43 | 004,574,136 | R--- | C] (Swearware) -- C:\Users\Bill\Desktop\ComboFix.exe

[2012/07/07 18:47:39 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bill\Desktop\123.com

[2012/07/01 21:07:06 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\OneNote Notebooks

[2012/06/28 22:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/06/28 22:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/06/28 22:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012/06/28 22:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/06/25 17:56:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/06/25 17:56:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/06/25 17:56:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/06/25 17:56:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/06/25 17:56:46 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/06/25 17:56:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/06/25 17:56:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/06/24 14:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/06/24 14:06:36 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll

[2012/06/24 14:06:35 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/06/24 14:06:35 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/06/24 14:06:35 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012/06/24 14:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/06/24 11:55:42 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll

[2012/06/24 11:55:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012/06/24 11:55:31 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012/06/24 11:54:57 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/06/24 11:54:55 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll

[2012/06/24 11:54:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe

[2012/06/24 11:54:54 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll

[2012/06/24 11:54:46 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012/06/24 11:48:51 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll

[2012/06/24 11:44:56 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/06/24 11:44:55 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/06/24 11:44:40 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/06/24 11:44:40 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/06/24 11:44:40 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/06/24 11:44:22 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/06/24 11:44:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/06/24 11:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012/06/24 11:25:02 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2012/06/24 11:25:01 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2012/06/24 11:24:57 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2012/06/24 11:24:56 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2012/06/24 11:24:54 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2012/06/24 11:24:49 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2012/06/24 11:23:48 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/06/24 11:23:47 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012/06/24 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/06/24 11:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/06/21 21:55:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2012/06/21 20:45:20 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/06/21 20:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/06/18 18:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

[2012/06/18 18:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/06/18 18:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012/06/18 18:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

[2002/03/25 11:03:34 | 000,638,976 | ---- | C] (HMP - Hard- & Software GmbH) -- C:\Users\Bill\NPSI2KVW.dll

========== Files - Modified Within 30 Days ==========

[2012/07/08 19:44:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002UA.job

[2012/07/08 19:31:57 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/08 18:40:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe

[2012/07/08 17:44:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002Core.job

[2012/07/08 11:30:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/08 09:59:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/07/08 02:14:11 | 000,000,512 | ---- | M] () -- C:\Users\Bill\Desktop\MBR.dat

[2012/07/08 00:28:49 | 004,574,136 | R--- | M] (Swearware) -- C:\Users\Bill\Desktop\ComboFix.exe

[2012/07/08 00:26:10 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/08 00:26:10 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/07 22:32:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/07 19:07:07 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/07 19:07:07 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/07 18:59:34 | 797,433,856 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/04 08:39:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2012/07/03 12:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2012/07/02 20:01:46 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bill\Desktop\123.com

[2012/07/02 18:14:19 | 000,002,391 | ---- | M] () -- C:\Users\Bill\Desktop\Google Chrome.lnk

[2012/07/01 21:07:04 | 000,001,276 | ---- | M] () -- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

[2012/06/28 22:12:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/06/28 22:03:00 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/06/25 18:37:37 | 000,436,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/06/24 14:06:20 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2012/06/24 14:06:20 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2012/06/24 14:06:20 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2012/06/24 14:06:19 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll

[2012/06/24 14:06:19 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2012/06/24 11:25:03 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/06/21 20:45:20 | 000,002,959 | ---- | M] () -- C:\Users\Bill\Desktop\HiJackThis.lnk

[2012/06/19 08:36:36 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/18 18:50:18 | 000,000,487 | ---- | M] () -- C:\user.js

========== Files Created - No Company Name ==========

[2012/07/08 02:14:11 | 000,000,512 | ---- | C] () -- C:\Users\Bill\Desktop\MBR.dat

[2012/07/08 00:30:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/08 00:30:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/08 00:30:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/08 00:30:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/08 00:30:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/01 21:07:04 | 000,001,276 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

[2012/06/28 22:12:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/06/28 22:03:00 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2012/06/24 11:25:03 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/06/21 20:45:20 | 000,002,959 | ---- | C] () -- C:\Users\Bill\Desktop\HiJackThis.lnk

[2012/06/19 08:36:36 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/11/24 21:47:37 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/11/24 21:47:37 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011/11/24 20:59:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011/08/02 21:56:21 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini

[2011/05/15 00:43:59 | 000,000,000 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\chrtmp

[2011/05/10 21:03:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imblacklist.dat

[2011/05/01 20:08:04 | 000,361,726 | ---- | C] () -- C:\ProgramData\bdinstall.bin

[2011/04/29 16:52:29 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2010/11/20 17:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== Files - Unicode (All) ==========

[2011/11/24 11:22:37 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

[2011/11/24 11:22:37 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

< End of report >

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code

    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000061f3a75ca90
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    [2009/07/13 19:11:12 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\BILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\718TW7JI.DEFAULT\EXTENSIONS\VHEWRNWLFG@VHEWRNWLFG.ORG.XPI
    [2012/06/18 18:50:10 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    :Files
    C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
    C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc
    C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

HKEY_USERS\S-1-5-21-333680662-3317831912-918726619-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-333680662-3317831912-918726619-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\extensions\vhewrnwlfg@vhewrnwlfg.org.xpi moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

========== FILES ==========

C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.

C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.

File\Folder C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll not found.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\zh_TW folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\zh_CN folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\vi folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\uk folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\tr folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\th folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sv folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sr folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sl folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sk folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ru folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ro folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\pt_PT folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\pt_BR folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\pl folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\no folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\nl folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\lv folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\lt folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ko folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ja folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\it folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\id folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\hu folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\hr folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\hi folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\he folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\fr folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\fil folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\fi folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\es folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\en folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\el folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\de folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\da folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\cs folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ca folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\bg folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ar folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_TW folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_CN folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\vi folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\uk folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\tr folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\th folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sv folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sr folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sl folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sk folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ru folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ro folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_PT folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_BR folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pl folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\no folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\nl folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lv folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lt folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ko folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ja folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\it folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\id folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hu folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hr folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hi folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\he folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fr folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fil folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fi folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\es folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\en folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\el folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\de folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\da folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\cs folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ca folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\bg folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ar folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\images folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\windows folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\utils folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\traits folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\tabs folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\img folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\events folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\dom folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\content folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\data folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\addon-kit\lib folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\addon-kit\data folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\addon-kit folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0 folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd\1.4.2_0\js folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd\1.4.2_0\img folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd\1.4.2_0 folder moved successfully.

C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Bill\Desktop\cmd.bat deleted successfully.

C:\Users\Bill\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Bill

->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Bill

->Flash cache emptied: 79687 bytes

User: Default

->Flash cache emptied: 56466 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.53.1 log created on 07092012_164840

Link to post
Share on other sites

  • Staff

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Gringo

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012

Ran by SYSTEM at 10-07-2012 17:08:00

Running from F:\

Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)

HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)

HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [718688 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)

HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKU\Bill\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2012-01-22] (TomTom)

HKU\Bill\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)

HKU\Bill\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()

HKU\Bill\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\Bill\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Bill\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)

2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)

1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software)

1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)

1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)

1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)

3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [60160 2009-08-13] (Microsoft Corporation)

3 catchme; \??\C:\Users\Bill\AppData\Local\Temp\catchme.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-10 13:00 - 2012-07-10 13:00 - 00890230 ____A (Farbar) C:\Users\Bill\Desktop\FRST.exe

2012-07-09 12:48 - 2012-07-09 12:48 - 00000000 ____D C:\_OTL

2012-07-09 12:44 - 2012-07-09 12:44 - 00000000 ____D C:\avast! sandbox

2012-07-09 12:43 - 2012-07-09 12:43 - 00595968 ____A (OldTimer Tools) C:\Users\Bill\Desktop\OTL.exe

2012-07-09 12:42 - 2012-07-09 12:42 - 04574937 ____A (Swearware) C:\Users\Bill\Desktop\ComboFix.exe

2012-07-08 05:30 - 2012-07-08 05:30 - 00000000 ____A C:\Users\Bill\Desktop\New Text Document.txt

2012-07-07 22:14 - 2012-07-07 22:14 - 00000512 ____A C:\Users\Bill\Desktop\MBR.dat

2012-07-07 21:53 - 2012-07-07 21:53 - 04731392 ____A (AVAST Software) C:\Users\Bill\Downloads\aswMBR.exe

2012-07-07 20:29 - 2012-07-07 20:57 - 00000000 ____D C:\Windows\erdnt

2012-07-07 20:18 - 2012-07-07 20:18 - 00881475 ____A C:\Users\Bill\Downloads\SecurityCheck.exe

2012-07-07 19:55 - 2012-07-07 19:55 - 00004486 ____A C:\Users\Bill\Desktop\Attach.txt

2012-07-07 19:44 - 2012-07-07 19:44 - 00607260 ____R (Swearware) C:\Users\Bill\Downloads\dds.scr

2012-07-07 14:47 - 2012-07-07 14:47 - 02116179 ____A C:\Users\Bill\Downloads\tdsskiller.zip

2012-07-07 14:47 - 2012-07-02 16:01 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Bill\Desktop\123.com

2012-07-07 14:41 - 2012-07-07 14:42 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Bill\Downloads\tdsskiller (1).exe

2012-07-01 17:07 - 2012-07-01 17:07 - 00000000 ____D C:\Users\Bill\Documents\OneNote Notebooks

2012-06-28 18:12 - 2012-06-28 18:12 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-28 18:10 - 2012-06-28 18:10 - 00000000 ____D C:\Program Files\iPod

2012-06-28 18:03 - 2012-06-28 18:03 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-06-28 18:02 - 2012-06-28 18:03 - 00000000 ____D C:\Program Files\QuickTime

2012-06-25 13:56 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-25 13:56 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-25 13:56 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-25 13:56 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-25 13:56 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-25 13:56 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-25 13:56 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-25 13:56 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-25 13:56 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-25 13:56 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-25 13:56 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-25 13:56 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-25 13:56 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-25 13:56 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-25 13:48 - 2012-02-29 21:46 - 00019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys

2012-06-25 13:48 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll

2012-06-25 13:48 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

2012-06-25 13:48 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll

2012-06-24 10:07 - 2012-06-24 10:07 - 00000000 ____D C:\Program Files\Common Files\Java

2012-06-24 10:06 - 2012-06-24 10:06 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll

2012-06-24 10:06 - 2012-06-24 10:06 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe

2012-06-24 10:06 - 2012-06-24 10:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe

2012-06-24 10:06 - 2012-06-24 10:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe

2012-06-24 10:02 - 2012-06-24 10:02 - 00000000 ____D C:\Users\All Users\McAfee

2012-06-24 07:56 - 2012-03-30 02:23 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys

2012-06-24 07:55 - 2012-04-27 20:41 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2012-06-24 07:55 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-06-24 07:55 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll

2012-06-24 07:55 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2012-06-24 07:55 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-06-24 07:54 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-24 07:54 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-06-24 07:54 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-06-24 07:54 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-06-24 07:54 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-06-24 07:54 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-06-24 07:54 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-06-24 07:54 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-06-24 07:54 - 2012-03-16 23:27 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

2012-06-24 07:54 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll

2012-06-24 07:48 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll

2012-06-24 07:48 - 2012-02-16 20:13 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys

2012-06-24 07:44 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-24 07:44 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-24 07:44 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-24 07:44 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-24 07:44 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-24 07:44 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-24 07:44 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-24 07:44 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-24 07:44 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-24 07:25 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-06-24 07:25 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-06-24 07:25 - 2012-06-24 07:25 - 00001994 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-06-24 07:24 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-06-24 07:24 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-06-24 07:24 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-06-24 07:24 - 2012-07-03 08:21 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-06-24 07:23 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-06-24 07:23 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-06-24 07:23 - 2012-06-24 07:23 - 00000000 ____D C:\Users\All Users\AVAST Software

2012-06-24 07:23 - 2012-06-24 07:23 - 00000000 ____D C:\Program Files\AVAST Software

2012-06-24 07:21 - 2012-06-24 07:22 - 74761776 ____A C:\Users\Bill\Downloads\avast_free_antivirus_setup (1).exe

2012-06-24 07:17 - 2012-06-24 07:17 - 00374616 ____A C:\Users\Bill\Downloads\avast! Professional Antivirus 7 + Anti Spyware Free DownloadSetup.exe

2012-06-23 05:33 - 2012-06-23 05:33 - 74761776 ____A C:\Users\Bill\Downloads\avast_free_antivirus_setup.exe

2012-06-21 17:55 - 2012-06-21 17:56 - 00000000 ____D C:\Windows\System32\appmgmt

2012-06-21 16:45 - 2012-06-21 16:45 - 00002959 ____A C:\Users\Bill\Desktop\HiJackThis.lnk

2012-06-21 16:45 - 2012-06-21 16:45 - 00000000 ____D C:\Program Files\Trend Micro

2012-06-21 16:44 - 2012-06-21 16:44 - 01402880 ____A C:\Users\Bill\Downloads\HiJackThis.msi

2012-06-19 04:36 - 2012-06-19 04:36 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-06-18 14:50 - 2012-06-18 14:50 - 00000000 ____D C:\Users\All Users\Mozilla

2012-06-18 14:50 - 2012-06-18 14:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2012-06-18 14:50 - 2012-06-18 14:50 - 00000000 ____D C:\Program Files\7-Zip

2012-06-15 14:39 - 2012-06-15 14:39 - 00009754 ____A C:\Users\Bill\Downloads\imgburn_write.txt

2012-06-14 20:22 - 2012-06-14 20:33 - 00085096 ____A C:\Users\Bill\Downloads\dvdauthor.txt

2012-06-14 20:22 - 2012-06-14 20:22 - 00000766 ____A C:\Users\Bill\Downloads\dvdauthor.xml

2012-06-14 20:17 - 2012-06-14 20:22 - 00002701 ____A C:\Users\Bill\Downloads\mplex_title1.txt

2012-06-14 20:13 - 2012-06-14 20:17 - 00002700 ____A C:\Users\Bill\Downloads\mplex_title0.txt

2012-06-14 20:07 - 2012-06-14 20:13 - 00038504 ____A C:\Users\Bill\Downloads\ffmpeg_audio_title1_track0_source0.txt

2012-06-14 20:03 - 2012-06-14 20:07 - 00031351 ____A C:\Users\Bill\Downloads\ffmpeg_audio_title0_track0_source0.txt

2012-06-14 17:54 - 2012-06-14 20:03 - 01138836 ____A C:\Users\Bill\Downloads\ffmpeg_video_title1_source0.txt

============ 3 Months Modified Files ========================

2012-07-10 13:02 - 2010-11-20 13:01 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-10 13:01 - 2012-03-04 07:59 - 00001634 ____A C:\Windows\setupact.log

2012-07-10 13:00 - 2012-07-10 13:00 - 00890230 ____A (Farbar) C:\Users\Bill\Desktop\FRST.exe

2012-07-10 12:44 - 2012-03-11 16:55 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002UA.job

2012-07-10 12:30 - 2012-05-27 07:25 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-10 07:30 - 2012-05-27 07:25 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-09 13:44 - 2012-03-11 16:55 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002Core.job

2012-07-09 12:43 - 2012-07-09 12:43 - 00595968 ____A (OldTimer Tools) C:\Users\Bill\Desktop\OTL.exe

2012-07-09 12:42 - 2012-07-09 12:42 - 04574937 ____A (Swearware) C:\Users\Bill\Desktop\ComboFix.exe

2012-07-09 05:20 - 2009-07-13 20:34 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-09 05:20 - 2009-07-13 20:34 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-09 05:12 - 2012-03-04 07:58 - 00010248 ____A C:\Windows\PFRO.log

2012-07-09 05:12 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-08 05:59 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini

2012-07-08 05:30 - 2012-07-08 05:30 - 00000000 ____A C:\Users\Bill\Desktop\New Text Document.txt

2012-07-07 22:14 - 2012-07-07 22:14 - 00000512 ____A C:\Users\Bill\Desktop\MBR.dat

2012-07-07 21:53 - 2012-07-07 21:53 - 04731392 ____A (AVAST Software) C:\Users\Bill\Downloads\aswMBR.exe

2012-07-07 20:18 - 2012-07-07 20:18 - 00881475 ____A C:\Users\Bill\Downloads\SecurityCheck.exe

2012-07-07 19:55 - 2012-07-07 19:55 - 00004486 ____A C:\Users\Bill\Desktop\Attach.txt

2012-07-07 19:44 - 2012-07-07 19:44 - 00607260 ____R (Swearware) C:\Users\Bill\Downloads\dds.scr

2012-07-07 14:47 - 2012-07-07 14:47 - 02116179 ____A C:\Users\Bill\Downloads\tdsskiller.zip

2012-07-07 14:42 - 2012-07-07 14:41 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Bill\Downloads\tdsskiller (1).exe

2012-07-04 04:39 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt

2012-07-03 08:21 - 2012-06-24 07:25 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-07-03 08:21 - 2012-06-24 07:25 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-07-03 08:21 - 2012-06-24 07:24 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-07-03 08:21 - 2012-06-24 07:24 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-07-03 08:21 - 2012-06-24 07:24 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-07-03 08:21 - 2012-06-24 07:24 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-07-03 08:21 - 2012-06-24 07:23 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-07-03 08:21 - 2012-06-24 07:23 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-07-02 16:01 - 2012-07-07 14:47 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Bill\Desktop\123.com

2012-07-02 14:14 - 2012-03-11 16:56 - 00002391 ____A C:\Users\Bill\Desktop\Google Chrome.lnk

2012-06-28 18:12 - 2012-06-28 18:12 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-28 18:03 - 2012-06-28 18:03 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-06-25 14:37 - 2009-07-13 20:33 - 00436920 ____A C:\Windows\System32\FNTCACHE.DAT

2012-06-24 10:06 - 2012-06-24 10:06 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll

2012-06-24 10:06 - 2012-06-24 10:06 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe

2012-06-24 10:06 - 2012-06-24 10:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe

2012-06-24 10:06 - 2012-06-24 10:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe

2012-06-24 10:06 - 2011-05-19 12:43 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll

2012-06-24 07:25 - 2012-06-24 07:25 - 00001994 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-06-24 07:22 - 2012-06-24 07:21 - 74761776 ____A C:\Users\Bill\Downloads\avast_free_antivirus_setup (1).exe

2012-06-24 07:17 - 2012-06-24 07:17 - 00374616 ____A C:\Users\Bill\Downloads\avast! Professional Antivirus 7 + Anti Spyware Free DownloadSetup.exe

2012-06-23 05:33 - 2012-06-23 05:33 - 74761776 ____A C:\Users\Bill\Downloads\avast_free_antivirus_setup.exe

2012-06-21 16:45 - 2012-06-21 16:45 - 00002959 ____A C:\Users\Bill\Desktop\HiJackThis.lnk

2012-06-21 16:44 - 2012-06-21 16:44 - 01402880 ____A C:\Users\Bill\Downloads\HiJackThis.msi

2012-06-19 04:36 - 2012-06-19 04:36 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-06-18 14:50 - 2012-02-23 15:39 - 00000487 ____A C:\user.js

2012-06-15 14:39 - 2012-06-15 14:39 - 00009754 ____A C:\Users\Bill\Downloads\imgburn_write.txt

2012-06-15 14:39 - 2012-02-13 08:21 - 00004944 ____A C:\Users\Bill\Downloads\dvdflick.log

2012-06-14 20:33 - 2012-06-14 20:22 - 00085096 ____A C:\Users\Bill\Downloads\dvdauthor.txt

2012-06-14 20:22 - 2012-06-14 20:22 - 00000766 ____A C:\Users\Bill\Downloads\dvdauthor.xml

2012-06-14 20:22 - 2012-06-14 20:17 - 00002701 ____A C:\Users\Bill\Downloads\mplex_title1.txt

2012-06-14 20:17 - 2012-06-14 20:13 - 00002700 ____A C:\Users\Bill\Downloads\mplex_title0.txt

2012-06-14 20:13 - 2012-06-14 20:07 - 00038504 ____A C:\Users\Bill\Downloads\ffmpeg_audio_title1_track0_source0.txt

2012-06-14 20:07 - 2012-06-14 20:03 - 00031351 ____A C:\Users\Bill\Downloads\ffmpeg_audio_title0_track0_source0.txt

2012-06-14 20:03 - 2012-06-14 17:54 - 01138836 ____A C:\Users\Bill\Downloads\ffmpeg_video_title1_source0.txt

2012-06-14 17:54 - 2012-02-13 08:21 - 00875352 ____A C:\Users\Bill\Downloads\ffmpeg_video_title0_source0.txt

2012-06-03 19:35 - 2011-04-29 13:01 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-06-02 14:19 - 2012-06-24 07:44 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-24 07:44 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-24 07:44 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-24 07:44 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-24 07:44 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:12 - 2012-06-24 07:44 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:12 - 2012-06-24 07:44 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-24 07:44 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:12 - 2012-06-24 07:44 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-05-27 07:26 - 2012-05-27 07:26 - 00002170 ____A C:\Users\Public\Desktop\Google Earth.lnk

2012-05-27 07:23 - 2012-05-27 07:22 - 00739816 ____A (Google Inc.) C:\Users\Bill\Downloads\GoogleEarthSetup.exe

2012-05-19 17:05 - 2012-05-19 16:39 - 236609077 ____A C:\Users\Bill\Downloads\zzz-10765.mp4

2012-05-17 15:11 - 2012-06-25 13:56 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-05-17 14:48 - 2012-06-25 13:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-05-17 14:45 - 2012-06-25 13:56 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-05-17 14:36 - 2012-06-25 13:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-05-17 14:35 - 2012-06-25 13:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-05-17 14:35 - 2012-06-25 13:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-17 14:33 - 2012-06-25 13:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-05-17 14:31 - 2012-06-25 13:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-17 14:29 - 2012-06-25 13:56 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-05-17 14:29 - 2012-06-25 13:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-05-17 14:27 - 2012-06-25 13:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-05-17 14:25 - 2012-06-25 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-05-17 14:24 - 2012-06-25 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-05-17 14:20 - 2012-06-25 13:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-05-14 17:05 - 2012-06-24 07:54 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-05-12 10:05 - 2011-04-30 19:22 - 00002479 ____A C:\Users\Public\Desktop\Safari.lnk

2012-05-12 05:13 - 2011-04-30 07:18 - 00114960 ____A C:\Users\Bill\AppData\Local\GDIPFONTCACHEV1.DAT

2012-05-08 15:26 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini

2012-05-08 15:02 - 2012-05-08 15:02 - 00004314 ____A C:\Users\Bill\Documents\MS Office 2007.mds

2012-05-08 15:02 - 2012-05-08 14:58 - 1302560768 ____A C:\Users\Bill\Documents\MS Office 2007.iso

2012-05-03 15:07 - 2012-05-03 15:07 - 00008316 ____A C:\Users\Bill\Downloads\BUI-72.rtf

2012-04-30 20:44 - 2012-06-24 07:54 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-29 13:34 - 2012-04-29 13:33 - 03949785 ____A C:\Users\Bill\Downloads\Motorblok_demontage.wmv

2012-04-27 20:41 - 2012-06-24 07:55 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2012-04-27 19:17 - 2012-06-24 07:55 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-25 20:45 - 2012-06-24 07:54 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-25 20:45 - 2012-06-24 07:54 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-25 20:41 - 2012-06-24 07:54 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-23 20:36 - 2012-06-24 07:54 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 20:36 - 2012-06-24 07:54 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 20:36 - 2012-06-24 07:54 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx

2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts

2012-04-15 17:59 - 2012-04-15 17:59 - 00007649 ____A C:\Users\Bill\Downloads\Filter Tubes List.zip

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 34%

Total physical RAM: 1013.99 MB

Available physical RAM: 662.28 MB

Total Pagefile: 1013.99 MB

Available Pagefile: 658.34 MB

Total Virtual: 2047.88 MB

Available Virtual: 1969.93 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:18.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

4 Drive f: (BRADS DRIVE) (Removable) (Total:0.93 GB) (Free:0.78 GB) FAT

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 74 GB 9 MB

Disk 1 No Media 0 B 0 B

Disk 2 Online 954 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 74 GB 31 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 74 GB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 953 MB 16 KB

==================================================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F BRADS DRIVE FAT Removable 953 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 23:52

======================= End Of Log ==========================

Link to post
Share on other sites

  • Staff

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.