Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links don't work


  • This topic is locked This topic is locked
25 replies to this topic

#1 blueskidoo

blueskidoo

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 02 December 2011 - 01:24 PM

When I search in Google, and click on results, the address turns into a long complex string and then dies. I can't seem to figure out what the problem is. When I turn off Java in Firefox, then Google works fine. I am running windows 7, 64bit and Firefox 8.0.1.

Here are my logs:

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by callie at 13:15:10 on 2011-12-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.950 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vcsFPService.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\conhost.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Windows\system32\dlcxcoms.exe

C:\Program Files\Pogoplug\dokanmnt.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe

C:\Windows\Explorer.EXE

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Pogoplug\ppfs.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\callie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\SysWOW64\RunDll32.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [ppfs.exe] C:\Program Files\Pogoplug\ppfs.exe -s

uRun: [SansaDispatch] C:\Users\callie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\callie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOMA~1.LNK - C:\Troopmaster Software\AutoMailer\AutoMailer.exe

StartupFolder: C:\Users\callie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\Users\callie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://vaexpress.orbital.com/dwa8W.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A9740F3D-7CA1-40BC-8C0A-2D96ED1F5279} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A9740F3D-7CA1-40BC-8C0A-2D96ED1F5279}\14364796F6E6475636 : DhcpNameServer = 10.1.10.1 68.87.71.230

TCP: Interfaces\{A9740F3D-7CA1-40BC-8C0A-2D96ED1F5279}\257726138323330323 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{A9740F3D-7CA1-40BC-8C0A-2D96ED1F5279}\2623 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{A9740F3D-7CA1-40BC-8C0A-2D96ED1F5279}\35471607C6563784F6473707F647 : DhcpNameServer = 12.127.16.77 12.127.17.77 12.127.16.68

TCP: Interfaces\{A9740F3D-7CA1-40BC-8C0A-2D96ED1F5279}\E4544574541425 : DhcpNameServer = 192.168.1.1

LSA: Notification Packages = DPPassFilter scecli

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\4qwkz5cc.default\

FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extentions.y2layers.installId - 70b5ce45-bc00-4959-9b53-7e84dde303c8

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]

R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]

R0 diskpt;diskpt;C:\Windows\system32\drivers\diskpt.sys --> C:\Windows\system32\drivers\diskpt.sys [?]

R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-14 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-1 44768]

R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2011-12-1 127192]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]

R2 dlcx_device;dlcx_device;C:\Windows\system32\dlcxcoms.exe -service --> C:\Windows\system32\dlcxcoms.exe -service [?]

R2 DokanCEDriver;DokanCEDriver;C:\Program Files\Pogoplug\dokance.sys [2010-11-8 65128]

R2 DokanCEMounter;DokanCEMounter;C:\Program Files\Pogoplug\dokanmnt.exe [2010-11-8 132712]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NovacomD;Palm Novacom;C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-6-24 72192]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 1799472]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-3-17 245760]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== File Associations ===============

.

.txt=bftxtfile

.

=============== Created Last 30 ================

.

2011-12-02 10:14:22 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE73D331-B82A-460B-BCAE-D05327C521D3}\offreg.dll

2011-12-02 10:14:21 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EE73D331-B82A-460B-BCAE-D05327C521D3}\mpengine.dll

2011-12-01 15:29:07 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys

2011-12-01 15:28:17 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys

2011-11-16 19:07:31 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll

2011-11-16 19:07:31 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll

2011-11-16 19:07:05 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-11-16 19:06:57 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-11-07 21:39:09 -------- d-----w- C:\Users\callie\AppData\Local\IsolatedStorage

2011-11-07 21:39:03 -------- d-----w- C:\Users\callie\AppData\Roaming\Hermes Podcast Downloader

2011-11-07 21:38:04 -------- d-----w- C:\Users\callie\AppData\Local\Apps

2011-11-07 21:38:03 -------- d-----w- C:\Users\callie\AppData\Local\Deployment

2011-11-05 22:46:35 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-11-05 22:46:35 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-11-05 22:46:35 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-11-05 22:46:34 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-11-05 22:44:30 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-11-05 22:44:30 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-11-05 22:44:29 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-11-05 22:44:28 861696 ----a-w- C:\Windows\System32\oleaut32.dll

.

==================== Find3M ====================

.

2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr

2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2011-11-16 18:39:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-19 02:30:23 2448352 ----a-w- C:\Users\callie\mp3tagv249setup.exe

2011-09-19 02:20:50 3726744 ----a-w- C:\Users\callie\TagRename357.exe

2011-09-19 01:04:01 454120 ----a-w- C:\Users\callie\cnet_tagscan5_1_600setup_exe.exe

2011-06-01 15:12:36 35246 ----a-w- C:\Program Files (x86)\uninstall.exe

.

============= FINISH: 13:20:43.48 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 04 December 2011 - 12:11 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 blueskidoo

blueskidoo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 04 December 2011 - 03:23 PM

Below is my log from combo fix.

In addition to the google links not working the computer has also had these screen flickers. I didn't realize that I hadn't turned off Windows defender, should I run combo fix again? I also had these problems- I didn't think to capture the entire error message from the first error, but the second one is in its entirety. I'll use it more this afternoon and update you on how it's doing.

pve3 has stopped working

Exception EAccessViolation in module ERUNT.3XE at 00003A62
Access violation at address 00403A62 in module 'ERUNT.3XE'. Read of Address 00630066


ComboFix 11-12-04.03 - callie 12/04/2011 14:28:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2221 [GMT -5:00]
Running from: c:\users\callie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Uninstall.exe
c:\users\callie\cnet_tagscan5_1_600setup_exe.exe
c:\users\callie\mp3renaming.exe
c:\users\callie\mp3tagv249setup.exe
c:\users\callie\syslinux.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 20:05 . 2011-12-04 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 20:05 . 2011-12-04 20:05 -------- d-----w- c:\users\Callie XP\AppData\Local\temp
2011-12-04 20:05 . 2011-12-04 20:05 -------- d-----w- c:\users\Callie XP.callie-HP-17\AppData\Local\temp
2011-12-04 20:05 . 2011-12-04 20:05 -------- d-----w- c:\users\Admin\AppData\Local\temp
2011-12-02 23:27 . 2011-12-02 23:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE73D331-B82A-460B-BCAE-D05327C521D3}\offreg.dll
2011-12-02 10:14 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE73D331-B82A-460B-BCAE-D05327C521D3}\mpengine.dll
2011-12-01 15:29 . 2011-11-28 17:54 140120 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-12-01 15:28 . 2011-11-28 17:53 258392 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-16 19:07 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-16 19:07 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-16 19:07 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-16 19:06 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-16 18:39 . 2011-11-16 18:39 -------- d-----w- c:\windows\system32\Macromed
2011-11-07 21:39 . 2011-11-07 21:39 -------- d-----w- c:\users\callie\AppData\Local\IsolatedStorage
2011-11-07 21:39 . 2011-11-07 21:39 -------- d-----w- c:\users\callie\AppData\Roaming\Hermes Podcast Downloader
2011-11-07 21:38 . 2011-11-07 21:38 -------- d-----w- c:\users\callie\AppData\Local\Apps
2011-11-07 21:38 . 2011-11-14 17:31 -------- d-----w- c:\users\callie\AppData\Local\Deployment
2011-11-05 22:46 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-05 22:46 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-11-05 22:46 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-11-05 22:46 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-05 22:44 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-11-05 22:44 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-11-05 22:44 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-11-05 22:44 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2011-03-03 05:26 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-03-03 05:26 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-28 18:01 . 2011-03-01 16:40 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2011-03-03 05:26 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-03-03 05:26 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-03-03 05:26 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-03-03 05:26 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-03-03 05:26 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2011-03-03 05:26 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-16 18:39 . 2011-06-09 13:06 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-19 02:20 . 2011-09-19 02:20 3726744 ----a-w- c:\users\callie\TagRename357.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-08-19 16:45 790304 ----a-w- c:\program files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"ppfs.exe"="c:\program files\Pogoplug\ppfs.exe" [2010-11-08 2065000]
"SansaDispatch"="c:\users\callie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-03-05 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\callie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2011-3-1 73728]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-11-28 127192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 diskpt;diskpt;c:\windows\SYSTEM32\drivers\diskpt.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-03-14 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 561152]
S2 DokanCEDriver;DokanCEDriver;c:\program files\Pogoplug\dokance.sys [2010-11-08 65128]
S2 DokanCEMounter;DokanCEMounter;c:\program files\Pogoplug\dokanmnt.exe [2010-11-08 132712]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-06-25 72192]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-10-05 19:24]
.
2011-11-16 c:\windows\Tasks\HPCeeScheduleForcallie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"Shadow Defender Daemon"="c:\program files\Shadow Defender\DefenderDaemon.exe" [2010-02-09 302908]
"dlcxmon.exe"="c:\program files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-14 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\4qwkz5cc.default\
FF - user.js: extentions.y2layers.installId - 70b5ce45-bc00-4959-9b53-7e84dde303c8
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
.
.
------- File Associations -------
.
.txt=bftxtfile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-NxLevel® Entrepreneur Guide Workbook Companion Software v2.1 - c:\program files (x86)\uninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
Completion time: 2011-12-04 15:12:38
ComboFix-quarantined-files.txt 2011-12-04 20:12
.
Pre-Run: 336,720,498,688 bytes free
Post-Run: 337,498,005,504 bytes free
.
- - End Of File - - 9BB8D3B303AE6E7D3E96A2C309B0B6A3

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 04 December 2011 - 04:04 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 blueskidoo

blueskidoo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 04 December 2011 - 06:46 PM

18:44:02.0540 3740 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
18:44:02.0905 3740 ============================================================
18:44:02.0905 3740 Current date / time: 2011/12/04 18:44:02.0905
18:44:02.0905 3740 SystemInfo:
18:44:02.0905 3740
18:44:02.0905 3740 OS Version: 6.1.7601 ServicePack: 1.0
18:44:02.0905 3740 Product type: Workstation
18:44:02.0905 3740 ComputerName: CALLIE-HP-17
18:44:02.0906 3740 UserName: callie
18:44:02.0906 3740 Windows directory: C:\Windows
18:44:02.0906 3740 System windows directory: C:\Windows
18:44:02.0906 3740 Running under WOW64
18:44:02.0906 3740 Processor architecture: Intel x64
18:44:02.0906 3740 Number of processors: 4
18:44:02.0906 3740 Page size: 0x1000
18:44:02.0906 3740 Boot type: Normal boot
18:44:02.0906 3740 ============================================================
18:44:04.0117 3740 Initialize success
18:44:06.0052 6104 ============================================================
18:44:06.0052 6104 Scan started
18:44:06.0052 6104 Mode: Manual;
18:44:06.0053 6104 ============================================================
18:44:08.0057 6104 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:44:08.0064 6104 1394ohci - ok
18:44:08.0115 6104 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:44:08.0119 6104 Accelerometer - ok
18:44:08.0155 6104 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:44:08.0164 6104 ACPI - ok
18:44:08.0187 6104 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:44:08.0190 6104 AcpiPmi - ok
18:44:08.0333 6104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:44:08.0346 6104 adp94xx - ok
18:44:08.0432 6104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:44:08.0441 6104 adpahci - ok
18:44:08.0476 6104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:44:08.0483 6104 adpu320 - ok
18:44:08.0567 6104 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:44:08.0578 6104 AFD - ok
18:44:08.0676 6104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:44:08.0680 6104 agp440 - ok
18:44:08.0720 6104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:44:08.0723 6104 aliide - ok
18:44:08.0760 6104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:44:08.0764 6104 amdide - ok
18:44:08.0806 6104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:44:08.0811 6104 AmdK8 - ok
18:44:09.0078 6104 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys
18:44:09.0235 6104 amdkmdag - ok
18:44:09.0422 6104 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys
18:44:09.0431 6104 amdkmdap - ok
18:44:09.0473 6104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:44:09.0478 6104 AmdPPM - ok
18:44:09.0534 6104 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:44:09.0539 6104 amdsata - ok
18:44:09.0572 6104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:44:09.0578 6104 amdsbs - ok
18:44:09.0599 6104 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:44:09.0602 6104 amdxata - ok
18:44:09.0712 6104 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:44:09.0716 6104 AppID - ok
18:44:09.0795 6104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:44:09.0800 6104 arc - ok
18:44:09.0836 6104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:44:09.0842 6104 arcsas - ok
18:44:09.0899 6104 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
18:44:09.0902 6104 aswFsBlk - ok
18:44:10.0001 6104 aswFW (78c8f46f4bd5f9dcfe2af5dfea33f334) C:\Windows\system32\drivers\aswFW.sys
18:44:10.0005 6104 aswFW - ok
18:44:10.0045 6104 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
18:44:10.0049 6104 aswMonFlt - ok
18:44:10.0090 6104 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
18:44:10.0093 6104 aswNdis - ok
18:44:10.0148 6104 aswNdis2 (a985fa77a3262bc119e6e520cda645b0) C:\Windows\system32\drivers\aswNdis2.sys
18:44:10.0154 6104 aswNdis2 - ok
18:44:10.0218 6104 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
18:44:10.0221 6104 aswRdr - ok
18:44:10.0272 6104 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
18:44:10.0285 6104 aswSnx - ok
18:44:10.0382 6104 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
18:44:10.0389 6104 aswSP - ok
18:44:10.0453 6104 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
18:44:10.0456 6104 aswTdi - ok
18:44:10.0491 6104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:44:10.0494 6104 AsyncMac - ok
18:44:10.0533 6104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:44:10.0537 6104 atapi - ok
18:44:10.0606 6104 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
18:44:10.0611 6104 AtiHdmiService - ok
18:44:10.0684 6104 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:44:10.0688 6104 AtiPcie - ok
18:44:10.0787 6104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:44:10.0799 6104 b06bdrv - ok
18:44:10.0889 6104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:44:10.0897 6104 b57nd60a - ok
18:44:11.0029 6104 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:44:11.0090 6104 BCM43XX - ok
18:44:11.0187 6104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:44:11.0191 6104 Beep - ok
18:44:11.0238 6104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:44:11.0243 6104 blbdrive - ok
18:44:11.0287 6104 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:44:11.0292 6104 bowser - ok
18:44:11.0317 6104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:44:11.0322 6104 BrFiltLo - ok
18:44:11.0343 6104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:44:11.0347 6104 BrFiltUp - ok
18:44:11.0381 6104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:44:11.0391 6104 Brserid - ok
18:44:11.0415 6104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:44:11.0420 6104 BrSerWdm - ok
18:44:11.0501 6104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:44:11.0505 6104 BrUsbMdm - ok
18:44:11.0523 6104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:44:11.0527 6104 BrUsbSer - ok
18:44:11.0596 6104 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:44:11.0601 6104 BthEnum - ok
18:44:11.0622 6104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:44:11.0627 6104 BTHMODEM - ok
18:44:11.0661 6104 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:44:11.0667 6104 BthPan - ok
18:44:11.0741 6104 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:44:11.0755 6104 BTHPORT - ok
18:44:11.0823 6104 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:44:11.0828 6104 BTHUSB - ok
18:44:11.0871 6104 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
18:44:11.0881 6104 btwampfl - ok
18:44:11.0949 6104 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
18:44:11.0955 6104 btwaudio - ok
18:44:11.0984 6104 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\drivers\btwavdt.sys
18:44:11.0990 6104 btwavdt - ok
18:44:12.0021 6104 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:44:12.0025 6104 btwl2cap - ok
18:44:12.0043 6104 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
18:44:12.0047 6104 btwrchid - ok
18:44:12.0069 6104 catchme - ok
18:44:12.0103 6104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:44:12.0109 6104 cdfs - ok
18:44:12.0207 6104 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:44:12.0214 6104 cdrom - ok
18:44:12.0264 6104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:44:12.0270 6104 circlass - ok
18:44:12.0314 6104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:44:12.0326 6104 CLFS - ok
18:44:12.0437 6104 clwvd (9573e8c7c3b3d1625fd941841fd0859c) C:\Windows\system32\DRIVERS\clwvd.sys
18:44:12.0441 6104 clwvd - ok
18:44:12.0483 6104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:44:12.0488 6104 CmBatt - ok
18:44:12.0533 6104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:44:12.0537 6104 cmdide - ok
18:44:12.0588 6104 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:44:12.0600 6104 CNG - ok
18:44:12.0682 6104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:44:12.0687 6104 Compbatt - ok
18:44:12.0739 6104 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:44:12.0744 6104 CompositeBus - ok
18:44:12.0785 6104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:44:12.0790 6104 crcdisk - ok
18:44:12.0875 6104 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:44:12.0881 6104 DfsC - ok
18:44:12.0962 6104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:44:12.0965 6104 discache - ok
18:44:13.0004 6104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:44:13.0010 6104 Disk - ok
18:44:13.0050 6104 diskpt (cc36ed92c1504acc29727367cd746b84) C:\Windows\system32\drivers\diskpt.sys
18:44:13.0058 6104 diskpt - ok
18:44:13.0136 6104 DokanCEDriver (36e2115700b1dce494c4a646214314d5) C:\Program Files\Pogoplug\dokance.sys
18:44:13.0140 6104 DokanCEDriver - ok
18:44:13.0245 6104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:44:13.0249 6104 drmkaud - ok
18:44:13.0319 6104 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:44:13.0341 6104 DXGKrnl - ok
18:44:13.0566 6104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:44:13.0633 6104 ebdrv - ok
18:44:13.0741 6104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:44:13.0755 6104 elxstor - ok
18:44:13.0797 6104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:44:13.0801 6104 ErrDev - ok
18:44:13.0841 6104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:44:13.0848 6104 exfat - ok
18:44:13.0877 6104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:44:13.0885 6104 fastfat - ok
18:44:13.0920 6104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:44:13.0925 6104 fdc - ok
18:44:14.0000 6104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:44:14.0005 6104 FileInfo - ok
18:44:14.0027 6104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:44:14.0031 6104 Filetrace - ok
18:44:14.0057 6104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:44:14.0062 6104 flpydisk - ok
18:44:14.0108 6104 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:44:14.0118 6104 FltMgr - ok
18:44:14.0230 6104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:44:14.0236 6104 FsDepends - ok
18:44:14.0303 6104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:44:14.0308 6104 Fs_Rec - ok
18:44:14.0380 6104 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:44:14.0388 6104 fvevol - ok
18:44:14.0422 6104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:44:14.0429 6104 gagp30kx - ok
18:44:14.0484 6104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:44:14.0489 6104 hcw85cir - ok
18:44:14.0564 6104 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:44:14.0575 6104 HdAudAddService - ok
18:44:14.0623 6104 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:44:14.0638 6104 HDAudBus - ok
18:44:14.0678 6104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:44:14.0683 6104 HidBatt - ok
18:44:14.0721 6104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:44:14.0727 6104 HidBth - ok
18:44:14.0756 6104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:44:14.0762 6104 HidIr - ok
18:44:14.0833 6104 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:44:14.0839 6104 HidUsb - ok
18:44:14.0948 6104 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:44:14.0953 6104 hpdskflt - ok
18:44:15.0016 6104 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:44:15.0022 6104 HpSAMD - ok
18:44:15.0123 6104 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:44:15.0141 6104 HTTP - ok
18:44:15.0212 6104 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:44:15.0216 6104 hwpolicy - ok
18:44:15.0295 6104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:44:15.0302 6104 i8042prt - ok
18:44:15.0365 6104 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:44:15.0378 6104 iaStorV - ok
18:44:15.0585 6104 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:44:15.0704 6104 igfx - ok
18:44:15.0798 6104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:44:15.0804 6104 iirsp - ok
18:44:15.0863 6104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:44:15.0868 6104 intelide - ok
18:44:15.0900 6104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:44:15.0906 6104 intelppm - ok
18:44:15.0957 6104 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:44:15.0963 6104 IpFilterDriver - ok
18:44:15.0993 6104 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:44:15.0999 6104 IPMIDRV - ok
18:44:16.0089 6104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:44:16.0096 6104 IPNAT - ok
18:44:16.0132 6104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:44:16.0137 6104 IRENUM - ok
18:44:16.0178 6104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:44:16.0183 6104 isapnp - ok
18:44:16.0213 6104 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:44:16.0223 6104 iScsiPrt - ok
18:44:16.0245 6104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:44:16.0250 6104 kbdclass - ok
18:44:16.0313 6104 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:44:16.0319 6104 kbdhid - ok
18:44:16.0431 6104 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:44:16.0438 6104 KSecDD - ok
18:44:16.0492 6104 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:44:16.0499 6104 KSecPkg - ok
18:44:16.0549 6104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:44:16.0555 6104 ksthunk - ok
18:44:16.0633 6104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:44:16.0639 6104 lltdio - ok
18:44:16.0735 6104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:44:16.0743 6104 LSI_FC - ok
18:44:16.0767 6104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:44:16.0774 6104 LSI_SAS - ok
18:44:16.0798 6104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:44:16.0805 6104 LSI_SAS2 - ok
18:44:16.0830 6104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:44:16.0837 6104 LSI_SCSI - ok
18:44:16.0861 6104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:44:16.0868 6104 luafv - ok
18:44:16.0930 6104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:44:16.0936 6104 megasas - ok
18:44:17.0018 6104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:44:17.0029 6104 MegaSR - ok
18:44:17.0059 6104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:44:17.0065 6104 Modem - ok
18:44:17.0100 6104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:44:17.0106 6104 monitor - ok
18:44:17.0149 6104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:44:17.0155 6104 mouclass - ok
18:44:17.0185 6104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:44:17.0191 6104 mouhid - ok
18:44:17.0237 6104 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:44:17.0244 6104 mountmgr - ok
18:44:17.0331 6104 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:44:17.0338 6104 mpio - ok
18:44:17.0370 6104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:44:17.0376 6104 mpsdrv - ok
18:44:17.0433 6104 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:44:17.0441 6104 MRxDAV - ok
18:44:17.0505 6104 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:44:17.0513 6104 mrxsmb - ok
18:44:17.0561 6104 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:44:17.0571 6104 mrxsmb10 - ok
18:44:17.0632 6104 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:44:17.0640 6104 mrxsmb20 - ok
18:44:17.0679 6104 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:44:17.0685 6104 msahci - ok
18:44:17.0729 6104 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:44:17.0737 6104 msdsm - ok
18:44:17.0782 6104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:44:17.0788 6104 Msfs - ok
18:44:17.0828 6104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:44:17.0834 6104 mshidkmdf - ok
18:44:17.0852 6104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:44:17.0858 6104 msisadrv - ok
18:44:17.0932 6104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:44:17.0937 6104 MSKSSRV - ok
18:44:17.0954 6104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:44:17.0960 6104 MSPCLOCK - ok
18:44:17.0981 6104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:44:17.0987 6104 MSPQM - ok
18:44:18.0041 6104 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:44:18.0054 6104 MsRPC - ok
18:44:18.0100 6104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:44:18.0106 6104 mssmbios - ok
18:44:18.0146 6104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:44:18.0152 6104 MSTEE - ok
18:44:18.0173 6104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:44:18.0179 6104 MTConfig - ok
18:44:18.0272 6104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:44:18.0293 6104 Mup - ok
18:44:18.0367 6104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:44:18.0379 6104 NativeWifiP - ok
18:44:18.0482 6104 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:44:18.0500 6104 NDIS - ok
18:44:18.0591 6104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:44:18.0598 6104 NdisCap - ok
18:44:18.0632 6104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:44:18.0638 6104 NdisTapi - ok
18:44:18.0689 6104 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:44:18.0696 6104 Ndisuio - ok
18:44:18.0739 6104 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:44:18.0747 6104 NdisWan - ok
18:44:18.0790 6104 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:44:18.0797 6104 NDProxy - ok
18:44:18.0884 6104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:44:18.0890 6104 NetBIOS - ok
18:44:18.0941 6104 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:44:18.0951 6104 NetBT - ok
18:44:19.0147 6104 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:44:19.0254 6104 netw5v64 - ok
18:44:19.0347 6104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:44:19.0354 6104 nfrd960 - ok
18:44:19.0424 6104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:44:19.0431 6104 Npfs - ok
18:44:19.0461 6104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:44:19.0466 6104 nsiproxy - ok
18:44:19.0554 6104 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:44:19.0589 6104 Ntfs - ok
18:44:19.0664 6104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:44:19.0669 6104 Null - ok
18:44:19.0718 6104 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:44:19.0727 6104 nvraid - ok
18:44:19.0776 6104 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:44:19.0785 6104 nvstor - ok
18:44:19.0828 6104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:44:19.0836 6104 nv_agp - ok
18:44:19.0870 6104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:44:19.0877 6104 ohci1394 - ok
18:44:19.0984 6104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:44:19.0992 6104 Parport - ok
18:44:20.0036 6104 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:44:20.0043 6104 partmgr - ok
18:44:20.0075 6104 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:44:20.0084 6104 pci - ok
18:44:20.0108 6104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:44:20.0115 6104 pciide - ok
18:44:20.0155 6104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:44:20.0165 6104 pcmcia - ok
18:44:20.0192 6104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:44:20.0200 6104 pcw - ok
18:44:20.0233 6104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:44:20.0253 6104 PEAUTH - ok
18:44:20.0447 6104 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:44:20.0455 6104 PptpMiniport - ok
18:44:20.0500 6104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:44:20.0507 6104 Processor - ok
18:44:20.0584 6104 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:44:20.0591 6104 Psched - ok
18:44:20.0655 6104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:44:20.0691 6104 ql2300 - ok
18:44:20.0821 6104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:44:20.0829 6104 ql40xx - ok
18:44:20.0913 6104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:44:20.0920 6104 QWAVEdrv - ok
18:44:20.0944 6104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:44:20.0951 6104 RasAcd - ok
18:44:20.0997 6104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:44:21.0001 6104 RasAgileVpn - ok
18:44:21.0046 6104 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:44:21.0055 6104 Rasl2tp - ok
18:44:21.0081 6104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:44:21.0089 6104 RasPppoe - ok
18:44:21.0138 6104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:44:21.0145 6104 RasSstp - ok
18:44:21.0185 6104 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:44:21.0196 6104 rdbss - ok
18:44:21.0220 6104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:44:21.0227 6104 rdpbus - ok
18:44:21.0248 6104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:44:21.0253 6104 RDPCDD - ok
18:44:21.0287 6104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:44:21.0292 6104 RDPENCDD - ok
18:44:21.0321 6104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:44:21.0327 6104 RDPREFMP - ok
18:44:21.0377 6104 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:44:21.0387 6104 RDPWD - ok
18:44:21.0444 6104 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:44:21.0454 6104 rdyboost - ok
18:44:21.0548 6104 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:44:21.0557 6104 RFCOMM - ok
18:44:21.0621 6104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:44:21.0629 6104 rspndr - ok
18:44:21.0673 6104 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
18:44:21.0683 6104 RSUSBSTOR - ok
18:44:21.0722 6104 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:44:21.0733 6104 RTL8167 - ok
18:44:21.0822 6104 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:44:21.0831 6104 sbp2port - ok
18:44:21.0884 6104 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:44:21.0891 6104 scfilter - ok
18:44:21.0952 6104 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:44:21.0961 6104 sdbus - ok
18:44:22.0022 6104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:44:22.0029 6104 secdrv - ok
18:44:22.0105 6104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:44:22.0112 6104 Serenum - ok
18:44:22.0151 6104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:44:22.0160 6104 Serial - ok
18:44:22.0208 6104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:44:22.0215 6104 sermouse - ok
18:44:22.0278 6104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:44:22.0285 6104 sffdisk - ok
18:44:22.0320 6104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:44:22.0327 6104 sffp_mmc - ok
18:44:22.0349 6104 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:44:22.0356 6104 sffp_sd - ok
18:44:22.0377 6104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:44:22.0385 6104 sfloppy - ok
18:44:22.0451 6104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:44:22.0459 6104 SiSRaid2 - ok
18:44:22.0527 6104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:44:22.0535 6104 SiSRaid4 - ok
18:44:22.0573 6104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:44:22.0581 6104 Smb - ok
18:44:22.0640 6104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:44:22.0647 6104 spldr - ok
18:44:22.0717 6104 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:44:22.0733 6104 srv - ok
18:44:22.0808 6104 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:44:22.0822 6104 srv2 - ok
18:44:22.0879 6104 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:44:22.0892 6104 SrvHsfHDA - ok
18:44:22.0943 6104 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:44:22.0979 6104 SrvHsfV92 - ok
18:44:23.0074 6104 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:44:23.0095 6104 SrvHsfWinac - ok
18:44:23.0155 6104 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:44:23.0165 6104 srvnet - ok
18:44:23.0213 6104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:44:23.0220 6104 stexstor - ok
18:44:23.0308 6104 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
18:44:23.0324 6104 STHDA - ok
18:44:23.0397 6104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:44:23.0404 6104 swenum - ok
18:44:23.0520 6104 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
18:44:23.0553 6104 SynTP - ok
18:44:23.0718 6104 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:44:23.0756 6104 Tcpip - ok
18:44:23.0894 6104 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:44:23.0929 6104 TCPIP6 - ok
18:44:23.0979 6104 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:44:23.0986 6104 tcpipreg - ok
18:44:24.0078 6104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:44:24.0085 6104 TDPIPE - ok
18:44:24.0098 6104 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:44:24.0106 6104 TDTCP - ok
18:44:24.0147 6104 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:44:24.0156 6104 tdx - ok
18:44:24.0200 6104 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:44:24.0208 6104 TermDD - ok
18:44:24.0280 6104 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:44:24.0288 6104 tssecsrv - ok
18:44:24.0334 6104 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:44:24.0343 6104 TsUsbFlt - ok
18:44:24.0446 6104 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:44:24.0455 6104 tunnel - ok
18:44:24.0531 6104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:44:24.0539 6104 uagp35 - ok
18:44:24.0597 6104 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:44:24.0610 6104 udfs - ok
18:44:24.0669 6104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:44:24.0677 6104 uliagpkx - ok
18:44:24.0714 6104 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:44:24.0722 6104 umbus - ok
18:44:24.0772 6104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:44:24.0780 6104 UmPass - ok
18:44:24.0855 6104 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:44:24.0864 6104 usbccgp - ok
18:44:24.0905 6104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:44:24.0914 6104 usbcir - ok
18:44:24.0960 6104 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:44:24.0968 6104 usbehci - ok
18:44:25.0001 6104 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
18:44:25.0009 6104 usbfilter - ok
18:44:25.0076 6104 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:44:25.0090 6104 usbhub - ok
18:44:25.0163 6104 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:44:25.0170 6104 usbohci - ok
18:44:25.0211 6104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:44:25.0219 6104 usbprint - ok
18:44:25.0263 6104 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:44:25.0271 6104 usbscan - ok
18:44:25.0321 6104 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:44:25.0329 6104 USBSTOR - ok
18:44:25.0381 6104 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:44:25.0389 6104 usbuhci - ok
18:44:25.0480 6104 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:44:25.0490 6104 usbvideo - ok
18:44:25.0531 6104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:44:25.0539 6104 vdrvroot - ok
18:44:25.0583 6104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:44:25.0590 6104 vga - ok
18:44:25.0612 6104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:44:25.0620 6104 VgaSave - ok
18:44:25.0669 6104 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:44:25.0680 6104 vhdmp - ok
18:44:25.0702 6104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:44:25.0710 6104 viaide - ok
18:44:25.0734 6104 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:44:25.0742 6104 volmgr - ok
18:44:25.0819 6104 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:44:25.0832 6104 volmgrx - ok
18:44:25.0884 6104 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:44:25.0896 6104 volsnap - ok
18:44:25.0950 6104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:44:25.0960 6104 vsmraid - ok
18:44:25.0993 6104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:44:26.0001 6104 vwifibus - ok
18:44:26.0050 6104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:44:26.0059 6104 vwififlt - ok
18:44:26.0104 6104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:44:26.0112 6104 WacomPen - ok
18:44:26.0188 6104 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:44:26.0197 6104 WANARP - ok
18:44:26.0206 6104 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:44:26.0214 6104 Wanarpv6 - ok
18:44:26.0297 6104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:44:26.0305 6104 Wd - ok
18:44:26.0347 6104 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
18:44:26.0354 6104 WDC_SAM - ok
18:44:26.0394 6104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:44:26.0414 6104 Wdf01000 - ok
18:44:26.0561 6104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:44:26.0569 6104 WfpLwf - ok
18:44:26.0596 6104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:44:26.0604 6104 WIMMount - ok
18:44:26.0704 6104 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
18:44:26.0712 6104 WinUSB - ok
18:44:26.0741 6104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:44:26.0749 6104 WmiAcpi - ok
18:44:26.0800 6104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:44:26.0808 6104 ws2ifsl - ok
18:44:26.0859 6104 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:44:26.0866 6104 WSDPrintDevice - ok
18:44:26.0978 6104 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:44:26.0988 6104 WudfPf - ok
18:44:27.0017 6104 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:44:27.0027 6104 WUDFRd - ok
18:44:27.0094 6104 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:44:27.0109 6104 yukonw7 - ok
18:44:27.0150 6104 MBR (0x1B8) (e72f7bf928bf2d4c93baa56add9806ae) \Device\Harddisk0\DR0
18:44:27.0160 6104 \Device\Harddisk0\DR0 - ok
18:44:27.0175 6104 Boot (0x1200) (dd0c064ee6145a396c509cfcbda72d7a) \Device\Harddisk0\DR0\Partition0
18:44:27.0176 6104 \Device\Harddisk0\DR0\Partition0 - ok
18:44:27.0194 6104 Boot (0x1200) (c5ddb10ddcadf14e87d77a486567a278) \Device\Harddisk0\DR0\Partition1
18:44:27.0196 6104 \Device\Harddisk0\DR0\Partition1 - ok
18:44:27.0229 6104 Boot (0x1200) (79d6dd5f31c4c35e905a4ecee2f13c7e) \Device\Harddisk0\DR0\Partition2
18:44:27.0231 6104 \Device\Harddisk0\DR0\Partition2 - ok
18:44:27.0253 6104 Boot (0x1200) (0cfc6b6edc37d95180e77135c13b469f) \Device\Harddisk0\DR0\Partition3
18:44:27.0253 6104 \Device\Harddisk0\DR0\Partition3 - ok
18:44:27.0254 6104 ============================================================
18:44:27.0255 6104 Scan finished
18:44:27.0255 6104 ============================================================
18:44:27.0279 2332 Detected object count: 0
18:44:27.0279 2332 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 04 December 2011 - 09:17 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 blueskidoo

blueskidoo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 04 December 2011 - 09:49 PM

It seems as though most of the links that end in the long string hang are related to Yahoo, though I can't be sure it is limited to those links, it has improved.



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-04 21:21:04
-----------------------------
21:21:04.450 OS Version: Windows x64 6.1.7601 Service Pack 1
21:21:04.450 Number of processors: 4 586 0x503
21:21:04.452 ComputerName: CALLIE-HP-17 UserName: callie
21:21:06.568 Initialize success
21:21:06.923 AVAST engine defs: 11120401
21:21:19.388 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:21:19.394 Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OC72E Size: 476940MB BusType: 11
21:21:21.441 Disk 0 MBR read successfully
21:21:21.447 Disk 0 MBR scan
21:21:21.454 Disk 0 unknown MBR code
21:21:21.462 Service scanning
21:21:23.285 Modules scanning
21:21:23.293 Disk 0 trace - called modules:
21:21:23.325 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:21:23.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004392790]
21:21:23.343 3 CLASSPNP.SYS[fffff8800196e43f] -> nt!IofCallDriver -> [0xfffffa80042f7b10]
21:21:23.352 5 hpdskflt.sys[fffff88001915189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800439e680]
21:21:24.903 AVAST engine scan C:\Windows
21:21:28.779 AVAST engine scan C:\Windows\system32
21:23:17.842 AVAST engine scan C:\Windows\system32\drivers
21:23:29.602 AVAST engine scan C:\Users\callie
21:41:53.992 Disk 0 MBR has been saved successfully to "C:\Users\callie\Documents\MBR.dat"
21:41:54.010 The log file has been saved successfully to "C:\Users\callie\Documents\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-04 21:21:04
-----------------------------
21:21:04.450 OS Version: Windows x64 6.1.7601 Service Pack 1
21:21:04.450 Number of processors: 4 586 0x503
21:21:04.452 ComputerName: CALLIE-HP-17 UserName: callie
21:21:06.568 Initialize success
21:21:06.923 AVAST engine defs: 11120401
21:21:19.388 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:21:19.394 Disk 0 Vendor: Hitachi_HTS725050A9A364 PC4OC72E Size: 476940MB BusType: 11
21:21:21.441 Disk 0 MBR read successfully
21:21:21.447 Disk 0 MBR scan
21:21:21.454 Disk 0 unknown MBR code
21:21:21.462 Service scanning
21:21:23.285 Modules scanning
21:21:23.293 Disk 0 trace - called modules:
21:21:23.325 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:21:23.334 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004392790]
21:21:23.343 3 CLASSPNP.SYS[fffff8800196e43f] -> nt!IofCallDriver -> [0xfffffa80042f7b10]
21:21:23.352 5 hpdskflt.sys[fffff88001915189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800439e680]
21:21:24.903 AVAST engine scan C:\Windows
21:21:28.779 AVAST engine scan C:\Windows\system32
21:23:17.842 AVAST engine scan C:\Windows\system32\drivers
21:23:29.602 AVAST engine scan C:\Users\callie
21:41:53.992 Disk 0 MBR has been saved successfully to "C:\Users\callie\Documents\MBR.dat"
21:41:54.010 The log file has been saved successfully to "C:\Users\callie\Documents\aswMBR.txt"
21:42:24.125 Disk 0 MBR has been saved successfully to "C:\Users\callie\Documents\MBR.dat"
21:42:24.139 The log file has been saved successfully to "C:\Users\callie\Documents\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 04 December 2011 - 09:52 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 blueskidoo

blueskidoo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 04 December 2011 - 10:54 PM

OTL logfile created on: 12/4/2011 10:13:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\callie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 22.99% Memory free
7.49 Gb Paging File | 4.16 Gb Available in Paging File | 55.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 444.18 Gb Total Space | 313.50 Gb Free Space | 70.58% Space Free | Partition Type: NTFS
Drive D: | 21.28 Gb Total Space | 3.10 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive F: | 99.02 Mb Total Space | 88.89 Mb Free Space | 89.76% Space Free | Partition Type: FAT32
Drive P: | 4096.00 Gb Total Space | 2048.00 Gb Free Space | 50.00% Space Free | Partition Type: FAT32

Computer Name: CALLIE-HP-17 | User Name: callie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\callie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 926\DLCXcfg.dll ()
MOD - C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxscw.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Firewall) -- C:\Program Files\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (NovacomD) -- C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe (Palm)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DokanCEMounter) -- C:\Program Files\Pogoplug\dokanmnt.exe (Cloud Engines)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (dlcx_device) -- C:\Windows\SysNative\dlcxcoms.exe ( )
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (CinemaNow Service) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe (CinemaNow, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (dlcx_device) -- C:\Windows\SysWow64\dlcxcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (DokanCEDriver) -- C:\Program Files\Pogoplug\dokance.sys (Cloud Engines)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (diskpt) -- C:\Windows\SysNative\drivers\diskpt.sys (SHADOWDEFENDER.COM)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-749259887-922269865-4010270597-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-749259887-922269865-4010270597-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/10/19 04:44:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/01 23:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/01 10:28:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/24 22:40:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/02 18:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/08/17 10:39:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2011/08/22 19:25:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.3\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins [2011/07/18 19:15:15 | 000,000,000 | ---D | M]

[2011/03/07 16:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\callie\AppData\Roaming\Mozilla\Extensions
[2010/12/25 21:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\callie\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/07 16:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\callie\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/12/02 12:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\4qwkz5cc.default\extensions
[2011/09/27 16:14:41 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\4qwkz5cc.default\extensions\[email protected]
[2011/10/04 22:23:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions
[2011/10/04 22:23:47 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions\[email protected]
[2011/07/29 14:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\callie\AppData\Roaming\Mozilla\SeaMonkey\Profiles\liplnugx.default\extensions
[2011/11/24 22:41:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/24 22:40:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 18:03:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/24 22:40:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/04 15:06:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-749259887-922269865-4010270597-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [dlcxmon.exe] C:\Program Files (x86)\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [Shadow Defender Daemon] C:\Program Files\Shadow Defender\DefenderDaemon.exe (SHADOWDEFENDER.COM)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-749259887-922269865-4010270597-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-749259887-922269865-4010270597-1000..\Run: [ppfs.exe] C:\Program Files\Pogoplug\ppfs.exe ()
O4 - HKU\S-1-5-21-749259887-922269865-4010270597-1000..\Run: [SansaDispatch] C:\Users\callie\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Users\callie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoMailer.lnk = C:\Troopmaster Software\AutoMailer\AutoMailer.exe ()
O4 - Startup: C:\Users\callie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\__aswSnx private storage\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-749259887-922269865-4010270597-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-749259887-922269865-4010270597-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://vaexpress.orbital.com/dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9740F3D-7CA1-40BC-8C0A-2D96ED1F5279}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 22:12:11 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\callie\Desktop\OTL.exe
[2011/12/04 21:20:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\callie\Desktop\aswMBR.exe
[2011/12/04 18:42:37 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\callie\Desktop\tdsskiller.exe
[2011/12/04 15:05:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/04 14:24:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/04 14:24:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/04 14:24:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/04 14:23:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/04 14:23:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/04 14:22:33 | 004,327,310 | R--- | C] (Swearware) -- C:\Users\callie\Desktop\ComboFix.exe
[2011/12/02 13:03:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\callie\Desktop\dds.scr
[2011/12/02 11:57:41 | 000,000,000 | ---D | C] -- C:\Users\callie\Desktop\GooredFix Backups
[2011/12/02 11:56:49 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\callie\Desktop\GooredFix.exe
[2011/12/02 11:41:56 | 000,000,000 | ---D | C] -- C:\Users\callie\Desktop\tdsskiller
[2011/12/01 10:29:07 | 000,140,120 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2011/12/01 10:28:17 | 000,258,392 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2011/12/01 10:25:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2011/11/16 14:26:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/11/16 13:39:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/13 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\callie\Desktop\webelos_hike_2011-11-12
[2011/11/07 16:39:09 | 000,000,000 | ---D | C] -- C:\Users\callie\AppData\Local\IsolatedStorage
[2011/11/07 16:39:03 | 000,000,000 | ---D | C] -- C:\Users\callie\AppData\Roaming\Hermes Podcast Downloader
[2011/11/07 16:38:55 | 000,000,000 | ---D | C] -- C:\Users\callie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HermesPod
[2011/11/07 16:38:04 | 000,000,000 | ---D | C] -- C:\Users\callie\AppData\Local\Apps
[2011/11/07 16:38:03 | 000,000,000 | ---D | C] -- C:\Users\callie\AppData\Local\Deployment
[2011/11/05 17:48:50 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/11/05 17:48:49 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/11/05 17:48:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/11/05 17:48:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/11/05 17:48:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/11/05 17:48:39 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/11/05 17:48:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/11/05 17:48:37 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/11/05 17:48:36 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/11/05 17:46:35 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/11/05 17:46:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/11/05 17:46:35 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/11/05 17:46:34 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/11/05 17:44:30 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/11/05 17:44:28 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/03/07 12:06:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpmui.dll
[2011/03/07 12:06:06 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxinpa.dll
[2011/03/07 12:06:06 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxiesc.dll
[2011/03/07 12:06:05 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxserv.dll
[2011/03/07 12:06:05 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxusb1.dll
[2011/03/07 12:06:05 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxhbn3.dll
[2011/03/07 12:06:05 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomc.dll
[2011/03/07 12:06:05 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxlmpm.dll
[2011/03/07 12:06:05 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcoms.exe
[2011/03/07 12:06:05 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcomm.dll
[2011/03/07 12:06:05 | 000,380,928 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxih.exe
[2011/03/07 12:06:05 | 000,176,128 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxppls.exe
[2011/03/07 12:06:05 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxprox.dll
[2011/03/07 12:06:05 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxpplc.dll
[2011/03/07 12:06:04 | 000,381,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dlcxcfg.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/04 22:12:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\callie\Desktop\OTL.exe
[2011/12/04 21:42:24 | 000,000,512 | ---- | M] () -- C:\Users\callie\Documents\MBR.dat
[2011/12/04 21:20:38 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\callie\Desktop\aswMBR.exe
[2011/12/04 18:43:06 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\callie\Desktop\tdsskiller.exe
[2011/12/04 15:06:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/12/04 14:22:54 | 004,327,310 | R--- | M] (Swearware) -- C:\Users\callie\Desktop\ComboFix.exe
[2011/12/04 11:20:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 11:20:21 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/04 11:05:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/02 23:24:00 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2011/12/02 15:45:00 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 13:24:41 | 000,000,218 | ---- | M] () -- C:\Users\callie\.recently-used.xbel
[2011/12/02 13:03:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\callie\Desktop\dds.scr
[2011/12/02 12:56:42 | 000,302,592 | ---- | M] () -- C:\Users\callie\Desktop\msj7wc2e.exe
[2011/12/02 11:56:53 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\callie\Desktop\GooredFix.exe
[2011/12/02 11:35:44 | 001,547,774 | ---- | M] () -- C:\Users\callie\Desktop\tdsskiller.zip
[2011/12/01 13:24:44 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/01 13:24:44 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/01 13:24:44 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/01 10:28:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/01 10:25:20 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011/11/28 13:01:14 | 000,256,960 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011/11/28 12:54:44 | 000,140,120 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011/11/28 12:53:28 | 000,258,392 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011/11/27 21:31:21 | 005,425,664 | ---- | M] () -- C:\Users\callie\Documents\CraigsPal_FREE_v4.7.2_win.msi
[2011/11/25 09:49:55 | 000,002,052 | ---- | M] () -- C:\Users\callie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/17 16:16:35 | 496,249,415 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/17 14:34:00 | 000,353,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/17 13:42:13 | 002,244,706 | ---- | M] () -- C:\Users\callie\Documents\SPOOK-1.pdf
[2011/11/16 13:53:52 | 000,002,110 | ---- | M] () -- C:\Users\callie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2011/11/16 13:39:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/16 13:37:21 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForcallie.job
[2011/11/08 13:09:09 | 000,095,465 | ---- | M] () -- C:\Users\callie\Documents\Evancontact card.pdf
[2011/11/08 13:01:01 | 000,191,110 | ---- | M] () -- C:\Users\callie\Documents\Avery-Business Card-8869-01.avery
[2011/11/08 12:55:08 | 000,428,496 | ---- | M] () -- C:\Users\callie\Documents\Evancard.avery
[2011/11/08 12:43:54 | 000,191,539 | ---- | M] () -- C:\Users\callie\Documents\buisnesscardnew.avery
[2011/11/07 16:39:06 | 000,000,220 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/11/07 16:38:55 | 000,000,374 | ---- | M] () -- C:\Users\callie\Desktop\Hermes Podcast Downloader.appref-ms
[2011/11/05 17:41:31 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/04 21:41:53 | 000,000,512 | ---- | C] () -- C:\Users\callie\Documents\MBR.dat
[2011/12/04 14:24:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/04 14:24:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/04 14:24:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/04 14:24:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/04 14:24:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/02 13:24:41 | 000,000,218 | ---- | C] () -- C:\Users\callie\.recently-used.xbel
[2011/12/02 12:56:15 | 000,302,592 | ---- | C] () -- C:\Users\callie\Desktop\msj7wc2e.exe
[2011/12/02 11:35:13 | 001,547,774 | ---- | C] () -- C:\Users\callie\Desktop\tdsskiller.zip
[2011/12/01 10:25:20 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2011/11/27 21:29:53 | 005,425,664 | ---- | C] () -- C:\Users\callie\Documents\CraigsPal_FREE_v4.7.2_win.msi
[2011/11/17 13:42:12 | 002,244,706 | ---- | C] () -- C:\Users\callie\Documents\SPOOK-1.pdf
[2011/11/08 20:53:28 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForcallie.job
[2011/11/08 13:09:09 | 000,095,465 | ---- | C] () -- C:\Users\callie\Documents\Evancontact card.pdf
[2011/11/08 13:00:57 | 000,191,110 | ---- | C] () -- C:\Users\callie\Documents\Avery-Business Card-8869-01.avery
[2011/11/08 12:55:00 | 000,428,496 | ---- | C] () -- C:\Users\callie\Documents\Evancard.avery
[2011/11/08 12:38:54 | 000,191,539 | ---- | C] () -- C:\Users\callie\Documents\buisnesscardnew.avery
[2011/11/07 16:39:06 | 000,000,220 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/11/07 16:38:55 | 000,000,374 | ---- | C] () -- C:\Users\callie\Desktop\Hermes Podcast Downloader.appref-ms
[2011/04/21 16:07:08 | 000,001,854 | ---- | C] () -- C:\Users\callie\AppData\Roaming\GhostObjGAFix.xml
[2011/03/29 09:19:02 | 000,002,008 | ---- | C] () -- C:\Windows\diskpt0.dat
[2011/03/07 12:06:06 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\dlcxutil.dll
[2011/03/07 12:06:06 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\dlcxinst.dll
[2011/03/07 12:06:06 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsb.dll
[2011/03/07 12:06:06 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\dlcxjswr.dll
[2011/03/07 12:06:06 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlcxinsr.dll
[2011/03/07 12:06:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlcxcur.dll
[2011/03/07 12:06:05 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlcxins.dll
[2011/03/07 12:06:05 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlcxcub.dll
[2011/03/07 12:06:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlcxcu.dll
[2011/03/07 12:06:04 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\DLCXcfg.dll
[2011/03/03 00:10:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/01 18:08:02 | 000,022,088 | ---- | C] () -- C:\Windows\diskpt.dat
[2010/10/19 04:15:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/10/19 04:03:59 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/10/19 04:03:59 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/09/03 02:34:57 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/03 01:34:18 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/06/15 22:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/02/09 20:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/01/17 02:10:16 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2004/08/09 02:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 05 December 2011 - 06:27 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-749259887-922269865-4010270597-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    [2011/10/04 22:23:47 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions\[email protected]
    [2011/09/02 18:03:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/24 22:40:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 blueskidoo

blueskidoo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 December 2011 - 07:53 AM

Ran the script, machine rebooted no problem. Links to yahoo still don't work in google in firefox. I did get the idea to try in internet explorer (which I rarely use) and google links to yahoo work fine there. Here is the log from the script. Thanks for working so hard on this.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-749259887-922269865-4010270597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions\[email protected]\content folder moved successfully.
C:\Users\callie\AppData\Roaming\Mozilla\Firefox\Profiles\kfd30pac.default\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\twitter.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\callie\Desktop\cmd.bat deleted successfully.
C:\Users\callie\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: callie
->Temp folder emptied: 454925 bytes
->Temporary Internet Files folder emptied: 152342535 bytes
->Java cache emptied: 308132 bytes
->FireFox cache emptied: 943320776 bytes
->Flash cache emptied: 3468 bytes

User: Callie XP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 2836 bytes

User: Callie XP.callie-HP-17
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2920 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67362 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,046.00 mb


[EMPTYJAVA]

User: Admin

User: All Users

User: callie
->Java cache emptied: 0 bytes

User: Callie XP

User: Callie XP.callie-HP-17

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: All Users

User: callie
->Flash cache emptied: 0 bytes

User: Callie XP
->Flash cache emptied: 0 bytes

User: Callie XP.callie-HP-17
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12052011_200852

Files\Folders moved on Reboot...
C:\Users\callie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 06 December 2011 - 08:02 AM

Hello


Lets uninstall firefox and reinstall it and see if google works after


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 blueskidoo

blueskidoo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 December 2011 - 12:42 PM

I uninstalled firefox and saved my personal info/settings etc and that didn't work. When I uninstalled Firefox and uninstalled all of my personal settings etc it now works perfectly. I am going to reinstall my bookmarks from backup and see if it still works. Is there anything else I should do, besides reset all of my passwrods to everything?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:05 AM

Posted 06 December 2011 - 12:50 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 blueskidoo

blueskidoo
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 06 December 2011 - 12:53 PM

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.6 MUI

Adobe Shockwave Player 11.5

Amazon MP3 Downloader 1.0.12

AMD USB Filter Driver

AudibleManager

AudioShell 1.3.5

avast! Internet Security

Bejeweled 2 Deluxe

Bing Bar

Bing Rewards Client Installer

Blackhawk Striker 2

Bluefish 2.0.2

Build-a-lot 2

calibre

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

CinemaNow Media Manager

Contents

Corel PaintShop Photo Pro X3

Corel VideoStudio Pro X3

CyberLink DVD Suite

DeviceIO

Diner Dash 2 Restaurant Rescue

Dora's Carnival Adventure

DVD Menu Pack for HP MediaSmart Video

EBSCO Publishing Download Manager

Energy Star Digital Logo

Escape Rosecliff Island

ESU for Microsoft Windows 7

FATE

File Type Assistant

FileZilla Client 3.5.1

Final Drive Nitro

Free CraigsList Reader Pro from CraigsPal 4.6.8

Free File Viewer 2011

GIMP 2.6.11

GTK2-Runtime

Hermes Podcast Downloader

Heroes of Hellas 2 - Olympia

HL-2270DW

HP Advisor

HP Customer Experience Enhancements

HP Documentation

HP DVB-T TV Tuner 8.0.64.43

HP Game Console

HP Games

HP MediaSmart CinemaNow 2.0

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart Video

HP MediaSmart Webcam

HP MediaSmart/TouchSmart Netflix

HP Photo Creations

HP Power Manager

HP Quick Launch

HP Setup

HP Software Framework

HP Support Assistant

HPAsset component for HP Active Support Library

Hulu Desktop

ICA

IDT Audio

ImgBurn

IPM_PSP_Pro

IPM_VS_Pro

ISCOM

Jarte 4.3

Java Auto Updater

Java™ 6 Update 22

Java™ 6 Update 26

Jewel Quest 3

Jewel Quest Solitaire 2

Junk Mail filter update

LabelPrint

LightScribe System Software

Malwarebytes' Anti-Malware version 1.51.2.1300

McAfee Security Scan Plus

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office OneNote 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 8.0.1 (x86 en-US)

Mozilla Thunderbird (8.0)

Mp3tag v2.49

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Online Backup

NxLevel® Entrepreneur Guide Workbook Companion Software v2.1

OpenOffice.org 3.3

OverDrive Media Console

PackMaster 2010

Penguins!

PhotoNow!

Plants vs. Zombies

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

PSPPContent

PSPPRO_DCRAW

PureHD

Realtek Ethernet Controller Driver For Windows 7

Realtek USB 2.0 Card Reader

Recovery Manager

Roxio CinemaNow 2.0

Sansa Updater

SeaMonkey (2.3)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Setup

Share

Tag&Rename 3.5.7

TagScanner 5.1.600

ThinkingRock-2.2.1

Threads Archive

Times Reader

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Script Editor Help (KB963671)

VIO

Virtual Families

Virtual Villagers - The Secret City

VSClassic

VSPro

Wheel of Fortune 2

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Encoder 9 Series

Zuma Deluxe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users