Google Redirect Virus

sneak14 · November 23, 2010

Hi, my computer has the google redirect virus. I've seen this topic several times in your forum but every solution suggests downloading combofix. However, I have Windows 7 - 64bit so it doesn't work on my OS. Any help is very much appreciated.

DDS (Ver_10-11-10.01) - NTFS_AMD64

Run by Dan at 1:32:54.83 on Tue 11/23/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4094.1319 [GMT -7:00]

============== Running Processes ===============

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32nvvsvc.exe

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32nvvsvc.exe

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program Files (x86)AVGAVG10avgwdsvc.exe

C:Program Files (x86)BonjourmDNSResponder.exe

C:Program Files (x86)Hotspot Shieldbinopenvpnas.exe

C:Program Files (x86)Hotspot Shieldbinhsswd.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Windowssystem32taskhost.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WindowsRAVCpl64.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Program Files (x86)uTorrentuTorrent.exe

C:WindowsSystem32StikyNot.exe

C:UsersDanAppDataRoamingDropboxbinDropbox.exe

C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe

C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe

C:Program Files (x86)AVGAVG10avgtray.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)AVGAVG10Identity Protectionagentbinavgidsmonitor.exe

C:UsersDanAppDataLocalTempRtkBtMnt.exe

C:Windowssystem32conhost.exe

C:Program FilesiPodbiniPodService.exe

C:WindowsSystem32svchost.exe -k LocalServicePeerNet

C:Program Files (x86)Hotspot Shieldbinopenvpntray.exe

C:Windowssystem32svchost.exe -k SDRSVC

C:WindowsSysWOW64explorer.exe

C:Windowssystem32AUDIODG.EXE

C:Program Files (x86)iTunesiTunes.exe

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceHelper.exe

C:Windowssystem32conhost.exe

C:Program Files (x86)Common FilesAppleApple Application Supportdistnoted.exe

C:Windowssystem32conhost.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE

C:Program Files (x86)AVGAVG10avgcfgex.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Windowssystem32sppsvc.exe

C:Windowssystem32taskeng.exe

C:Windowssystem32rundll32.exe

C:Windowssystem32vssvc.exe

C:WindowsSystem32svchost.exe -k swprv

C:Program Files (x86)AbletonLive 8.1.3ProgramLive 8.1.3.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Program Files (x86)AVGAVG10avgui.exe

C:Program Files (x86)AVGAVG10avgcfgex.exe

C:Program Files (x86)AVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe

C:Program Files (x86)AVGAVG10avgemca.exe

C:Program Files (x86)AVGAVG10avgnsa.exe

C:Program Files (x86)AVGAVG10avgchsva.exe

C:Windowssystem32conhost.exe

C:Program Files (x86)AVGAVG10avgrsa.exe

C:Program Files (x86)AVGAVG10avgcsrva.exe

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:Windowssystem32DllHost.exe

C:UsersDanDesktopdds.scr

C:Windowssystem32conhost.exe

C:Windowssystem32wbemwmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG10avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:PROGRA~2MICROS~1Office14URLREDIR.DLL

BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:Program Files (x86)Hotspot ShieldHssIEHssIE.dll

uRun: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun

uRun: [uTorrent] "C:Program Files (x86)uTorrentuTorrent.exe"

uRun: [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe

mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [DivXUpdate] "C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun: [AVG_TRAY] C:Program Files (x86)AVGAVG10avgtray.exe

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe" /runcleanupscript

StartupFolder: C:UsersDanAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupDropbox.

lnk - C:UsersDanAppDataRoamingDropboxbinDropbox.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:PROGRA~1MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - C:PROGRA~1MICROS~1Office14ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common Filesmicrosoft sharedOFFICE14MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG10avgpp.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG10avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~1Office14GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~1MICROS~1Office14URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:Program Files (x86)Hotspot ShieldHssIEHssIE_64.dll

mRun-x64: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe

mRun-x64: [RtHDVCpl] RAVCpl64.exe

mRun-x64: [skytel] Skytel.exe

mRun-x64: [bCSSync] "C:Program FilesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:PROGRA~1MICROS~1Office14GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:UsersDanAppDataRoamingMozillaFirefoxProfilesffelhzg9.default

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - pitchfork.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - component: C:Program Files (x86)AVGAVG10Firefoxcomponentsavgssff.dll

FF - component: C:UsersDanAppDataRoamingMozillaFirefoxProfilesffelhzg9.defaultextension

s{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll

FF - plugin: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL

FF - plugin: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL

FF - plugin: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32.dll

---- FIREFOX POLICIES ----

C:Program Files (x86)Mozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:Program Files (x86)Mozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:Program Files (x86)Mozilla Firefoxgreprefsall.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:WindowsSystem32driversAVGIDSEH.sys [2010-9-13 27216]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:WindowsSystem32driversavgrkx64.sys [2010-9-7 30288]

R1 Avgldx64;AVG AVI Loader Driver;C:WindowsSystem32driversavgldx64.sys [2010-9-7 305232]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:WindowsSystem32driversavgmfx64.sys [2010-9-7 41040]

R1 Avgtdia;AVG TDI Driver;C:WindowsSystem32driversavgtdia.sys [2010-9-7 381008]

R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe [2010-10-11 6104656]

R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG10avgwdsvc.exe [2010-9-10 265400]

R2 HssWd;Hotspot Shield Monitoring Service;C:Program Files (x86)Hotspot Shieldbinhsswd.exe -product HSS --> C:Program Files (x86)Hotspot Shieldbinhsswd.exe -product HSS [?]

R3 AVGIDSDriver;AVGIDSDriver;C:WindowsSystem32driversAVGIDSDriver.sys [2010-8-19 157264]

R3 AVGIDSFilter;AVGIDSFilter;C:WindowsSystem32driversAVGIDSFilter.sys [2010-8-19 35920]

R3 itecir;ITECIR Infrared Receiver;C:WindowsSystem32driversitecir.sys [2010-2-24 67616]

R3 netw5v64;Intel

Attach.zip

ark.zip

LDTate · November 23, 2010

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

sneak14 · November 23, 2010

2010/11/23 15:56:51.0284 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12

2010/11/23 15:56:51.0284 ================================================================================

2010/11/23 15:56:51.0284 SystemInfo:

2010/11/23 15:56:51.0284

2010/11/23 15:56:51.0284 OS Version: 6.1.7600 ServicePack: 0.0

2010/11/23 15:56:51.0284 Product type: Workstation

2010/11/23 15:56:51.0284 ComputerName: DAN-PC

2010/11/23 15:56:51.0284 UserName: Dan

2010/11/23 15:56:51.0284 Windows directory: C:\Windows

2010/11/23 15:56:51.0284 System windows directory: C:\Windows

2010/11/23 15:56:51.0284 Running under WOW64

2010/11/23 15:56:51.0284 Processor architecture: Intel x64

2010/11/23 15:56:51.0284 Number of processors: 2

2010/11/23 15:56:51.0284 Page size: 0x1000

2010/11/23 15:56:51.0284 Boot type: Normal boot

2010/11/23 15:56:51.0284 ================================================================================

2010/11/23 15:56:51.0284 Utility is running under WOW64

2010/11/23 15:56:54.0155 Initialize success

2010/11/23 15:57:04.0419 ================================================================================

2010/11/23 15:57:04.0419 Scan started

2010/11/23 15:57:04.0419 Mode: Manual;

2010/11/23 15:57:04.0419 ================================================================================

2010/11/23 15:57:05.0277 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/11/23 15:57:05.0324 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/11/23 15:57:05.0355 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/11/23 15:57:05.0402 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/11/23 15:57:05.0465 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/11/23 15:57:05.0511 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/11/23 15:57:05.0589 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/11/23 15:57:05.0667 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

2010/11/23 15:57:05.0730 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/11/23 15:57:05.0777 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/11/23 15:57:05.0792 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/11/23 15:57:05.0823 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/11/23 15:57:05.0839 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/11/23 15:57:05.0886 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/11/23 15:57:05.0901 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/11/23 15:57:05.0948 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/11/23 15:57:06.0135 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/11/23 15:57:06.0213 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/11/23 15:57:06.0229 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/11/23 15:57:06.0260 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/23 15:57:06.0276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/11/23 15:57:06.0369 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

2010/11/23 15:57:06.0416 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

2010/11/23 15:57:06.0525 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

2010/11/23 15:57:06.0681 Avgldx64 (ef415e445e5376624ed78685ee9647d4) C:\Windows\system32\DRIVERS\avgldx64.sys

2010/11/23 15:57:06.0744 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys

2010/11/23 15:57:06.0806 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys

2010/11/23 15:57:06.0837 Avgtdia (ee472479301fef0b6a17e16d8a0deceb) C:\Windows\system32\DRIVERS\avgtdia.sys

2010/11/23 15:57:06.0915 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/11/23 15:57:06.0962 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/11/23 15:57:07.0009 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/11/23 15:57:07.0071 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/11/23 15:57:07.0118 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/23 15:57:07.0149 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/11/23 15:57:07.0165 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/11/23 15:57:07.0196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/11/23 15:57:07.0227 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/11/23 15:57:07.0243 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/11/23 15:57:07.0259 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/11/23 15:57:07.0274 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/11/23 15:57:07.0321 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/23 15:57:07.0368 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/23 15:57:07.0430 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/11/23 15:57:07.0461 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/11/23 15:57:07.0555 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/23 15:57:07.0571 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/11/23 15:57:07.0617 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/11/23 15:57:07.0649 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/23 15:57:07.0695 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/11/23 15:57:07.0727 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/11/23 15:57:07.0773 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2010/11/23 15:57:07.0836 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/11/23 15:57:07.0867 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/11/23 15:57:07.0898 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/11/23 15:57:08.0007 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/11/23 15:57:08.0054 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/23 15:57:08.0148 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/11/23 15:57:08.0257 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/11/23 15:57:08.0413 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/11/23 15:57:08.0444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/11/23 15:57:08.0522 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/11/23 15:57:08.0569 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/11/23 15:57:08.0600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/23 15:57:08.0647 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/11/23 15:57:08.0678 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/11/23 15:57:08.0709 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/23 15:57:08.0741 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/11/23 15:57:08.0772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/11/23 15:57:08.0803 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/23 15:57:08.0865 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/11/23 15:57:08.0912 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/11/23 15:57:08.0959 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/11/23 15:57:09.0006 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/11/23 15:57:09.0053 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/11/23 15:57:09.0099 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/23 15:57:09.0115 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/11/23 15:57:09.0131 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/11/23 15:57:09.0177 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/11/23 15:57:09.0224 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/23 15:57:09.0302 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/11/23 15:57:09.0396 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/11/23 15:57:09.0443 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/11/23 15:57:09.0489 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/23 15:57:09.0536 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/11/23 15:57:09.0599 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/11/23 15:57:09.0708 IntcAzAudAddService (72e789ab3fcf5099cdeeb6d1c81f61bb) C:\Windows\system32\drivers\RTKVHD64.sys

2010/11/23 15:57:09.0770 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/11/23 15:57:09.0817 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/23 15:57:09.0848 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/23 15:57:09.0879 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/11/23 15:57:09.0895 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/11/23 15:57:09.0942 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/11/23 15:57:09.0973 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/11/23 15:57:10.0004 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/23 15:57:10.0067 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys

2010/11/23 15:57:10.0145 JMCR (c4c054b795fcba9e070d1425dd07a4e4) C:\Windows\system32\DRIVERS\jmcr.sys

2010/11/23 15:57:10.0191 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/23 15:57:10.0223 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/23 15:57:10.0254 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/23 15:57:10.0301 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/11/23 15:57:10.0316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/11/23 15:57:10.0363 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys

2010/11/23 15:57:10.0425 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/23 15:57:10.0488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/11/23 15:57:10.0519 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/11/23 15:57:10.0550 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/11/23 15:57:10.0581 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/11/23 15:57:10.0613 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/11/23 15:57:10.0659 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/11/23 15:57:10.0675 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/11/23 15:57:10.0722 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/11/23 15:57:10.0769 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/23 15:57:10.0800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/23 15:57:10.0831 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/23 15:57:10.0862 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/11/23 15:57:10.0893 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/11/23 15:57:10.0909 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/23 15:57:10.0940 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/11/23 15:57:11.0003 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/23 15:57:11.0018 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/23 15:57:11.0065 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/23 15:57:11.0096 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/11/23 15:57:11.0127 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/11/23 15:57:11.0174 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/11/23 15:57:11.0205 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/11/23 15:57:11.0237 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/11/23 15:57:11.0283 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/23 15:57:11.0299 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/23 15:57:11.0330 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/11/23 15:57:11.0361 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/11/23 15:57:11.0393 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/23 15:57:11.0424 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/11/23 15:57:11.0439 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/11/23 15:57:11.0471 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/11/23 15:57:11.0517 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/23 15:57:11.0580 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/11/23 15:57:11.0627 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/11/23 15:57:11.0673 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/23 15:57:11.0705 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/23 15:57:11.0736 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/23 15:57:11.0767 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/11/23 15:57:11.0798 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/23 15:57:11.0829 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/23 15:57:12.0032 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2010/11/23 15:57:12.0235 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/11/23 15:57:12.0282 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/11/23 15:57:12.0313 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/23 15:57:12.0375 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/11/23 15:57:12.0453 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/11/23 15:57:12.0781 nvlddmkm (4c2e7e596a2a24ca92b76a94fe7a1999) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/11/23 15:57:13.0140 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/11/23 15:57:13.0202 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/11/23 15:57:13.0280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/11/23 15:57:13.0311 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/23 15:57:13.0374 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/11/23 15:57:13.0405 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/11/23 15:57:13.0436 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/11/23 15:57:13.0467 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/11/23 15:57:13.0499 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/11/23 15:57:13.0514 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/11/23 15:57:13.0561 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/11/23 15:57:13.0686 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/23 15:57:13.0701 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/11/23 15:57:13.0764 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/23 15:57:13.0811 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/11/23 15:57:13.0889 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/11/23 15:57:13.0920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/23 15:57:13.0951 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/23 15:57:13.0982 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/11/23 15:57:14.0013 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/23 15:57:14.0045 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/23 15:57:14.0076 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/23 15:57:14.0107 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/23 15:57:14.0138 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/11/23 15:57:14.0185 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/23 15:57:14.0216 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2010/11/23 15:57:14.0247 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/23 15:57:14.0279 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/11/23 15:57:14.0310 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/11/23 15:57:14.0341 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/11/23 15:57:14.0403 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/23 15:57:14.0435 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/11/23 15:57:14.0466 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/11/23 15:57:14.0481 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/11/23 15:57:14.0544 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys

2010/11/23 15:57:14.0591 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/11/23 15:57:14.0637 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/11/23 15:57:14.0669 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/11/23 15:57:14.0700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/11/23 15:57:14.0762 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2010/11/23 15:57:14.0809 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2010/11/23 15:57:14.0840 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys

2010/11/23 15:57:14.0871 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/11/23 15:57:14.0918 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/11/23 15:57:14.0949 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/11/23 15:57:14.0996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/11/23 15:57:15.0059 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/11/23 15:57:15.0121 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2010/11/23 15:57:15.0168 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/23 15:57:15.0230 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/23 15:57:15.0277 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/11/23 15:57:15.0324 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/11/23 15:57:15.0355 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2010/11/23 15:57:15.0371 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/23 15:57:15.0449 SynTP (05745019abf1abb5ec8e305dd836b14f) C:\Windows\system32\DRIVERS\SynTP.sys

2010/11/23 15:57:15.0542 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys

2010/11/23 15:57:15.0651 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/11/23 15:57:15.0792 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/23 15:57:15.0839 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/23 15:57:15.0885 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/11/23 15:57:15.0901 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/11/23 15:57:15.0932 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/23 15:57:15.0963 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/23 15:57:16.0026 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/23 15:57:16.0073 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/23 15:57:16.0119 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/11/23 15:57:16.0151 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/23 15:57:16.0197 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/11/23 15:57:16.0244 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/23 15:57:16.0260 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/11/23 15:57:16.0322 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

2010/11/23 15:57:16.0353 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/23 15:57:16.0400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/11/23 15:57:16.0431 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/23 15:57:16.0478 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/23 15:57:16.0509 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/11/23 15:57:16.0541 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/23 15:57:16.0572 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/23 15:57:16.0603 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/23 15:57:16.0665 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

2010/11/23 15:57:16.0743 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/11/23 15:57:16.0775 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/23 15:57:16.0806 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/11/23 15:57:16.0837 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/11/23 15:57:16.0853 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/11/23 15:57:16.0884 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2010/11/23 15:57:16.0915 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/11/23 15:57:16.0931 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/11/23 15:57:16.0977 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/11/23 15:57:16.0993 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/11/23 15:57:17.0040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/11/23 15:57:17.0071 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2010/11/23 15:57:17.0118 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/11/23 15:57:17.0149 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/23 15:57:17.0180 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/23 15:57:17.0227 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/11/23 15:57:17.0258 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/23 15:57:17.0367 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/11/23 15:57:17.0399 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/11/23 15:57:17.0461 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/23 15:57:17.0508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/23 15:57:17.0555 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/11/23 15:57:17.0601 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/23 15:57:17.0711 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/11/23 15:57:17.0726 ================================================================================

2010/11/23 15:57:17.0726 Scan finished

2010/11/23 15:57:17.0726 ================================================================================

2010/11/23 15:57:17.0726 Detected object count: 1

2010/11/23 15:57:36.0789 \HardDisk1 - will be cured after reboot

2010/11/23 15:57:36.0789 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure

2010/11/23 15:58:47.0754 Deinitialize success

LDTate · November 23, 2010

Reboot and run it again.

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

sneak14 · November 23, 2010

Its working fine aside from the google redirect virus. Also, whenever I open up Firefox an AVG warning pops up warning me that there is a cookie. This just started happening within a few days.

2010/11/23 16:17:57.0590 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12

2010/11/23 16:17:57.0590 ================================================================================

2010/11/23 16:17:57.0590 SystemInfo:

2010/11/23 16:17:57.0590

2010/11/23 16:17:57.0590 OS Version: 6.1.7600 ServicePack: 0.0

2010/11/23 16:17:57.0590 Product type: Workstation

2010/11/23 16:17:57.0590 ComputerName: DAN-PC

2010/11/23 16:17:57.0590 UserName: Dan

2010/11/23 16:17:57.0590 Windows directory: C:\Windows

2010/11/23 16:17:57.0590 System windows directory: C:\Windows

2010/11/23 16:17:57.0590 Running under WOW64

2010/11/23 16:17:57.0590 Processor architecture: Intel x64

2010/11/23 16:17:57.0590 Number of processors: 2

2010/11/23 16:17:57.0590 Page size: 0x1000

2010/11/23 16:17:57.0590 Boot type: Normal boot

2010/11/23 16:17:57.0590 ================================================================================

2010/11/23 16:17:57.0590 Utility is running under WOW64

2010/11/23 16:17:58.0105 Initialize success

2010/11/23 16:17:59.0462 ================================================================================

2010/11/23 16:17:59.0462 Scan started

2010/11/23 16:17:59.0462 Mode: Manual;

2010/11/23 16:17:59.0462 ================================================================================

2010/11/23 16:18:01.0490 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2010/11/23 16:18:01.0630 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2010/11/23 16:18:01.0755 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2010/11/23 16:18:01.0927 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2010/11/23 16:18:02.0020 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2010/11/23 16:18:02.0114 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2010/11/23 16:18:02.0332 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys

2010/11/23 16:18:02.0691 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

2010/11/23 16:18:03.0003 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2010/11/23 16:18:03.0144 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2010/11/23 16:18:03.0175 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2010/11/23 16:18:03.0222 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2010/11/23 16:18:03.0237 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2010/11/23 16:18:03.0284 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2010/11/23 16:18:03.0300 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2010/11/23 16:18:03.0315 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2010/11/23 16:18:03.0362 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2010/11/23 16:18:03.0424 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2010/11/23 16:18:03.0440 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2010/11/23 16:18:03.0471 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/23 16:18:03.0487 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2010/11/23 16:18:03.0768 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

2010/11/23 16:18:03.0830 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

2010/11/23 16:18:03.0846 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

2010/11/23 16:18:03.0924 Avgldx64 (ef415e445e5376624ed78685ee9647d4) C:\Windows\system32\DRIVERS\avgldx64.sys

2010/11/23 16:18:04.0064 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys

2010/11/23 16:18:04.0152 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys

2010/11/23 16:18:04.0190 Avgtdia (ee472479301fef0b6a17e16d8a0deceb) C:\Windows\system32\DRIVERS\avgtdia.sys

2010/11/23 16:18:04.0265 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2010/11/23 16:18:04.0306 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2010/11/23 16:18:04.0353 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2010/11/23 16:18:04.0418 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2010/11/23 16:18:04.0481 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/23 16:18:04.0528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2010/11/23 16:18:04.0543 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2010/11/23 16:18:04.0590 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2010/11/23 16:18:04.0606 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2010/11/23 16:18:04.0621 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2010/11/23 16:18:04.0637 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2010/11/23 16:18:04.0684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2010/11/23 16:18:04.0762 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/23 16:18:04.0824 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/23 16:18:04.0871 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2010/11/23 16:18:04.0964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2010/11/23 16:18:05.0058 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/23 16:18:05.0074 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2010/11/23 16:18:05.0105 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2010/11/23 16:18:05.0152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/23 16:18:05.0167 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2010/11/23 16:18:05.0214 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2010/11/23 16:18:05.0261 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

2010/11/23 16:18:05.0323 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys

2010/11/23 16:18:05.0354 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2010/11/23 16:18:05.0401 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2010/11/23 16:18:05.0526 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2010/11/23 16:18:05.0573 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/23 16:18:05.0620 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys

2010/11/23 16:18:05.0744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2010/11/23 16:18:05.0822 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2010/11/23 16:18:05.0854 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2010/11/23 16:18:05.0900 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2010/11/23 16:18:05.0916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2010/11/23 16:18:05.0947 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/23 16:18:05.0994 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2010/11/23 16:18:06.0025 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2010/11/23 16:18:06.0056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/23 16:18:06.0103 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2010/11/23 16:18:06.0134 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2010/11/23 16:18:06.0166 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/23 16:18:06.0228 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2010/11/23 16:18:06.0306 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2010/11/23 16:18:06.0368 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/11/23 16:18:06.0400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2010/11/23 16:18:06.0446 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2010/11/23 16:18:06.0493 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/23 16:18:06.0509 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2010/11/23 16:18:06.0524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2010/11/23 16:18:06.0571 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2010/11/23 16:18:06.0602 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/23 16:18:06.0665 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2010/11/23 16:18:06.0727 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2010/11/23 16:18:06.0758 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2010/11/23 16:18:06.0790 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/23 16:18:06.0836 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2010/11/23 16:18:06.0883 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2010/11/23 16:18:06.0977 IntcAzAudAddService (72e789ab3fcf5099cdeeb6d1c81f61bb) C:\Windows\system32\drivers\RTKVHD64.sys

2010/11/23 16:18:07.0008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2010/11/23 16:18:07.0039 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/23 16:18:07.0070 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/23 16:18:07.0102 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2010/11/23 16:18:07.0133 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2010/11/23 16:18:07.0164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2010/11/23 16:18:07.0195 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2010/11/23 16:18:07.0226 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/23 16:18:07.0273 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys

2010/11/23 16:18:07.0351 JMCR (c4c054b795fcba9e070d1425dd07a4e4) C:\Windows\system32\DRIVERS\jmcr.sys

2010/11/23 16:18:07.0398 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/23 16:18:07.0445 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/23 16:18:07.0460 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/23 16:18:07.0523 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2010/11/23 16:18:07.0554 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2010/11/23 16:18:07.0601 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys

2010/11/23 16:18:07.0663 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/23 16:18:07.0726 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2010/11/23 16:18:07.0741 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2010/11/23 16:18:07.0788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2010/11/23 16:18:07.0819 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2010/11/23 16:18:07.0866 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2010/11/23 16:18:07.0913 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2010/11/23 16:18:07.0944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2010/11/23 16:18:07.0975 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2010/11/23 16:18:08.0022 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/23 16:18:08.0053 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/23 16:18:08.0084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/23 16:18:08.0131 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2010/11/23 16:18:08.0162 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2010/11/23 16:18:08.0194 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/23 16:18:08.0225 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2010/11/23 16:18:08.0272 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/23 16:18:08.0303 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/23 16:18:08.0350 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/23 16:18:08.0381 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

2010/11/23 16:18:08.0412 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2010/11/23 16:18:08.0459 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2010/11/23 16:18:08.0490 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2010/11/23 16:18:08.0506 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2010/11/23 16:18:08.0552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/23 16:18:08.0584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/23 16:18:08.0599 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2010/11/23 16:18:08.0630 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2010/11/23 16:18:08.0662 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/23 16:18:08.0693 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2010/11/23 16:18:08.0708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2010/11/23 16:18:08.0755 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2010/11/23 16:18:08.0802 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/23 16:18:08.0864 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2010/11/23 16:18:08.0896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2010/11/23 16:18:08.0942 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/23 16:18:08.0974 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/23 16:18:09.0005 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/23 16:18:09.0036 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2010/11/23 16:18:09.0052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/23 16:18:09.0083 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/23 16:18:09.0286 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

2010/11/23 16:18:09.0348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2010/11/23 16:18:09.0395 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2010/11/23 16:18:09.0410 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/23 16:18:09.0473 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2010/11/23 16:18:09.0520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2010/11/23 16:18:09.0832 nvlddmkm (4c2e7e596a2a24ca92b76a94fe7a1999) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2010/11/23 16:18:09.0988 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2010/11/23 16:18:10.0034 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2010/11/23 16:18:10.0112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2010/11/23 16:18:10.0128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/23 16:18:10.0190 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2010/11/23 16:18:10.0222 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2010/11/23 16:18:10.0253 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2010/11/23 16:18:10.0284 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2010/11/23 16:18:10.0300 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/11/23 16:18:10.0346 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2010/11/23 16:18:10.0378 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2010/11/23 16:18:10.0471 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/23 16:18:10.0502 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2010/11/23 16:18:10.0565 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/23 16:18:10.0612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2010/11/23 16:18:10.0658 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2010/11/23 16:18:10.0690 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/23 16:18:10.0721 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/23 16:18:10.0752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2010/11/23 16:18:10.0783 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/23 16:18:10.0814 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/23 16:18:10.0846 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/23 16:18:10.0892 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/23 16:18:10.0908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2010/11/23 16:18:10.0939 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/23 16:18:10.0970 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

2010/11/23 16:18:11.0002 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/23 16:18:11.0033 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2010/11/23 16:18:11.0064 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2010/11/23 16:18:11.0095 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

2010/11/23 16:18:11.0142 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/23 16:18:11.0173 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

2010/11/23 16:18:11.0189 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2010/11/23 16:18:11.0220 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2010/11/23 16:18:11.0282 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys

2010/11/23 16:18:11.0329 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2010/11/23 16:18:11.0360 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2010/11/23 16:18:11.0392 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2010/11/23 16:18:11.0423 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2010/11/23 16:18:11.0470 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

2010/11/23 16:18:11.0501 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

2010/11/23 16:18:11.0548 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys

2010/11/23 16:18:11.0563 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2010/11/23 16:18:11.0610 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2010/11/23 16:18:11.0641 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2010/11/23 16:18:11.0688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2010/11/23 16:18:11.0719 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2010/11/23 16:18:11.0782 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys

2010/11/23 16:18:11.0828 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/23 16:18:11.0875 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/23 16:18:11.0922 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2010/11/23 16:18:11.0969 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

2010/11/23 16:18:12.0000 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

2010/11/23 16:18:12.0031 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/23 16:18:12.0109 SynTP (05745019abf1abb5ec8e305dd836b14f) C:\Windows\system32\DRIVERS\SynTP.sys

2010/11/23 16:18:12.0172 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys

2010/11/23 16:18:12.0250 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys

2010/11/23 16:18:12.0359 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/23 16:18:12.0406 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/23 16:18:12.0437 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2010/11/23 16:18:12.0452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2010/11/23 16:18:12.0484 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/23 16:18:12.0515 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/23 16:18:12.0562 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/23 16:18:12.0593 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/23 16:18:12.0624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2010/11/23 16:18:12.0655 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/23 16:18:12.0686 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2010/11/23 16:18:12.0718 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/23 16:18:12.0733 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2010/11/23 16:18:12.0796 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

2010/11/23 16:18:12.0858 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/23 16:18:12.0889 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2010/11/23 16:18:12.0920 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/23 16:18:12.0967 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/23 16:18:12.0998 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2010/11/23 16:18:13.0014 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2010/11/23 16:18:13.0045 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/23 16:18:13.0076 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/23 16:18:13.0139 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

2010/11/23 16:18:13.0201 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2010/11/23 16:18:13.0248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/23 16:18:13.0264 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2010/11/23 16:18:13.0295 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2010/11/23 16:18:13.0326 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2010/11/23 16:18:13.0357 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

2010/11/23 16:18:13.0373 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

2010/11/23 16:18:13.0404 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2010/11/23 16:18:13.0435 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2010/11/23 16:18:13.0451 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2010/11/23 16:18:13.0498 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2010/11/23 16:18:13.0544 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

2010/11/23 16:18:13.0576 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2010/11/23 16:18:13.0607 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/23 16:18:13.0622 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/23 16:18:13.0669 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2010/11/23 16:18:13.0716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/23 16:18:13.0763 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2010/11/23 16:18:13.0778 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2010/11/23 16:18:13.0856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/23 16:18:13.0903 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/23 16:18:13.0950 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2010/11/23 16:18:13.0997 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/23 16:18:14.0122 ================================================================================

2010/11/23 16:18:14.0122 Scan finished

2010/11/23 16:18:14.0122 ================================================================================

LDTate · November 23, 2010

Run a new MalwareBytes scan and be sure to check for update sbefore running is.

Post the results

sneak14 · November 23, 2010

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5178

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

11/23/2010 4:31:12 PM

mbam-log-2010-11-23 (16-31-12).txt

Scan type: Quick scan

Objects scanned: 139401

Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

sneak14 · November 23, 2010

Also, is it ok for me to update my adobe reader?

LDTate · November 23, 2010

Also, is it ok for me to update my adobe reader?

Yes,

How's it running?

sneak14 · November 23, 2010

So far google is not redirecting me to other sites but it will take me a bit longer to find out for sure. Sometimes it goes away for awhile. But when I open up firefox the AVG window still pops up. It's telling me that I have a tracking cookie called cookie.7search. 7search.com is one of the websites that I have been redirected to from google.

LDTate · November 24, 2010

You're always going to get cookies.

Maybe unistalling FF and reinstalling it will help.

sneak14 · November 24, 2010

Thanks so much for the help. I'll post back within a couple days to update you.

LDTate · November 24, 2010

OK

sneak14 · November 24, 2010

I un/reinstalled firefox. There is still something that isn't working properly. Whenever I go to a site that uses flash (I think it's flash) like Beatport.com or foxsports.com it never works properly the first time; I have to refresh for the features to function properly. This seems to have started about the same time that I got the redirect virus.

LDTate · November 24, 2010

Have you updated Java and Flash Player?

Flash Player

http://download.cnet.com/Adobe-Flash-Playe...4-10001055.html

Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 21 and save it to your desktop.
Scroll down to where it says JDK 6 Update 22 (JDK or JRE)
Click the Download JRE button to the right
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6u20 with JavaFX 1 License Agreement". Click on Continue.The page will refresh.
Click on the link to download Windows Offline Installation and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
  [*]Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  [*]Click OK to leave the Temporary Files Window
  [*]Click OK to leave the Java Control Panel.

sneak14 · November 24, 2010

Did that and the problem is still there. I'm still getting avg warnings every time I open FF. This wasn't happening a few days ago.

LDTate · November 24, 2010

What is the exact warning? Just cookies?

sneak14 · November 25, 2010

"c:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\cookies.sqlite" "Found Tracking cookie.Revsci";""

It doesn't give me the option to remove them.

LDTate · November 25, 2010

empty the cache in firefox

1. click on tools > options

2. click on the Privacy button on the left side of the window

3. click the "Clear All" button to clear all cached items or select individual items to clear by clicking on individual "Clear" buttons (History, Saved Information, Saved Passwords, Download Manager History, Cookies, Cache)

sneak14 · November 25, 2010

I tried that several times. Warnings still kept popping up. It happens for Internet Explorer too.

LDTate · November 25, 2010

The only way I know of to not get cookies is to block them all.

sneak14 · November 26, 2010

is there no way to get rid of these ones? they seem to be harmful. my computer and internet are slower and there's the problem with flash that I mentioned before.

LDTate · November 26, 2010

Download OTL to your desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Custom Scan box paste this in:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

OTL and Extras logs

sneak14 · November 26, 2010

OTL logfile created on: 11/26/2010 8:06:47 AM - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dan\Desktop

64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 297.99 Gb Total Space | 96.91 Gb Free Space | 32.52% Space Free | Partition Type: NTFS

Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Dan\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()

PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe ()

PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()

PRC - C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\Dan\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()

SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()

SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corp.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 8B B6 7B 7F 87 CB 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"

FF - prefs.js..browser.startup.homepage: "pitchfork.com"

FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/24 08:04:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/23 17:27:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/24 23:47:03 | 000,000,000 | ---D | M]

[2010/07/02 18:28:48 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions

[2010/11/25 22:03:10 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions

[2010/09/15 06:24:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/11/11 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}

[2010/11/11 18:18:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010/11/24 23:47:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/11/24 23:47:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/24 23:46:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)

Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)

Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()

Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)

Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)

Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)

Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)

Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()

Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)

Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/11/25 00:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F-Secure

[2010/11/25 00:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg

[2010/11/25 00:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2010/11/24 23:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/11/24 23:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010/11/24 23:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2010/11/24 12:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2010/11/23 17:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2010/11/23 17:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2010/11/23 16:38:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Adobe

[2010/11/23 16:34:30 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Apple Computer

[2010/11/23 15:56:44 | 001,339,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\TDSSKiller.exe

[2010/11/23 15:53:55 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\GooredFix Backups

[2010/11/23 01:58:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

[2010/11/23 01:12:17 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/11/23 00:14:00 | 000,000,000 | R--D | C] -- C:\Users\Dan\Documents\morebass Project

[2010/11/18 17:35:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/11/18 17:35:14 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/11/18 17:28:38 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dan\Desktop\HiJackThis.exe

[2010/11/18 16:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2010/11/14 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/11/14 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/11/14 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/11/11 02:06:10 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Sunbelt Software

[2010/11/11 02:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/11/11 02:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft

[2010/11/11 02:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/11/11 02:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2010/11/11 01:58:46 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com

[2010/11/11 01:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2010/11/11 01:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE

[2010/11/09 22:20:56 | 000,382,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/11/09 21:12:02 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes

[2010/11/09 21:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/11/09 21:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

========== Files - Modified Within 30 Days ==========

[2010/11/26 08:05:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

[2010/11/25 22:12:27 | 000,728,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/11/25 22:12:27 | 000,625,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/11/25 22:12:27 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/11/25 22:07:33 | 000,023,877 | ---- | M] () -- C:\Users\Dan\Documents\Kirov.docx

[2010/11/25 21:53:12 | 100,210,035 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2010/11/25 21:49:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/11/25 21:49:19 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/25 00:27:45 | 000,041,624 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys

[2010/11/25 00:25:32 | 000,750,440 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/11/24 23:15:46 | 000,000,293 | ---- | M] () -- C:\Users\Dan\Desktop\lamedropXPd.ini

[2010/11/24 08:04:32 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

[2010/11/23 17:37:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2010/11/23 17:27:31 | 000,001,963 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/23 17:27:31 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/11/23 15:59:00 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/23 15:58:59 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/23 01:32:42 | 000,630,272 | ---- | M] () -- C:\Users\Dan\Desktop\dds.scr

[2010/11/23 01:31:52 | 000,000,000 | ---- | M] () -- C:\Users\Dan\defogger_reenable

[2010/11/22 00:55:15 | 000,033,796 | ---- | M] () -- C:\Users\Dan\Documents\tuskegee.docx

[2010/11/22 00:53:21 | 000,013,023 | ---- | M] () -- C:\Users\Dan\Documents\nurse rivers lodge.docx

[2010/11/22 00:40:29 | 000,013,725 | ---- | M] () -- C:\Users\Dan\Documents\biblio tusk.docx

[2010/11/19 15:39:37 | 000,011,089 | ---- | M] () -- C:\Users\Dan\Documents\best of dmt.xlsx

[2010/11/18 18:40:00 | 597,093,192 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/11/18 17:35:18 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/18 17:28:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dan\Desktop\HiJackThis.exe

[2010/11/18 02:05:45 | 000,013,274 | ---- | M] () -- C:\Users\Dan\Documents\Quiet Diplomacy.docx

[2010/11/18 01:51:57 | 000,051,353 | ---- | M] () -- C:\Users\Dan\Documents\nic backup.docx

[2010/11/17 23:57:14 | 000,014,559 | ---- | M] () -- C:\Users\Dan\Documents\bibliography.docx

[2010/11/17 07:24:22 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\TDSSKiller.exe

[2010/11/17 00:02:22 | 000,041,043 | ---- | M] () -- C:\Users\Dan\Documents\wtf.docx

[2010/11/16 19:15:09 | 000,037,452 | ---- | M] () -- C:\Users\Dan\Documents\Nicaragua.docx

[2010/11/14 15:35:19 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/11/13 18:23:40 | 000,012,644 | ---- | M] () -- C:\Users\Dan\Documents\MORE HOUSE.xlsx

[2010/11/09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys

[2010/11/06 13:33:11 | 000,000,161 | ---- | M] () -- C:\Windows\AutoKMS.ini

[2010/11/05 13:49:51 | 000,011,007 | ---- | M] () -- C:\Users\Dan\Documents\house.xlsx

[2010/11/02 20:47:10 | 000,005,453 | ---- | M] () -- C:\Users\Dan\Desktop\dmt.png

[2010/11/01 10:42:38 | 000,012,553 | ---- | M] () -- C:\Users\Dan\Documents\Lkjdsljf.docx

[2010/10/28 17:41:18 | 000,011,293 | ---- | M] () -- C:\Users\Dan\Documents\halloween.xlsx

========== Files Created - No Company Name ==========

[2010/11/25 13:16:24 | 000,023,877 | ---- | C] () -- C:\Users\Dan\Documents\Kirov.docx

[2010/11/25 00:25:50 | 000,041,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys

[2010/11/25 00:25:08 | 000,750,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/11/23 17:37:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2010/11/23 17:27:31 | 000,001,963 | ---- | C] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/11/23 17:27:31 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/11/23 01:32:42 | 000,630,272 | ---- | C] () -- C:\Users\Dan\Desktop\dds.scr

[2010/11/23 01:31:52 | 000,000,000 | ---- | C] () -- C:\Users\Dan\defogger_reenable

[2010/11/22 00:52:00 | 000,013,023 | ---- | C] () -- C:\Users\Dan\Documents\nurse rivers lodge.docx

[2010/11/22 00:40:28 | 000,013,725 | ---- | C] () -- C:\Users\Dan\Documents\biblio tusk.docx

[2010/11/20 15:08:18 | 000,033,796 | ---- | C] () -- C:\Users\Dan\Documents\tuskegee.docx

[2010/11/19 15:39:37 | 000,011,089 | ---- | C] () -- C:\Users\Dan\Documents\best of dmt.xlsx

[2010/11/18 17:35:18 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/18 02:04:58 | 000,013,274 | ---- | C] () -- C:\Users\Dan\Documents\Quiet Diplomacy.docx

[2010/11/17 23:28:36 | 000,014,559 | ---- | C] () -- C:\Users\Dan\Documents\bibliography.docx

[2010/11/16 19:47:26 | 000,041,043 | ---- | C] () -- C:\Users\Dan\Documents\wtf.docx

[2010/11/15 20:55:29 | 000,051,353 | ---- | C] () -- C:\Users\Dan\Documents\nic backup.docx

[2010/11/14 15:35:19 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/11/13 18:23:40 | 000,012,644 | ---- | C] () -- C:\Users\Dan\Documents\MORE HOUSE.xlsx

[2010/11/12 16:25:24 | 000,037,452 | ---- | C] () -- C:\Users\Dan\Documents\Nicaragua.docx

[2010/11/07 18:40:57 | 000,000,293 | ---- | C] () -- C:\Users\Dan\Desktop\lamedropXPd.ini

[2010/11/05 13:49:50 | 000,011,007 | ---- | C] () -- C:\Users\Dan\Documents\house.xlsx

[2010/11/02 20:47:09 | 000,005,453 | ---- | C] () -- C:\Users\Dan\Desktop\dmt.png

[2010/11/01 10:42:38 | 000,012,553 | ---- | C] () -- C:\Users\Dan\Documents\Lkjdsljf.docx

[2010/10/28 17:41:18 | 000,011,293 | ---- | C] () -- C:\Users\Dan\Documents\halloween.xlsx

[2010/10/05 17:45:09 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini

[2010/07/29 11:35:53 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2010/07/29 11:35:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/07/29 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/07/29 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/07/29 11:35:52 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2010/07/02 19:56:34 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/07/02 20:54:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Ableton

[2010/10/22 07:19:06 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\AVG10

[2010/11/25 21:52:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Dropbox

[2010/11/26 08:04:31 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent

[2009/07/13 22:08:49 | 000,027,162 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/11/18 17:05:49 | 000,002,376 | ---- | M] () -- C:\aaw7boot.log

[2010/11/25 21:49:19 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys

[2010/11/25 21:49:19 | 4293,320,704 | -HS- | M] () -- C:\pagefile.sys

[2010/11/23 15:58:47 | 000,062,772 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_23.11.2010_15.56.51_log.txt

[2010/11/23 16:15:04 | 000,062,206 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_23.11.2010_16.14.42_log.txt

[2010/11/23 16:24:53 | 000,062,206 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_23.11.2010_16.17.57_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/13 18:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll

[2010/08/31 21:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\user32.dll /md5 >

[2010/08/10 22:46:59 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=861C4346F9281DC0380DE72C8D55D6BE -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >

[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >

[2009/07/13 18:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

This was the only text file that was created.

LDTate · November 26, 2010

I don't see it anywhere but will see what happens.

OTL Fix

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
c:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\cookies.sqlite
:Files
c:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\cookies.sqlite

:Commands
[EmptyFlash]
[EmptyTemp]
[RESETHOSTS] 
[purity]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, it will reboot when it is done and produce a log

Google Redirect Virus

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information