Was infected with System Restore

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Was infected with System Restore Seems to be gone but still have search redirects

#1 pagerman

Member

Group: Members
Posts: 25
Joined: 28-October 11

Posted 28 October 2011 - 09:50 AM

Hello, I had an infection of System Restore after clicking on a supposed PDF link. I seem to have rid the machine of it, however I still have the search redirect problem.
I am posting the DDS logs and I cannot run GMER as I am running 64-bit Windows 7 Pro. Thanks in advance for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by robert at 9:39:36 on 2011-10-28
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.7423.4110 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe
C:\Program Files (x86)\Ditto\Ditto.exe
C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\YoWindow\yowindow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\robert\AppData\Local\Apps\2.0\Z0723G32.R4D\2ORNQYE1.MDL\exca..tion_6352939f600b07ef_0001.0000_41af611347f3a278\ExcaliburRSSReader.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\RightFax\Client\FAXCTRL.exe
C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\CSISCMGR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\ProgramData\FLEXnet\Connect\11\agent.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\Agent.exe
C:\Program Files (x86)\Microsoft MapPoint Europe 2010\StreetsOlkShim.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sql07:8000/UI/Home.aspx
mWinlogon: Userinit=C:\Windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ShowBarHelper.ShowBarHelper: {a63fad85-e943-4122-942d-0cd9b052eb8d} - mscoree.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: ShoreTel Web Dialer: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Clipboard Recorder] "C:\Program Files (x86)\LW-WORKS Software\Clipboard Recorder\clipboard_recorder.exe" -startup
uRun: [ShoreTel Personal Call Manager] C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RightFAX Print-to-Fax Driver] C:\Program Files (x86)\RightFax\Client\faxctrl.exe
mRun: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
mRun: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
StartupFolder: C:\Users\robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Excalibur RSS Reader.appref-ms
StartupFolder: C:\Users\robert\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YoWindow.lnk - C:\Program Files (x86)\YoWindow\yowindow.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &ShoreTel Web Dialer - file://C:\Program Files (x86)\ShoreTel\Web Dialer\MakeACall.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: factorybrands.net\locks
Trusted Zone: fmpilot.com\anf
Trusted Zone: fmpilot.com\www
Trusted Zone: servicechannel.com\www4
Trusted Zone: sql07
Trusted Zone: sql08
Trusted Zone: workoasis.com\nmfm
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} - hxxp://photos.msn.com/resources/neutral/controls/MsnPPick.cab?10,0,910,0
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://dnr.wi.gov/WasteMgmt/wm/WMExternal/Reserved.ReportViewerWebControl.axd?Mode=true&ReportID=99b6f24451e34fb7b98ed7c0bfffa47e&ControlID=895aa3177b534575b83442168afd0827&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2670A42B-22E7-46E5-BCA9-BF50CF6A80D1} - hxxp://dinosrest2.no-ip.biz:81/bvip_setup.cab
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://sql08/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=mibfol55oesqg3mozqjmuprm&ControlID=abac4d5a6f3e4de3bf86a312dae3a802&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} - hxxp://192.168.1.240/shorewaredirector/VoiceMessage.ocx
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://65.44.139.2:9203/camclictrl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.mpix.com/customer/uploading/scripts7/ImageUploader7.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxps://msdn.vo.msecnd.net/pr/MSDownloadManager_en-US.cab?e=1624911450&h=257922df4d56ad0f5be36b0e4bfa8756
DPF: {CAA6C3B6-662B-4D14-BB64-EADB88213BFE} - hxxp://192.168.1.137/IPCamPluginTM.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} - hxxp://pagerman.kguard.org/HiDvrOcx.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
TCP: DhcpNameServer = 192.168.1.10
TCP: Interfaces\{33C8C3C2-DC0A-42CB-99F9-B74A2775F0F4} : DhcpNameServer = 192.168.1.10
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO-X64: Lync add-on BHO - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ShowBarHelper.ShowBarHelper: {A63FAD85-E943-4122-942D-0CD9B052EB8D} - mscoree.dll
BHO-X64: ShowBarHelper - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: ShoreTel Web Dialer: {AE07101B-46D4-4A98-AF68-0333EA26E113} - mscoree.dll
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RightFAX Print-to-Fax Driver] C:\Program Files (x86)\RightFax\Client\faxctrl.exe
mRun-x64: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun-x64: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
mRun-x64: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-2-17 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-2-17 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-6-29 140672]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-7-10 147456]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-8 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-9-17 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-3-24 635416]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-6-11 1831024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-28 136824]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 GoToAssist Express Customer;GoToAssist Express Customer;C:\Program Files (x86)\Citrix\GoToAssist Express Customer\290\g2ax_service.exe [2011-5-18 161144]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-8 136176]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-13 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.scr=DWGTrueViewScriptFile
.
=============== Created Last 30 ================
.
2011-10-28 12:36:58 -------- d-----w- C:\Users\robert\AppData\Local\Adobe
2011-10-27 14:29:58 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-10-26 18:05:17 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-10-26 13:39:49 388096 ----a-r- C:\Users\robert\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-26 13:39:49 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-10-26 13:08:21 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-10-25 21:14:05 -------- d-----w- C:\Users\robert\AppData\Roaming\Malwarebytes
2011-10-25 21:14:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-25 21:13:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-25 20:12:08 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-25 19:06:37 -------- d-----w- C:\ComboFix
2011-10-25 18:34:49 98816 ----a-w- C:\Windows\sed.exe
2011-10-25 18:34:49 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-25 18:34:49 256000 ----a-w- C:\Windows\PEV.exe
2011-10-25 18:34:49 208896 ----a-w- C:\Windows\MBR.exe
2011-10-06 14:13:10 -------- d-----w- C:\Program Files\Microsoft Lync Server 2010
2011-10-04 15:53:08 -------- d-----w- C:\Users\robert\AppData\Roaming\webex
2011-10-04 15:05:00 -------- d-----w- C:\ProgramData\WebEx
.
==================== Find3M ====================
.
2011-10-27 14:29:58 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-10-18 12:38:22 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 12:37:35 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2011-10-07 12:37:34 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2011-10-07 12:37:34 34688 ----a-w- C:\Windows\System32\LMIport.dll
2011-09-04 07:18:20 689664 ----a-w- C:\Windows\yowindow.scr
.
============= FINISH: 9:47:55.76 ===============

Attached File(s)

Attach.txt (16.75K)
Number of downloads: 1

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,522
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 29 October 2011 - 08:40 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.
Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 pagerman

Member

Group: Members
Posts: 25
Joined: 28-October 11

Posted 31 October 2011 - 09:14 AM

Thanks for looking at my issue.
So far, the redirect seems to be gone now, I'll keep an eye on it.
Here is the ComboFix log:

ComboFix 11-10-30.03 - robert 10/31/2011 8:06.3.3 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.7423.5210 [GMT -5:00]
Running from: c:\users\robert\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\1kAlMiG2Kb7FzP.exe
c:\programdata\saXsAQWSemKq.exe
c:\users\administrator\Desktop\Setup.exe
c:\users\robert\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\robert\g2mdlhlpx.exe
c:\windows\SysWow64\spool\prtprocs\w32x86\rfprint.dll
J:\Autorun.inf
J:\install.exe
J:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-31 )))))))))))))))))))))))))))))))
.
.
2011-10-31 13:41 . 2011-10-31 13:41 -------- d-----w- c:\users\user\AppData\Local\temp
2011-10-31 13:41 . 2011-10-31 13:41 -------- d-----w- c:\users\laura\AppData\Local\temp
2011-10-31 13:41 . 2011-10-31 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-31 13:41 . 2011-10-31 13:41 -------- d-----w- c:\users\administrator\AppData\Local\temp
2011-10-28 12:36 . 2011-10-28 13:06 -------- d-----w- c:\users\robert\AppData\Local\Adobe
2011-10-27 17:34 . 2011-10-27 17:34 -------- d-----w- c:\windows\system32\Macromed
2011-10-27 14:29 . 2011-10-27 14:29 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-10-26 18:05 . 2011-10-26 18:05 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-26 18:05 . 2011-10-26 18:05 -------- d-----w- c:\program files\Java
2011-10-26 13:39 . 2011-10-26 13:39 388096 ----a-r- c:\users\robert\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-26 13:39 . 2011-10-26 13:39 -------- d-----w- c:\program files (x86)\Trend Micro
2011-10-26 13:08 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2011-10-25 21:14 . 2011-10-25 21:14 -------- d-----w- c:\users\robert\AppData\Roaming\Malwarebytes
2011-10-25 21:14 . 2011-10-25 21:14 -------- d-----w- c:\programdata\Malwarebytes
2011-10-25 21:13 . 2011-10-25 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-06 14:13 . 2011-10-06 14:13 -------- d-----w- c:\program files\Microsoft Lync Server 2010
2011-10-04 15:53 . 2011-10-04 15:53 -------- d-----w- c:\users\robert\AppData\Roaming\webex
2011-10-04 15:05 . 2011-10-04 15:05 -------- d-----w- c:\programdata\WebEx
2011-10-04 12:38 . 2011-10-04 12:38 -------- d-----w- c:\program files (x86)\Winamp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 12:38 . 2011-05-17 12:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-07 12:37 . 2011-01-19 22:20 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-07 12:37 . 2011-01-19 22:20 34688 ----a-w- c:\windows\system32\LMIport.dll
2011-10-07 12:37 . 2011-01-19 22:20 80768 ----a-w- c:\windows\system32\LMIinit.dll
2011-09-04 07:18 . 2011-09-04 07:18 689664 ----a-w- c:\windows\yowindow.scr
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-25_19.59.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-27 14:31 . 2011-10-27 14:31 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 11776 c:\windows\SysWOW64\mshta.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 78848 c:\windows\SysWOW64\inseng.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 35840 c:\windows\SysWOW64\imgutil.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 74752 c:\windows\SysWOW64\iesetup.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 66048 c:\windows\SysWOW64\icardie.dll
+ 2009-07-14 04:54 . 2011-10-31 13:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-25 19:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-31 13:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-25 19:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-25 19:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-31 13:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-24 20:13 . 2011-10-31 13:49 53204 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-31 13:49 47024 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-18 18:21 . 2011-10-31 13:49 15096 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-796845957-117609710-1801674531-2638_UserData.bin
+ 2011-10-27 14:31 . 2011-10-27 14:31 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 65024 c:\windows\system32\pngfilt.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 48640 c:\windows\system32\mshtmler.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 96256 c:\windows\system32\mshtmled.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 12288 c:\windows\system32\mshta.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 10752 c:\windows\system32\msfeedssync.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 30720 c:\windows\system32\licmgr10.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 85504 c:\windows\system32\jsproxy.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 49664 c:\windows\system32\imgutil.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 85504 c:\windows\system32\iesetup.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 39936 c:\windows\system32\iernonce.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 89088 c:\windows\system32\ie4uinit.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 82432 c:\windows\system32\icardie.dll
+ 2010-03-24 18:25 . 2011-10-31 13:45 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-24 18:25 . 2011-10-25 19:55 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-24 18:25 . 2011-10-25 19:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-24 18:25 . 2011-10-31 13:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-31 13:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-25 19:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-31 13:47 . 2011-10-31 13:48 33904 c:\windows\SoftwareDistribution\EventCache\{7776C228-156C-4F32-8AE8-5FA407F93163}.bin
+ 2011-10-25 18:28 . 2011-10-27 11:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-25 18:28 . 2011-10-25 18:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-10-28 14:45 85960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-09-15 19:04 85960 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-10-25 18:28 . 2011-10-25 18:27 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-25 18:28 . 2011-10-27 11:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-25 18:28 . 2011-10-27 11:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-25 18:28 . 2011-10-25 18:27 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-17 19:23 . 2011-10-27 14:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-17 19:23 . 2011-10-25 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-17 19:23 . 2011-10-25 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-17 19:23 . 2011-10-27 14:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-25 19:55 . 2011-10-25 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-31 13:45 . 2011-10-31 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-31 13:45 . 2011-10-31 13:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-25 19:55 . 2011-10-25 19:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-27 14:29 . 2011-10-27 14:29 135168 c:\windows\SysWOW64\XpsRasterService.dll
- 2009-07-14 00:15 . 2009-07-14 01:16 135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 442880 c:\windows\SysWOW64\XpsPrint.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 283648 c:\windows\SysWOW64\XpsGdiConverter.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 152064 c:\windows\SysWOW64\wextract.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 203776 c:\windows\SysWOW64\webcheck.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 420864 c:\windows\SysWOW64\vbscript.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 231936 c:\windows\SysWOW64\url.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 123392 c:\windows\SysWOW64\occache.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 162304 c:\windows\SysWOW64\msrating.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 161792 c:\windows\SysWOW64\msls31.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 196608 c:\windows\SysWOW64\mfreadwrite.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 716800 c:\windows\SysWOW64\jscript.dll
- 2010-03-24 20:30 . 2009-12-02 08:17 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 150528 c:\windows\SysWOW64\iexpress.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 176640 c:\windows\SysWOW64\ieui.dll
- 2009-07-13 23:26 . 2009-07-14 01:15 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 118784 c:\windows\SysWOW64\iepeers.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 163840 c:\windows\SysWOW64\ieakui.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 218624 c:\windows\SysWOW64\d3d10_1core.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 161792 c:\windows\SysWOW64\d3d10_1.dll
- 2009-07-13 23:27 . 2009-07-14 01:15 161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 739840 c:\windows\SysWOW64\d2d1.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 101888 c:\windows\SysWOW64\admparse.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 229888 c:\windows\system32\XpsRasterService.dll
- 2009-07-14 00:37 . 2009-07-14 01:41 229888 c:\windows\system32\XpsRasterService.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 662528 c:\windows\system32\XpsPrint.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 470016 c:\windows\system32\XpsGdiConverter.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 160256 c:\windows\system32\wextract.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 249344 c:\windows\system32\webcheck.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 603648 c:\windows\system32\vbscript.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 237056 c:\windows\system32\url.dll
- 2009-07-14 02:36 . 2011-08-30 12:42 662484 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-27 21:47 662484 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-27 21:47 121352 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-08-30 12:42 121352 c:\windows\system32\perfc009.dat
+ 2011-10-27 14:31 . 2011-10-27 14:31 149504 c:\windows\system32\occache.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 197120 c:\windows\system32\msrating.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 697344 c:\windows\system32\msfeeds.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 257024 c:\windows\system32\mfreadwrite.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 206848 c:\windows\system32\mfps.dll
- 2009-07-14 00:18 . 2009-07-14 01:41 206848 c:\windows\system32\mfps.dll
+ 2011-10-27 17:34 . 2011-10-27 17:34 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe
+ 2011-10-27 17:34 . 2011-10-27 17:34 376480 c:\windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 818176 c:\windows\system32\jscript.dll
+ 2011-10-26 18:05 . 2011-10-26 18:05 190752 c:\windows\system32\javaws.exe
+ 2011-10-26 18:05 . 2011-10-26 18:05 171808 c:\windows\system32\javaw.exe
+ 2011-10-26 18:05 . 2011-10-26 18:05 171808 c:\windows\system32\java.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 103936 c:\windows\system32\inseng.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 165888 c:\windows\system32\iexpress.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 173056 c:\windows\system32\ieUnatt.exe
+ 2011-10-27 14:31 . 2011-10-27 14:31 248320 c:\windows\system32\ieui.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 111616 c:\windows\system32\iesysprep.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 145920 c:\windows\system32\iepeers.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 403248 c:\windows\system32\iedkcs32.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 534528 c:\windows\system32\ieapfltr.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 267776 c:\windows\system32\ieaksie.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 160256 c:\windows\system32\ieakeng.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 135168 c:\windows\system32\IEAdvpack.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 282112 c:\windows\system32\dxtrans.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 452608 c:\windows\system32\dxtmsft.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 265088 c:\windows\system32\drivers\dxgmms1.sys
+ 2011-10-27 14:29 . 2011-10-27 14:29 320512 c:\windows\system32\d3d10_1core.dll
- 2009-07-13 23:41 . 2009-07-14 01:40 197120 c:\windows\system32\d3d10_1.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 197120 c:\windows\system32\d3d10_1.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 902656 c:\windows\system32\d2d1.dll
- 2010-08-18 19:00 . 2010-05-19 19:48 144384 c:\windows\system32\cdd.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 144384 c:\windows\system32\cdd.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 114176 c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2011-10-31 13:42 471020 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-26 18:04 . 2011-10-26 18:04 908800 c:\windows\Installer\12ea720.msi
+ 2011-10-27 14:29 . 2011-10-27 14:29 1619456 c:\windows\SysWOW64\WMVDECOD.DLL
+ 2011-10-27 14:31 . 2011-10-27 14:31 1126912 c:\windows\SysWOW64\wininet.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 1102848 c:\windows\SysWOW64\urlmon.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 3181568 c:\windows\SysWOW64\mf.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 1798144 c:\windows\SysWOW64\jscript9.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 1791488 c:\windows\SysWOW64\iertutil.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 9704960 c:\windows\SysWOW64\ieframe.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 3695416 c:\windows\SysWOW64\ieapfltr.dat
- 2009-07-13 23:44 . 2009-07-14 01:15 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 1074176 c:\windows\SysWOW64\DWrite.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 1170944 c:\windows\SysWOW64\d3d10warp.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 1888256 c:\windows\system32\WMVDECOD.DLL
+ 2011-10-27 14:31 . 2011-10-27 14:31 1389056 c:\windows\system32\wininet.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 1344512 c:\windows\system32\urlmon.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 4068864 c:\windows\system32\mf.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 2309120 c:\windows\system32\jscript9.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 2143744 c:\windows\system32\iertutil.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 3695416 c:\windows\system32\ieapfltr.dat
+ 2011-10-27 14:29 . 2011-10-27 14:29 1133568 c:\windows\system32\FntCache.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 1863680 c:\windows\system32\ExplorerFrame.dll
- 2009-07-13 23:57 . 2009-07-14 01:40 1863680 c:\windows\system32\ExplorerFrame.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 1540608 c:\windows\system32\DWrite.dll
+ 2011-10-27 14:29 . 2011-10-27 14:29 1837568 c:\windows\system32\d3d10warp.dll
+ 2009-07-14 04:45 . 2011-10-27 14:39 3870164 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-05-30 22:05 3870164 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-06-07 21:54 . 2011-10-31 13:42 5459683 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-796845957-117609710-1801674531-2638-12288.dat
+ 2011-10-26 13:39 . 2011-10-26 13:39 1402880 c:\windows\Installer\3bcdae.msi
+ 2011-10-27 14:31 . 2011-10-27 14:31 12275200 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-10-31 12:45 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-10-25 19:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-27 14:31 . 2011-10-27 14:31 17781760 c:\windows\system32\mshtml.dll
+ 2011-10-27 14:31 . 2011-10-27 14:31 10886144 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A63FAD85-E943-4122-942D-0CD9B052EB8D}]
2009-11-25 17:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\robert\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"ShoreTel Personal Call Manager"="c:\program files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe" [2010-08-10 2289664]
"Ditto"="c:\program files (x86)\Ditto\Ditto.exe" [2010-12-23 831488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-02 98304]
"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-06-11 115560]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RightFAX Print-to-Fax Driver"="c:\program files (x86)\RightFax\Client\faxctrl.exe" [2010-01-11 126976]
"Iomega Home Storage Manager"="c:\program files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe" [2009-10-27 152936]
"Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2010-10-22 11937552]
"PlantronicsURE.exe"="c:\program files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe" [2011-09-25 622536]
"PlantronicsBatteryStatus.exe"="c:\program files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe" [2011-09-25 353736]
.
c:\users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Excalibur RSS Reader.appref-ms [2011-1-4 362]
YoWindow.lnk - c:\program files (x86)\YoWindow\yowindow.exe [2011-9-4 758784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files (x86)\Citrix\GoToAssist Express Customer\290\g2ax_service.exe Start=service [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 ahcix64s;ahcix64s;c:\windows\\SystemRoot\system32\DRIVERS\ahcix64s.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-08-08 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-08-08 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-17 140672]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2009-07-10 147456]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-10-07 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 21:57]
.
2011-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 21:57]
.
2011-10-07 c:\windows\Tasks\HPCeeScheduleForrobert.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\robert\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-02 7938080]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sql07:8000/UI/Home.aspx
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &ShoreTel Web Dialer - file://c:\program files (x86)\ShoreTel\Web Dialer\MakeACall.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: factorybrands.net\locks
Trusted Zone: fmpilot.com\anf
Trusted Zone: fmpilot.com\www
Trusted Zone: servicechannel.com\www4
Trusted Zone: sql07
Trusted Zone: sql08
Trusted Zone: workoasis.com\nmfm
TCP: DhcpNameServer = 192.168.1.10
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://dnr.wi.gov/WasteMgmt/wm/WMExternal/Reserved.ReportViewerWebControl.axd?Mode=true&ReportID=99b6f24451e34fb7b98ed7c0bfffa47e&ControlID=895aa3177b534575b83442168afd0827&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
DPF: {2670A42B-22E7-46E5-BCA9-BF50CF6A80D1} - hxxp://dinosrest2.no-ip.biz:81/bvip_setup.cab
DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://sql08/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=mibfol55oesqg3mozqjmuprm&ControlID=abac4d5a6f3e4de3bf86a312dae3a802&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} - hxxp://192.168.1.240/shorewaredirector/VoiceMessage.ocx
DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} - hxxp://65.44.139.2:9203/camclictrl.cab
DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} - hxxp://www.mpix.com/customer/uploading/scripts7/ImageUploader7.cab
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxps://msdn.vo.msecnd.net/pr/MSDownloadManager_en-US.cab?e=1624911450&h=257922df4d56ad0f5be36b0e4bfa8756
DPF: {CAA6C3B6-662B-4D14-BB64-EADB88213BFE} - hxxp://192.168.1.137/IPCamPluginTM.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} - hxxp://pagerman.kguard.org/HiDvrOcx.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Clipboard Recorder - c:\program files (x86)\LW-WORKS Software\Clipboard Recorder\clipboard_recorder.exe
Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
SafeBoot-Symantec Antvirus
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-RightFax 9.4 FP1 Service Release 1 - c:\program files (x86)\RightFax\$Uninstall94FP1ServiceRelease1\Uninstall.exe
AddRemove-RightFax 9.40 Feature Pack 1 - c:\program files (x86)\RightFax\$Uninstall94FP1\Uninstall.exe
AddRemove-{F9B55706-A942-4295-BACD-62ADB69C53EC} - c:\program files (x86)\InstallShield Installation Information\{F9B55706-A942-4295-BACD-62ADB69C53EC}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
c:\program files (x86)\Shoreline Communications\ShoreWare Client\CSISCMGR.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-10-31 09:12:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-31 14:12
.
Pre-Run: 160,163,254,272 bytes free
Post-Run: 160,281,804,800 bytes free
.
- - End Of File - - 965F0ADD198591ADC2F0ABE875DF20A6

#4 pagerman

Member

Group: Members
Posts: 25
Joined: 28-October 11

Posted 31 October 2011 - 09:45 AM

I was wrong. The redirects continue.

#5 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,522
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 31 October 2011 - 08:30 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#6 pagerman

Member

Group: Members
Posts: 25
Joined: 28-October 11

Posted 01 November 2011 - 07:42 AM

No threats found. Report:

07:41:00.0371 1640 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
07:41:00.0790 1640 ============================================================
07:41:00.0790 1640 Current date / time: 2011/11/01 07:41:00.0790
07:41:00.0790 1640 SystemInfo:
07:41:00.0790 1640
07:41:00.0790 1640 OS Version: 6.1.7600 ServicePack: 0.0
07:41:00.0790 1640 Product type: Workstation
07:41:00.0790 1640 ComputerName: RMSSTAT005
07:41:00.0791 1640 UserName: robert
07:41:00.0791 1640 Windows directory: C:\Windows
07:41:00.0791 1640 System windows directory: C:\Windows
07:41:00.0791 1640 Running under WOW64
07:41:00.0791 1640 Processor architecture: Intel x64
07:41:00.0792 1640 Number of processors: 3
07:41:00.0792 1640 Page size: 0x1000
07:41:00.0792 1640 Boot type: Normal boot
07:41:00.0792 1640 ============================================================
07:41:03.0908 1640 Initialize success
07:41:06.0327 7412 ============================================================
07:41:06.0327 7412 Scan started
07:41:06.0327 7412 Mode: Manual;
07:41:06.0327 7412 ============================================================
07:41:12.0071 7412 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
07:41:12.0106 7412 1394ohci - ok
07:41:12.0248 7412 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
07:41:12.0256 7412 ACPI - ok
07:41:12.0406 7412 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
07:41:12.0432 7412 AcpiPmi - ok
07:41:12.0755 7412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
07:41:12.0881 7412 adp94xx - ok
07:41:13.0330 7412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
07:41:13.0434 7412 adpahci - ok
07:41:13.0772 7412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
07:41:13.0868 7412 adpu320 - ok
07:41:14.0022 7412 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
07:41:14.0029 7412 AFD - ok
07:41:14.0143 7412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
07:41:14.0156 7412 agp440 - ok
07:41:14.0497 7412 ahcix64s (570ee6ca8b04c01d195b62f112aa200c) C:\Windows\system32\DRIVERS\ahcix64s.sys
07:41:14.0500 7412 ahcix64s - ok
07:41:14.0768 7412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
07:41:14.0791 7412 aliide - ok
07:41:14.0934 7412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
07:41:14.0950 7412 amdide - ok
07:41:15.0094 7412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
07:41:15.0113 7412 AmdK8 - ok
07:41:15.0269 7412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:41:15.0269 7412 AmdPPM - ok
07:41:15.0379 7412 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
07:41:15.0412 7412 amdsata - ok
07:41:15.0644 7412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
07:41:15.0647 7412 amdsbs - ok
07:41:15.0767 7412 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
07:41:15.0767 7412 amdxata - ok
07:41:15.0947 7412 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
07:41:15.0972 7412 AppID - ok
07:41:16.0238 7412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
07:41:16.0270 7412 arc - ok
07:41:16.0502 7412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
07:41:16.0546 7412 arcsas - ok
07:41:16.0837 7412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:41:16.0838 7412 AsyncMac - ok
07:41:17.0048 7412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
07:41:17.0049 7412 atapi - ok
07:41:17.0810 7412 atikmdag (9746d950c3cf6434b2d1b385edab7ae5) C:\Windows\system32\DRIVERS\atikmdag.sys
07:41:17.0898 7412 atikmdag - ok
07:41:18.0117 7412 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
07:41:18.0118 7412 AtiPcie - ok
07:41:18.0378 7412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
07:41:18.0450 7412 b06bdrv - ok
07:41:18.0735 7412 b57nd60a (93af5ccce5145aa3c2f0a41e7f65149a) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:41:18.0738 7412 b57nd60a - ok
07:41:18.0887 7412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:41:18.0902 7412 Beep - ok
07:41:19.0163 7412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
07:41:19.0164 7412 blbdrive - ok
07:41:19.0290 7412 Blfp (e869c8c360f3705da7875327da616f11) C:\Windows\system32\DRIVERS\basp.sys
07:41:19.0324 7412 Blfp - ok
07:41:19.0502 7412 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
07:41:19.0503 7412 bowser - ok
07:41:19.0748 7412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:41:19.0767 7412 BrFiltLo - ok
07:41:19.0957 7412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:41:19.0972 7412 BrFiltUp - ok
07:41:20.0123 7412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:41:20.0171 7412 Brserid - ok
07:41:20.0599 7412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:41:20.0623 7412 BrSerWdm - ok
07:41:20.0833 7412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:41:20.0844 7412 BrUsbMdm - ok
07:41:20.0978 7412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:41:20.0992 7412 BrUsbSer - ok
07:41:21.0244 7412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
07:41:21.0268 7412 BTHMODEM - ok
07:41:21.0464 7412 catchme - ok
07:41:21.0659 7412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:41:21.0678 7412 cdfs - ok
07:41:21.0980 7412 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
07:41:22.0013 7412 cdrom - ok
07:41:22.0306 7412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
07:41:22.0325 7412 circlass - ok
07:41:22.0489 7412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:41:22.0495 7412 CLFS - ok
07:41:22.0719 7412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
07:41:22.0747 7412 CmBatt - ok
07:41:22.0884 7412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
07:41:22.0899 7412 cmdide - ok
07:41:23.0058 7412 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
07:41:23.0072 7412 CNG - ok
07:41:23.0262 7412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
07:41:23.0379 7412 Compbatt - ok
07:41:23.0679 7412 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
07:41:23.0679 7412 CompositeBus - ok
07:41:23.0806 7412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
07:41:23.0822 7412 crcdisk - ok
07:41:24.0020 7412 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
07:41:24.0023 7412 CSC - ok
07:41:24.0275 7412 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
07:41:24.0276 7412 DfsC - ok
07:41:24.0386 7412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
07:41:24.0387 7412 discache - ok
07:41:24.0549 7412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
07:41:24.0551 7412 Disk - ok
07:41:24.0757 7412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
07:41:24.0780 7412 drmkaud - ok
07:41:24.0998 7412 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
07:41:25.0006 7412 DXGKrnl - ok
07:41:25.0369 7412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
07:41:25.0511 7412 ebdrv - ok
07:41:25.0609 7412 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
07:41:25.0611 7412 eeCtrl - ok
07:41:25.0765 7412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
07:41:25.0821 7412 elxstor - ok
07:41:25.0969 7412 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:41:25.0996 7412 EraserUtilRebootDrv - ok
07:41:26.0147 7412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
07:41:26.0176 7412 ErrDev - ok
07:41:26.0326 7412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
07:41:26.0384 7412 exfat - ok
07:41:26.0504 7412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
07:41:26.0591 7412 fastfat - ok
07:41:26.0775 7412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
07:41:26.0795 7412 fdc - ok
07:41:26.0957 7412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
07:41:26.0969 7412 FileInfo - ok
07:41:27.0129 7412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
07:41:27.0129 7412 Filetrace - ok
07:41:27.0322 7412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
07:41:27.0336 7412 flpydisk - ok
07:41:27.0569 7412 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
07:41:27.0587 7412 FltMgr - ok
07:41:27.0725 7412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:41:27.0733 7412 FsDepends - ok
07:41:27.0845 7412 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
07:41:27.0845 7412 Fs_Rec - ok
07:41:27.0939 7412 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:41:27.0964 7412 fvevol - ok
07:41:28.0121 7412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
07:41:28.0153 7412 gagp30kx - ok
07:41:28.0563 7412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:41:28.0579 7412 hcw85cir - ok
07:41:28.0810 7412 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
07:41:28.0921 7412 HdAudAddService - ok
07:41:29.0070 7412 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:41:29.0072 7412 HDAudBus - ok
07:41:29.0198 7412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
07:41:29.0227 7412 HidBatt - ok
07:41:29.0324 7412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:41:29.0354 7412 HidBth - ok
07:41:29.0523 7412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
07:41:29.0556 7412 HidIr - ok
07:41:29.0699 7412 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
07:41:29.0725 7412 HidUsb - ok
07:41:29.0965 7412 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
07:41:30.0000 7412 HpSAMD - ok
07:41:30.0254 7412 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
07:41:30.0279 7412 HTTP - ok
07:41:30.0467 7412 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
07:41:30.0473 7412 hwpolicy - ok
07:41:30.0699 7412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
07:41:30.0730 7412 i8042prt - ok
07:41:30.0933 7412 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
07:41:31.0036 7412 iaStorV - ok
07:41:31.0212 7412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
07:41:31.0239 7412 iirsp - ok
07:41:31.0493 7412 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
07:41:31.0532 7412 IntcAzAudAddService - ok
07:41:31.0638 7412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
07:41:31.0663 7412 intelide - ok
07:41:31.0798 7412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:41:31.0822 7412 intelppm - ok
07:41:31.0982 7412 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:41:32.0013 7412 IpFilterDriver - ok
07:41:32.0131 7412 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
07:41:32.0166 7412 IPMIDRV - ok
07:41:32.0295 7412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:41:32.0325 7412 IPNAT - ok
07:41:32.0467 7412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:41:32.0491 7412 IRENUM - ok
07:41:32.0651 7412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
07:41:32.0687 7412 isapnp - ok
07:41:32.0807 7412 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
07:41:32.0839 7412 iScsiPrt - ok
07:41:32.0972 7412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:41:32.0997 7412 kbdclass - ok
07:41:33.0204 7412 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
07:41:33.0205 7412 kbdhid - ok
07:41:33.0354 7412 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
07:41:33.0357 7412 KSecDD - ok
07:41:33.0485 7412 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
07:41:33.0487 7412 KSecPkg - ok
07:41:33.0621 7412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:41:33.0635 7412 ksthunk - ok
07:41:33.0838 7412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:41:33.0867 7412 lltdio - ok
07:41:34.0077 7412 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
07:41:34.0078 7412 LMIInfo - ok
07:41:34.0219 7412 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
07:41:34.0245 7412 lmimirr - ok
07:41:34.0347 7412 LMIRfsClientNP - ok
07:41:34.0537 7412 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
07:41:34.0539 7412 LMIRfsDriver - ok
07:41:34.0668 7412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
07:41:34.0684 7412 LSI_FC - ok
07:41:34.0856 7412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
07:41:34.0890 7412 LSI_SAS - ok
07:41:35.0050 7412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:41:35.0081 7412 LSI_SAS2 - ok
07:41:35.0198 7412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:41:35.0218 7412 LSI_SCSI - ok
07:41:35.0396 7412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:41:35.0399 7412 luafv - ok
07:41:35.0532 7412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
07:41:35.0566 7412 megasas - ok
07:41:35.0753 7412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
07:41:35.0802 7412 MegaSR - ok
07:41:35.0907 7412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:41:35.0928 7412 Modem - ok
07:41:36.0115 7412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:41:36.0117 7412 monitor - ok
07:41:36.0271 7412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:41:36.0271 7412 mouclass - ok
07:41:36.0384 7412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:41:36.0384 7412 mouhid - ok
07:41:36.0560 7412 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
07:41:36.0562 7412 mountmgr - ok
07:41:36.0720 7412 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
07:41:36.0753 7412 mpio - ok
07:41:36.0917 7412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:41:36.0954 7412 mpsdrv - ok
07:41:37.0063 7412 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
07:41:37.0092 7412 MRxDAV - ok
07:41:37.0241 7412 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:41:37.0243 7412 mrxsmb - ok
07:41:37.0363 7412 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:41:37.0367 7412 mrxsmb10 - ok
07:41:37.0482 7412 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:41:37.0508 7412 mrxsmb20 - ok
07:41:37.0637 7412 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
07:41:37.0638 7412 msahci - ok
07:41:37.0736 7412 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
07:41:37.0789 7412 msdsm - ok
07:41:37.0876 7412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:41:37.0915 7412 Msfs - ok
07:41:38.0191 7412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:41:38.0219 7412 mshidkmdf - ok
07:41:38.0462 7412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
07:41:38.0463 7412 msisadrv - ok
07:41:38.0642 7412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:41:38.0665 7412 MSKSSRV - ok
07:41:38.0829 7412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:41:38.0859 7412 MSPCLOCK - ok
07:41:38.0975 7412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:41:39.0004 7412 MSPQM - ok
07:41:39.0118 7412 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
07:41:39.0120 7412 MsRPC - ok
07:41:39.0237 7412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
07:41:39.0237 7412 mssmbios - ok
07:41:39.0350 7412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:41:39.0396 7412 MSTEE - ok
07:41:39.0536 7412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
07:41:39.0563 7412 MTConfig - ok
07:41:39.0659 7412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:41:39.0697 7412 Mup - ok
07:41:39.0967 7412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:41:40.0026 7412 NativeWifiP - ok
07:41:40.0166 7412 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111031.034\ENG64.SYS
07:41:40.0166 7412 NAVENG - ok
07:41:40.0544 7412 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20111031.034\EX64.SYS
07:41:40.0556 7412 NAVEX15 - ok
07:41:40.0746 7412 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
07:41:40.0759 7412 NDIS - ok
07:41:40.0859 7412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:41:40.0874 7412 NdisCap - ok
07:41:40.0982 7412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:41:40.0982 7412 NdisTapi - ok
07:41:41.0106 7412 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
07:41:41.0118 7412 Ndisuio - ok
07:41:41.0247 7412 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
07:41:41.0249 7412 NdisWan - ok
07:41:41.0384 7412 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
07:41:41.0386 7412 NDProxy - ok
07:41:41.0536 7412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:41:41.0547 7412 NetBIOS - ok
07:41:41.0671 7412 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
07:41:41.0673 7412 NetBT - ok
07:41:42.0052 7412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
07:41:42.0071 7412 nfrd960 - ok
07:41:42.0254 7412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:41:42.0255 7412 Npfs - ok
07:41:42.0456 7412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:41:42.0457 7412 nsiproxy - ok
07:41:42.0804 7412 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
07:41:42.0833 7412 Ntfs - ok
07:41:43.0085 7412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:41:43.0098 7412 Null - ok
07:41:43.0230 7412 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
07:41:43.0270 7412 nvraid - ok
07:41:43.0419 7412 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
07:41:43.0461 7412 nvstor - ok
07:41:43.0619 7412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
07:41:43.0665 7412 nv_agp - ok
07:41:43.0818 7412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
07:41:43.0839 7412 ohci1394 - ok
07:41:44.0084 7412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
07:41:44.0085 7412 Parport - ok
07:41:44.0225 7412 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
07:41:44.0226 7412 partmgr - ok
07:41:44.0363 7412 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
07:41:44.0365 7412 pci - ok
07:41:44.0538 7412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
07:41:44.0564 7412 pciide - ok
07:41:44.0694 7412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
07:41:44.0749 7412 pcmcia - ok
07:41:44.0983 7412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:41:44.0984 7412 pcw - ok
07:41:45.0189 7412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:41:45.0204 7412 PEAUTH - ok
07:41:45.0373 7412 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
07:41:45.0375 7412 PptpMiniport - ok
07:41:45.0476 7412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
07:41:45.0491 7412 Processor - ok
07:41:45.0646 7412 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
07:41:45.0648 7412 Psched - ok
07:41:45.0786 7412 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:41:45.0788 7412 PxHlpa64 - ok
07:41:46.0067 7412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
07:41:46.0158 7412 ql2300 - ok
07:41:46.0285 7412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
07:41:46.0305 7412 ql40xx - ok
07:41:46.0440 7412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:41:46.0441 7412 QWAVEdrv - ok
07:41:46.0590 7412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:41:46.0604 7412 RasAcd - ok
07:41:46.0765 7412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:41:46.0765 7412 RasAgileVpn - ok
07:41:46.0894 7412 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:41:46.0896 7412 Rasl2tp - ok
07:41:46.0996 7412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:41:46.0996 7412 RasPppoe - ok
07:41:47.0167 7412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:41:47.0189 7412 RasSstp - ok
07:41:47.0419 7412 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
07:41:47.0423 7412 rdbss - ok
07:41:47.0634 7412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
07:41:47.0636 7412 rdpbus - ok
07:41:47.0828 7412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:41:47.0829 7412 RDPCDD - ok
07:41:48.0001 7412 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
07:41:48.0002 7412 RDPDR - ok
07:41:48.0192 7412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:41:48.0193 7412 RDPENCDD - ok
07:41:48.0242 7412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:41:48.0242 7412 RDPREFMP - ok
07:41:48.0291 7412 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
07:41:48.0293 7412 RDPWD - ok
07:41:48.0438 7412 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
07:41:48.0442 7412 rdyboost - ok
07:41:48.0612 7412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:41:48.0613 7412 rspndr - ok
07:41:48.0756 7412 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
07:41:48.0781 7412 s3cap - ok
07:41:48.0917 7412 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
07:41:48.0936 7412 SASDIFSV - ok
07:41:49.0000 7412 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
07:41:49.0001 7412 SASKUTIL - ok
07:41:49.0123 7412 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
07:41:49.0150 7412 sbp2port - ok
07:41:49.0265 7412 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
07:41:49.0290 7412 scfilter - ok
07:41:49.0399 7412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:41:49.0401 7412 secdrv - ok
07:41:49.0576 7412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
07:41:49.0577 7412 Serenum - ok
07:41:49.0701 7412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
07:41:49.0702 7412 Serial - ok
07:41:49.0801 7412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
07:41:49.0817 7412 sermouse - ok
07:41:49.0913 7412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
07:41:49.0939 7412 sffdisk - ok
07:41:50.0126 7412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
07:41:50.0156 7412 sffp_mmc - ok
07:41:50.0264 7412 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:41:50.0290 7412 sffp_sd - ok
07:41:50.0420 7412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
07:41:50.0453 7412 sfloppy - ok
07:41:50.0577 7412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:41:50.0598 7412 SiSRaid2 - ok
07:41:50.0774 7412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
07:41:50.0802 7412 SiSRaid4 - ok
07:41:50.0963 7412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:41:50.0992 7412 Smb - ok
07:41:51.0307 7412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:41:51.0308 7412 spldr - ok
07:41:51.0567 7412 SRTSP (b531fc8918dcdaae638511a123c3465e) C:\Windows\system32\Drivers\SRTSP64.SYS
07:41:51.0594 7412 SRTSP - ok
07:41:51.0902 7412 SRTSPL (2bd3a73d0601320b72486fc3ebc2544f) C:\Windows\system32\Drivers\SRTSPL64.SYS
07:41:51.0986 7412 SRTSPL - ok
07:41:52.0234 7412 SRTSPX (529b337c1aeeb289f0b502eb0ee6a8f5) C:\Windows\system32\Drivers\SRTSPX64.SYS
07:41:52.0247 7412 SRTSPX - ok
07:41:52.0388 7412 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys
07:41:52.0403 7412 srv - ok
07:41:52.0524 7412 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
07:41:52.0526 7412 srv2 - ok
07:41:52.0676 7412 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys
07:41:52.0679 7412 srvnet - ok
07:41:52.0827 7412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
07:41:52.0853 7412 stexstor - ok
07:41:53.0079 7412 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
07:41:53.0080 7412 storflt - ok
07:41:53.0248 7412 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
07:41:53.0277 7412 storvsc - ok
07:41:53.0522 7412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
07:41:53.0548 7412 swenum - ok
07:41:53.0762 7412 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
07:41:53.0778 7412 SymEvent - ok
07:41:54.0013 7412 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
07:41:54.0087 7412 Tcpip - ok
07:41:54.0226 7412 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
07:41:54.0235 7412 TCPIP6 - ok
07:41:54.0342 7412 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
07:41:54.0343 7412 tcpipreg - ok
07:41:54.0446 7412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:41:54.0463 7412 TDPIPE - ok
07:41:54.0582 7412 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
07:41:54.0583 7412 TDTCP - ok
07:41:54.0711 7412 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
07:41:54.0740 7412 tdx - ok
07:41:54.0884 7412 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
07:41:54.0891 7412 TermDD - ok
07:41:55.0058 7412 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
07:41:55.0060 7412 TPM - ok
07:41:55.0235 7412 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:41:55.0246 7412 tssecsrv - ok
07:41:55.0385 7412 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
07:41:55.0397 7412 tunnel - ok
07:41:55.0518 7412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
07:41:55.0532 7412 uagp35 - ok
07:41:55.0667 7412 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
07:41:55.0753 7412 udfs - ok
07:41:55.0919 7412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
07:41:55.0939 7412 uliagpkx - ok
07:41:56.0127 7412 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
07:41:56.0144 7412 umbus - ok
07:41:56.0240 7412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
07:41:56.0264 7412 UmPass - ok
07:41:56.0434 7412 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
07:41:56.0457 7412 usbaudio - ok
07:41:56.0585 7412 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
07:41:56.0613 7412 usbbus - ok
07:41:56.0704 7412 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
07:41:56.0723 7412 usbccgp - ok
07:41:56.0870 7412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
07:41:56.0899 7412 usbcir - ok
07:41:57.0048 7412 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
07:41:57.0072 7412 UsbDiag - ok
07:41:57.0279 7412 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
07:41:57.0299 7412 usbehci - ok
07:41:57.0422 7412 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
07:41:57.0477 7412 usbhub - ok
07:41:57.0642 7412 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
07:41:57.0658 7412 USBModem - ok
07:41:57.0788 7412 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
07:41:57.0818 7412 usbohci - ok
07:41:57.0978 7412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:41:57.0980 7412 usbprint - ok
07:41:58.0093 7412 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:41:58.0125 7412 usbscan - ok
07:41:58.0260 7412 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:41:58.0262 7412 USBSTOR - ok
07:41:58.0423 7412 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
07:41:58.0450 7412 usbuhci - ok
07:41:58.0649 7412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
07:41:58.0651 7412 vdrvroot - ok
07:41:58.0805 7412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:41:58.0831 7412 vga - ok
07:41:58.0969 7412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:41:58.0971 7412 VgaSave - ok
07:41:59.0175 7412 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
07:41:59.0239 7412 vhdmp - ok
07:41:59.0376 7412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
07:41:59.0393 7412 viaide - ok
07:41:59.0506 7412 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
07:41:59.0540 7412 vmbus - ok
07:41:59.0708 7412 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
07:41:59.0724 7412 VMBusHID - ok
07:41:59.0847 7412 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
07:41:59.0849 7412 volmgr - ok
07:41:59.0985 7412 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
07:41:59.0991 7412 volmgrx - ok
07:42:00.0172 7412 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
07:42:00.0178 7412 volsnap - ok
07:42:00.0308 7412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
07:42:00.0367 7412 vsmraid - ok
07:42:00.0521 7412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
07:42:00.0523 7412 vwifibus - ok
07:42:00.0682 7412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
07:42:00.0697 7412 WacomPen - ok
07:42:00.0804 7412 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:42:00.0806 7412 WANARP - ok
07:42:00.0821 7412 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
07:42:00.0823 7412 Wanarpv6 - ok
07:42:00.0983 7412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
07:42:01.0009 7412 Wd - ok
07:42:01.0211 7412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:42:01.0230 7412 Wdf01000 - ok
07:42:01.0429 7412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:42:01.0430 7412 WfpLwf - ok
07:42:01.0584 7412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:42:01.0599 7412 WIMMount - ok
07:42:01.0861 7412 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
07:42:01.0881 7412 WinUsb - ok
07:42:02.0080 7412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:42:02.0081 7412 WmiAcpi - ok
07:42:02.0236 7412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:42:02.0238 7412 ws2ifsl - ok
07:42:02.0348 7412 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
07:42:02.0363 7412 WudfPf - ok
07:42:02.0558 7412 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:42:02.0562 7412 WUDFRd - ok
07:42:02.0607 7412 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
07:42:02.0620 7412 \Device\Harddisk0\DR0 - ok
07:42:02.0624 7412 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
07:42:02.0835 7412 \Device\Harddisk1\DR1 - ok
07:42:02.0850 7412 Boot (0x1200) (da61c9ff52d13b568bcf2ef73b479bd0) \Device\Harddisk0\DR0\Partition0
07:42:02.0855 7412 \Device\Harddisk0\DR0\Partition0 - ok
07:42:02.0862 7412 Boot (0x1200) (f60486081277cbe51a9ff090e6586987) \Device\Harddisk0\DR0\Partition1
07:42:02.0864 7412 \Device\Harddisk0\DR0\Partition1 - ok
07:42:02.0889 7412 Boot (0x1200) (379bbfbc1a4509f569b2ab99e5bbee4c) \Device\Harddisk0\DR0\Partition2
07:42:02.0894 7412 \Device\Harddisk0\DR0\Partition2 - ok
07:42:02.0900 7412 Boot (0x1200) (16380142270642607c6cac4f25eee29b) \Device\Harddisk1\DR1\Partition0
07:42:02.0902 7412 \Device\Harddisk1\DR1\Partition0 - ok
07:42:02.0904 7412 ============================================================
07:42:02.0904 7412 Scan finished
07:42:02.0904 7412 ============================================================
07:42:02.0917 7312 Detected object count: 0
07:42:02.0917 7312 Actual detected object count: 0

#7 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,522
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 01 November 2011 - 02:20 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTListIt.txt in your next reply.

Gringo

<-- Don't worry every little bit helps.

#8 pagerman

Member

Group: Members
Posts: 25
Joined: 28-October 11

Posted 01 November 2011 - 02:29 PM

Here it is:

OTL logfile created on: 11/1/2011 2:22:38 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\robert\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.25 Gb Total Physical Memory | 4.42 Gb Available Physical Memory | 60.97% Memory free
14.50 Gb Paging File | 11.29 Gb Available in Paging File | 77.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225.99 Gb Total Space | 148.93 Gb Free Space | 65.90% Space Free | Partition Type: NTFS
Drive D: | 5.89 Gb Total Space | 0.59 Gb Free Space | 10.00% Space Free | Partition Type: NTFS
Drive J: | 931.51 Gb Total Space | 765.07 Gb Free Space | 82.13% Space Free | Partition Type: NTFS
Drive P: | 927.44 Gb Total Space | 887.80 Gb Free Space | 95.73% Space Free | Partition Type: NTFS
Drive Q: | 183.17 Gb Total Space | 58.98 Gb Free Space | 32.20% Space Free | Partition Type: NTFS
Drive R: | 261.16 Gb Total Space | 79.94 Gb Free Space | 30.61% Space Free | Partition Type: NTFS
Drive S: | 927.44 Gb Total Space | 887.80 Gb Free Space | 95.73% Space Free | Partition Type: NTFS
Drive T: | 261.16 Gb Total Space | 79.94 Gb Free Space | 30.61% Space Free | Partition Type: NTFS
Drive U: | 927.44 Gb Total Space | 887.80 Gb Free Space | 95.73% Space Free | Partition Type: NTFS
Drive V: | 558.75 Gb Total Space | 29.89 Gb Free Space | 5.35% Space Free | Partition Type: NTFS
Drive W: | 927.44 Gb Total Space | 887.80 Gb Free Space | 95.73% Space Free | Partition Type: NTFS
Drive X: | 927.44 Gb Total Space | 887.80 Gb Free Space | 95.73% Space Free | Partition Type: NTFS
Drive Y: | 927.44 Gb Total Space | 887.80 Gb Free Space | 95.73% Space Free | Partition Type: NTFS
Drive Z: | 261.16 Gb Total Space | 79.94 Gb Free Space | 30.61% Space Free | Partition Type: NTFS

Computer Name: RMSSTAT005 | User Name: robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\robert\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
PRC - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
PRC - C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
PRC - C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe (N-able Technologies)
PRC - C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe (N-able Technologies)
PRC - C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\IIS Express\iisexpress.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Ditto\Ditto.exe ()
PRC - C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Lync\UcMapi.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe (ShoreTel Inc.)
PRC - C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\CSISCMGR.exe (ShoreTel, Inc.)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\ProgramData\FLEXnet\Connect\11\agent.exe (Flexera Software, Inc.)
PRC - C:\Program Files (x86)\RightFax\Client\FAXCTRL.exe (Captaris, Inc.)
PRC - C:\Program Files (x86)\Microsoft MapPoint Europe 2010\StreetsOlkShim.exe (Microsoft)
PRC - C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe (Iomega Corporation)
PRC - C:\Program Files (x86)\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Windows\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\Windows\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\58b47cfa84473cd7d5f9d6a103783867\PlantronicsURE.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\9a78e6fb736e15fc134f1ef6ec6ca627\PlantronicsBatteryStatus.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\b4556112287eda96265d7ec1232aceac\Plantronics.UC.WindowsMediaPlayer.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\9fb2d6c2178df61592c3285b39693d99\Plantronics.UC.Skype.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\dc753302163da87d39052aa28d04c680\Plantronics.UC.WebexConnect.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\c87eedbcceb0fc6f443a0bdd5b281dec\Plantronics.UC.OfficeCommunicator.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\f599c51d45cb1596cb2787e94bff2d1c\Plantronics.UC.SessionService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\52abe1973f654ead35672528d9e77800\Plantronics.UC.ShoreTel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\5173afef77eb5e3efdb1016db20c06cf\Plantronics.UC.CSFClient.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\acba0ab7f4d21e3a10e102f50cecbefc\Plantronics.UC.iTunes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\67efd9cef73890c662fe8cf903c70c0f\Plantronics.UC.CSF.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\aa2d6617f8ccc1eac89f34fdd0bfe2fd\Plantronics.UC.TAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\b0f87257ce97815b4814571db877ef6b\Plantronics.UC.Cisco.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\ed7b7b3c9623a04199cd3e5ffea721a9\Plantronics.UC.AvayaSoftphone.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\14b9961fb69c7b5b6c6564c35404a4f9\Plantronics.UC.AvayaIPAgent.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\a14890ad8a6a9953aa58ee2b0158ead2\Plantronics.UC.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\3d417f2a7a9cf89521568c3c030007a8\Plantronics.UC.Avaya.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\90bb1e08b2b27fb64bf05464030f9ad9\Plantronics.License.Manager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\793de4a6232faf2f544c7f3548447e7b\Plantronics.FlexNet.Adapter.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\7965d955f47a9548d6aa4c5ec65cfcb5\Plantronics.License.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\1f247575394c70f742ad3372531fec46\Plantronics.Device.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\f3c42ed80100e60d8ed32dc81f40fd0c\Plantronics.Globalization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\9f1f6a2825cdf33da481bcc14a025cf8\Plantronics.Device.Hid.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\4e8d7ab59b31264100c4ecebf6f372d3\Plantronics.Utility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\92c0daa61c104dacdeb82328df5eee45\Plantronics.Config.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\e24b02f0752ac1bbac8cceebfa329c80\log4net.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.SKYPE4COMLib\165a8ad55a60ce99006b18a170615ccc\Interop.SKYPE4COMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\HtmlAgilityPack\d5f6594957a4b8754eed0844b0e32ace\HtmlAgilityPack.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\2fdf524b4c4c0a796c2af4acddbe5364\Interop.FNCClient11Lib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\6e4a43bcf8da94eaa64d7b36cd5f2dcb\Interop.CommunicatorAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\ba79aef68c09b89e2364220eafb72bf5\Interop.CiscoInterface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Atapi\00fcc9a281f7848e4e0cd2b545383d9a\Atapi.ni.dll ()
MOD - C:\Program Files (x86)\Ditto\Ditto.exe ()
MOD - C:\Program Files (x86)\Ditto\focus.dll ()
MOD - C:\Program Files (x86)\Ditto\sqlite3.dll ()
MOD - C:\Program Files (x86)\Ditto\zlib1.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMSkin\0a5e5b648b75dee958933bcb7abaa4d3\PCMSkin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\EAEXCTRLLib\e6530f4ea9434d3d9dc53eb41a4fe7bf\EAEXCTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Outlook\2f65bd951f3a968fd4fb69c85ef5b1a0\Outlook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\AxInterop.SHDocVw\24d5a76235a5252daa6a6e6ef151a8b0\AxInterop.SHDocVw.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\STVideo\b62c69e4dc04de8bb5a0404a236c2eed\STVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMLib\9830b93c41bc36b49c50286064833c34\PCMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMControls\a7c35b68db12116c3066425582bc2fcf\PCMControls.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMIMLib\b19a818e9c6a72dd847ac990fe659999\PCMIMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMUtils\719d76429eba0a4ecaeae87ad55040d2\PCMUtils.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\EMMgcpAxNET\51dd172a6ea35f6379327bec3f5ac8ab\EMMgcpAxNET.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMBasics\9fac3e02ee16fa18f2f817310275e5ed\PCMBasics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PCMTrace\5a0809323152a9946b92a456513371ee\PCMTrace.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraVert#\903c34387d4040b83305919d5436ac46\DevExpress.XtraVerticalGrid.v9.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraGrid#\8e8473db921e3968e5ccae14265a4b3c\DevExpress.XtraGrid.v9.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraEdit#\74c1a2b5973849dcc9a1a29c5df71596\DevExpress.XtraEditors.v9.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.XtraBars#\e7dd4d4b6cfef9cc3074235879691656\DevExpress.XtraBars.v9.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\STUIControls\79d9dc1949e93d750b9bb0c120125cf8\STUIControls.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Data.v9.1\50d4971c3e1624de130cf4446ac8290b\DevExpress.Data.v9.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\DevExpress.Utils.v9#\764b3b900865af128a4f295b7250c79b\DevExpress.Utils.v9.1.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ShoreTel\caf2cab0d0422f9c9e3185e1dee82a23\ShoreTel.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2ce20cdf50b09576d2cbebefeeb74598\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2e2e31c87004468796d3defa1a1df011\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aadfdc0e7d9181a98d667a52c3c35601\System.Configuration.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c0f61f9b73571f26b6e0e0757bc5f460\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\d802dc9d6af9beb0a7c59259e6997ca0\System.Design.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\003d2d74243cab7e412d36416bbf0a3d\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\sqlite.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation)
SRV:64bit: - (BrcmMgmtAgent) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe (Broadcom Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_807ba95.dll ()
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (RSMWebServer) -- C:\Program Files (x86)\N-able Technologies\NRM\RSMWinService.exe ()
SRV - (Windows Agent Service) -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe (N-able Technologies)
SRV - (Windows Agent Maintenance Service) -- C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe (N-able Technologies)
SRV - (winrdp_service) -- C:\Program Files (x86)\N-able Technologies\NRM\UltraVNCServer\winrdp.exe (WCCS)
SRV - (GoToAssist Express Customer) -- C:\Program Files (x86)\Citrix\GoToAssist Express Customer\290\g2ax_service.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (uvnc_service) -- C:\Program Files (x86)\UltraVNC\WinVNC.exe (UltraVNC)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)

========== Driver Services (SafeList) ==========

DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\drivers\srtspl64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Blfp) -- C:\Windows\SysNative\drivers\basp.sys (Broadcom Corporation)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111031.034\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111031.034\ENG64.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-117609710-1801674531-2638\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sql07:8000/UI/Home.aspx
IE - HKU\S-1-5-21-796845957-117609710-1801674531-2638\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\Windows\ [2011/10/31 08:51:34 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webdialer@shoretel.com: C:\Program Files (x86)\ShoreTel\Web Dialer\webdialer [2010/12/17 10:42:09 | 000,000,000 | ---D | M]

[2010/10/22 02:24:26 | 000,032,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

O1 HOSTS File: ([2011/10/31 08:48:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe (Iomega Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files (x86)\RightFax\Client\FAXCTRL.exe (Captaris, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-796845957-117609710-1801674531-2638..\Run: [Ditto] C:\Program Files (x86)\Ditto\Ditto.exe ()
O4 - HKU\S-1-5-21-796845957-117609710-1801674531-2638..\Run: [ShoreTel Personal Call Manager] C:\Program Files (x86)\Shoreline Communications\ShoreWare Client\ShoreTel.exe (ShoreTel Inc.)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\robert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Excalibur RSS Reader.appref-ms ()
O4 - Startup: C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &ShoreTel Web Dialer - C:\Program Files (x86)\ShoreTel\Web Dialer\MakeACall.htm ()
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &ShoreTel Web Dialer - C:\Program Files (x86)\ShoreTel\Web Dialer\MakeACall.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..Trusted Domains: factorybrands.net ([locks] http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..Trusted Domains: fmpilot.com ([anf] http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..Trusted Domains: fmpilot.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..Trusted Domains: servicechannel.com ([www4] http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..Trusted Domains: sql07 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..Trusted Domains: sql08 ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..Trusted Domains: workoasis.com ([nmfm] http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-796845957-117609710-1801674531-2638\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} http://photos.msn.com/resources/neutral/controls/MsnPPick.cab?10,0,910,0 (MSN Photo Select Tool)
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} http://dnr.wi.gov/WasteMgmt/wm/WMExternal/Reserved.ReportViewerWebControl.axd?Mode=true&ReportID=99b6f24451e34fb7b98ed7c0bfffa47e&ControlID=895aa3177b534575b83442168afd0827&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2670A42B-22E7-46E5-BCA9-BF50CF6A80D1} http://dinosrest2.no-ip.biz:81/bvip_setup.cab (CAutoloadControl Object)
O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} http://sql08/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=mibfol55oesqg3mozqjmuprm&ControlID=abac4d5a6f3e4de3bf86a312dae3a802&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {71D73A47-975F-11D1-AA77-00A0C98D86D4} http://192.168.1.240/shorewaredirector/VoiceMessage.ocx (VoiceMessage Control)
O16 - DPF: {721700FE-7F0E-49C5-BDED-CA92B7CB1245} http://65.44.139.2:9203/camclictrl.cab (Camera Stream Client Control Object)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {7ECB1A47-6647-4B2C-A8DA-675569C9FF15} http://www.mpix.com/customer/uploading/scripts7/ImageUploader7.cab (Image Uploader Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} https://msdn.vo.msecnd.net/pr/MSDownloadManager_en-US.cab?e=1624911450&h=257922df4d56ad0f5be36b0e4bfa8756 (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAA6C3B6-662B-4D14-BB64-EADB88213BFE} http://192.168.1.137/IPCamPluginTM.cab (IPCamPluginTMPT Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} http://pagerman.kguard.org/HiDvrOcx.cab (HiDvrOcx Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP28EP2-12243/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0 (DigWebHelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = retail.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33C8C3C2-DC0A-42CB-99F9-B74A2775F0F4}: DhcpNameServer = 192.168.1.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist Express Customer: DllName - (C:\Program Files (x86)\Citrix\GoToAssist Express Customer\290\g2ax_winlogonx64.dll) - C:\Program Files (x86)\Citrix\GoToAssist Express Customer\290\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/17 06:30:39 | 000,000,000 | ---D | M] - C:\AUTOUPGRADETEMP -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/01 14:21:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2011/11/01 10:26:03 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\1442
[2011/11/01 10:11:26 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\Cover Project 2011
[2011/11/01 07:40:44 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2011/10/31 10:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraVNC
[2011/10/31 10:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express
[2011/10/31 10:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\N-able Technologies
[2011/10/31 09:22:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/31 07:59:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/28 09:30:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\robert\Desktop\dds.com
[2011/10/28 07:36:58 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Local\Adobe
[2011/10/27 16:46:27 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\robert\Desktop\ATF-Cleaner.exe
[2011/10/27 12:34:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/27 09:31:08 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/10/27 09:31:07 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/10/27 09:31:07 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/27 09:31:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/10/27 09:31:07 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/27 09:31:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/27 09:31:07 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/10/27 09:31:07 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/10/27 09:31:07 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/10/27 09:31:07 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/27 09:31:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/27 09:31:07 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/10/27 09:31:07 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/10/27 09:31:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/10/27 09:31:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/27 09:31:07 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/10/27 09:31:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/10/27 09:31:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/10/27 09:31:07 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/10/27 09:31:07 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/10/27 09:31:07 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/10/27 09:31:07 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/10/27 09:31:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/10/27 09:31:07 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/10/27 09:31:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/10/27 09:31:07 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/10/27 09:31:07 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/10/27 09:31:07 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/10/27 09:31:07 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/10/27 09:31:07 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/10/27 09:31:07 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/10/27 09:31:07 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/10/27 09:31:07 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/10/27 09:31:07 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/10/27 09:31:07 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/10/27 09:31:07 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/10/27 09:31:07 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/10/27 09:31:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/10/27 09:31:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/10/27 09:31:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/10/27 09:31:07 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/27 09:31:07 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/10/27 09:31:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/10/27 09:31:07 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/10/27 09:31:07 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/10/27 09:31:07 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/10/27 09:31:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/10/27 09:31:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/10/27 09:31:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/10/27 09:31:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/10/27 09:31:07 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/10/27 09:31:07 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/10/27 09:31:07 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/10/27 09:31:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/10/27 09:31:06 | 001,492,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/10/27 09:31:06 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/27 09:31:06 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/10/27 09:31:06 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/10/27 09:31:06 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/10/27 09:31:06 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/10/27 09:31:06 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/10/27 09:31:06 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/27 09:31:06 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/10/27 09:31:06 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/10/27 09:31:06 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/10/27 09:31:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/27 09:31:06 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/10/27 09:31:06 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/10/27 09:31:06 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/10/27 09:31:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/10/27 09:31:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/10/27 09:31:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/10/27 09:29:58 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/10/27 09:29:58 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/10/27 09:29:58 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/10/27 09:29:58 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/10/27 09:29:58 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/10/27 09:29:58 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/10/27 09:29:57 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/10/27 09:29:57 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/10/27 09:29:57 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/10/27 09:29:57 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/10/27 09:29:57 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/10/27 09:29:57 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/10/27 09:29:57 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/10/27 09:29:57 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/10/27 09:29:57 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/10/27 09:29:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/10/27 09:29:57 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/10/27 09:29:57 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/10/27 09:29:57 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/10/27 09:29:57 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/10/27 09:29:57 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/10/27 09:29:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/10/26 13:05:17 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/10/26 13:05:17 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/10/26 13:05:17 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/10/26 13:05:17 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/10/26 13:05:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/10/26 13:04:46 | 017,197,344 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\robert\Desktop\jre-6u29-windows-x64.exe
[2011/10/26 09:24:45 | 001,564,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\iexplore.exe
[2011/10/26 08:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/10/26 08:39:49 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/26 08:08:21 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2011/10/25 16:14:05 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\Malwarebytes
[2011/10/25 16:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/25 16:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/25 16:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/25 16:13:44 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\robert\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/25 13:34:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/25 13:34:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/25 13:34:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/25 13:33:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/25 13:31:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/25 13:30:09 | 004,278,520 | R--- | C] (Swearware) -- C:\Users\robert\Desktop\ComboFix.exe
[2011/10/18 07:50:15 | 071,733,104 | ---- | C] (Apple Inc.) -- C:\Users\robert\Desktop\iTunes64Setup.exe
[2011/10/06 09:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Lync Server 2010
[2011/10/06 09:07:58 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\BBW911
[2011/10/05 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\robert\Desktop\Phone Ext_files
[2011/10/04 10:53:08 | 000,000,000 | ---D | C] -- C:\Users\robert\AppData\Roaming\webex
[2011/10/04 10:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WebEx
[2011/10/04 07:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp

========== Files - Modified Within 30 Days ==========

[2011/11/01 14:21:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\robert\Desktop\OTL.exe
[2011/11/01 13:32:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/01 13:32:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/01 10:12:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/01 10:12:07 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/01 07:40:48 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\tdsskiller.exe
[2011/11/01 07:36:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/01 07:35:41 | 1543,024,639 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/31 16:36:46 | 000,002,036 | ---- | M] () -- C:\Users\robert\Documents\Default.rdp
[2011/10/31 13:48:30 | 000,000,819 | ---- | M] () -- C:\Users\robert\Desktop\UltraVNC Viewer.lnk
[2011/10/31 10:05:49 | 000,000,862 | ---- | M] () -- C:\Windows\SysNative\termcap
[2011/10/31 10:05:24 | 000,000,708 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2011/10/31 10:04:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\client.db
[2011/10/31 10:04:56 | 000,798,968 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/31 10:04:56 | 000,663,252 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/31 10:04:56 | 000,121,904 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/31 08:48:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/31 07:55:13 | 004,278,520 | R--- | M] (Swearware) -- C:\Users\robert\Desktop\ComboFix.exe
[2011/10/28 09:38:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\robert\Desktop\dds.com
[2011/10/27 17:44:32 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\robert\Desktop\ATF-Cleaner.exe
[2011/10/27 16:47:13 | 000,782,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/27 12:21:57 | 000,000,737 | ---- | M] () -- C:\Users\robert\Desktop\VSS October 2011 - Shortcut.lnk
[2011/10/27 09:38:51 | 000,001,439 | ---- | M] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/27 09:31:08 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2011/10/27 09:31:07 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2011/10/27 09:31:07 | 002,309,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/27 09:31:07 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/10/27 09:31:07 | 000,818,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/27 09:31:07 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/27 09:31:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2011/10/27 09:31:07 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/10/27 09:31:07 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2011/10/27 09:31:07 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/27 09:31:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/27 09:31:07 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2011/10/27 09:31:07 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2011/10/27 09:31:07 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2011/10/27 09:31:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/27 09:31:07 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011/10/27 09:31:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2011/10/27 09:31:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2011/10/27 09:31:07 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2011/10/27 09:31:07 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2011/10/27 09:31:07 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2011/10/27 09:31:07 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2011/10/27 09:31:07 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011/10/27 09:31:07 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/10/27 09:31:07 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011/10/27 09:31:07 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2011/10/27 09:31:07 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2011/10/27 09:31:07 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011/10/27 09:31:07 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/10/27 09:31:07 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2011/10/27 09:31:07 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011/10/27 09:31:07 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2011/10/27 09:31:07 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2011/10/27 09:31:07 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2011/10/27 09:31:07 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2011/10/27 09:31:07 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011/10/27 09:31:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2011/10/27 09:31:07 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2011/10/27 09:31:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011/10/27 09:31:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011/10/27 09:31:07 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/27 09:31:07 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/27 09:31:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2011/10/27 09:31:07 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2011/10/27 09:31:07 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2011/10/27 09:31:07 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2011/10/27 09:31:07 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2011/10/27 09:31:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2011/10/27 09:31:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2011/10/27 09:31:07 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011/10/27 09:31:07 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/10/27 09:31:07 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2011/10/27 09:31:07 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/10/27 09:31:07 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/10/27 09:31:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2011/10/27 09:31:06 | 001,492,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/10/27 09:31:06 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/27 09:31:06 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/10/27 09:31:06 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2011/10/27 09:31:06 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2011/10/27 09:31:06 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/10/27 09:31:06 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2011/10/27 09:31:06 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/27 09:31:06 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2011/10/27 09:31:06 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2011/10/27 09:31:06 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2011/10/27 09:31:06 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/27 09:31:06 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011/10/27 09:31:06 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011/10/27 09:31:06 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2011/10/27 09:31:06 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2011/10/27 09:31:06 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/27 09:31:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011/10/27 09:31:06 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/10/27 09:29:58 | 001,888,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011/10/27 09:29:58 | 001,619,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011/10/27 09:29:58 | 000,320,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/10/27 09:29:58 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/10/27 09:29:58 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/10/27 09:29:58 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/10/27 09:29:57 | 004,068,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011/10/27 09:29:57 | 003,181,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011/10/27 09:29:57 | 001,863,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/10/27 09:29:57 | 001,837,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/10/27 09:29:57 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/10/27 09:29:57 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/10/27 09:29:57 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/10/27 09:29:57 | 000,662,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/10/27 09:29:57 | 000,470,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/10/27 09:29:57 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/10/27 09:29:57 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/10/27 09:29:57 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011/10/27 09:29:57 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/10/27 09:29:57 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011/10/27 09:29:57 | 000,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011/10/27 09:29:57 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/10/26 13:05:05 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/10/26 13:05:05 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/10/26 13:05:05 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/10/26 13:05:05 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/10/26 13:04:46 | 017,197,344 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\robert\Desktop\jre-6u29-windows-x64.exe
[2011/10/26 11:08:57 | 000,684,297 | ---- | M] () -- C:\Users\robert\Desktop\unhide.exe
[2011/10/26 09:24:46 | 001,564,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\robert\Desktop\iexplore.exe
[2011/10/26 09:20:02 | 001,008,092 | ---- | M] () -- C:\Users\robert\Desktop\uSeRiNiT.exe
[2011/10/26 08:39:49 | 000,002,981 | ---- | M] () -- C:\Users\robert\Desktop\HiJackThis.lnk
[2011/10/26 08:18:12 | 000,131,668 | ---- | M] () -- C:\Users\robert\AppData\Local\ars.cache
[2011/10/26 08:07:21 | 000,000,036 | ---- | M] () -- C:\Users\robert\AppData\Local\housecall.guid.cache
[2011/10/25 16:14:01 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/25 16:13:50 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\robert\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/25 13:24:23 | 000,000,683 | ---- | M] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/25 13:24:18 | 000,000,344 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP.bakk
[2011/10/24 13:34:31 | 000,000,203 | ---- | M] () -- C:\ProgramData\RmUserCfg.ini
[2011/10/24 13:34:31 | 000,000,026 | ---- | M] () -- C:\ProgramData\IpAndPort.fig
[2011/10/20 13:30:23 | 000,049,631 | ---- | M] () -- C:\Users\robert\Desktop\Floor Plan.pdf
[2011/10/20 13:29:44 | 000,063,836 | ---- | M] () -- C:\Users\robert\Desktop\Detail.pdf
[2011/10/18 07:50:15 | 071,733,104 | ---- | M] (Apple Inc.) -- C:\Users\robert\Desktop\iTunes64Setup.exe
[2011/10/18 07:38:22 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/14 15:54:53 | 004,015,494 | ---- | M] () -- C:\Users\robert\Desktop\Abercrombie Fuse (2).jpg
[2011/10/13 16:32:56 | 000,220,473 | ---- | M] () -- C:\Users\robert\Desktop\ceiling-tiles-an.pdf
[2011/10/12 07:36:45 | 000,000,408 | RHS- | M] () -- C:\Users\robert\ntuser.pol
[2011/10/07 13:35:33 | 008,229,626 | ---- | M] () -- C:\Users\robert\Desktop\Fixed Fee Plumbing 2001 - DC, MD, NC, NJ, VA and PA - Phase 2.zip
[2011/10/07 11:27:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForrobert.job
[2011/10/07 07:49:42 | 002,486,469 | ---- | M] () -- C:\Users\robert\Desktop\photo1.JPG
[2011/10/07 07:49:36 | 002,491,391 | ---- | M] () -- C:\Users\robert\Desktop\photo.JPG
[2011/10/07 07:37:35 | 000,087,456 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2011/10/07 07:37:34 | 000,080,768 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2011/10/07 07:37:34 | 000,034,688 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2011/10/06 12:46:34 | 000,030,720 | ---- | M] () -- C:\Users\robert\Desktop\iPhone4S.jpg
[2011/10/05 12:02:22 | 001,848,549 | ---- | M] () -- C:\Users\robert\Desktop\Van2.JPG
[2011/10/05 12:01:54 | 002,054,091 | ---- | M] () -- C:\Users\robert\Desktop\Van1.JPG

========== Files Created - No Company Name ==========

[2011/10/31 10:05:50 | 000,000,862 | ---- | C] () -- C:\Windows\SysNative\termcap
[2011/10/31 10:05:22 | 000,000,708 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2011/10/31 10:04:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\client.db
[2011/10/27 12:21:57 | 000,000,737 | ---- | C] () -- C:\Users\robert\Desktop\VSS October 2011 - Shortcut.lnk
[2011/10/27 09:31:07 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/27 09:31:06 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/26 11:08:57 | 000,684,297 | ---- | C] () -- C:\Users\robert\Desktop\unhide.exe
[2011/10/26 09:20:01 | 001,008,092 | ---- | C] () -- C:\Users\robert\Desktop\uSeRiNiT.exe
[2011/10/26 08:39:49 | 000,002,981 | ---- | C] () -- C:\Users\robert\Desktop\HiJackThis.lnk
[2011/10/26 08:18:12 | 000,131,668 | ---- | C] () -- C:\Users\robert\AppData\Local\ars.cache
[2011/10/26 08:07:21 | 000,000,036 | ---- | C] () -- C:\Users\robert\AppData\Local\housecall.guid.cache
[2011/10/25 16:14:01 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/25 14:30:35 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011/10/25 14:30:34 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/25 14:30:33 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011/10/25 14:30:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011/10/25 14:30:31 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011/10/25 14:30:30 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011/10/25 14:30:29 | 000,002,737 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Streets & Trips 2011.lnk
[2011/10/25 14:30:28 | 000,002,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft MapPoint North America 2011.lnk
[2011/10/25 14:30:27 | 000,002,747 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft MapPoint Europe 2010.lnk
[2011/10/25 14:30:26 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/10/25 14:30:25 | 000,000,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2011/10/25 14:30:24 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install HP Power Manager.lnk
[2011/10/25 14:30:23 | 000,002,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install ATI Catalyst Control Center with HydraVision.lnk
[2011/10/25 14:30:22 | 000,000,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FOX News Live.lnk
[2011/10/25 14:30:21 | 000,001,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2011/10/25 14:30:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/10/25 14:30:18 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2011/10/25 14:30:17 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011/10/25 14:30:14 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\YoWindow.lnk
[2011/10/25 14:30:13 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/25 14:30:12 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/10/25 14:30:11 | 000,002,252 | ---- | C] () -- C:\Users\Public\Desktop\ShoreTel Communicator.lnk
[2011/10/25 14:30:10 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\IPCam Surveillance Software.lnk
[2011/10/25 14:30:09 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\IPCam Admin Utility.lnk
[2011/10/25 14:30:08 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\FOX News Live.lnk
[2011/10/25 14:30:07 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2011/10/25 13:34:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/25 13:34:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/25 13:34:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/25 13:34:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/25 13:34:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/25 13:24:23 | 000,000,683 | ---- | C] () -- C:\Users\robert\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/25 13:24:18 | 000,000,344 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP.bakk
[2011/10/20 13:30:23 | 000,049,631 | ---- | C] () -- C:\Users\robert\Desktop\Floor Plan.pdf
[2011/10/20 13:29:44 | 000,063,836 | ---- | C] () -- C:\Users\robert\Desktop\Detail.pdf
[2011/10/14 15:54:41 | 004,015,494 | ---- | C] () -- C:\Users\robert\Desktop\Abercrombie Fuse (2).jpg
[2011/10/13 16:32:56 | 000,220,473 | ---- | C] () -- C:\Users\robert\Desktop\ceiling-tiles-an.pdf
[2011/10/07 13:35:27 | 008,229,626 | ---- | C] () -- C:\Users\robert\Desktop\Fixed Fee Plumbing 2001 - DC, MD, NC, NJ, VA and PA - Phase 2.zip
[2011/10/07 07:49:10 | 002,491,391 | ---- | C] () -- C:\Users\robert\Desktop\photo.JPG
[2011/10/07 07:49:10 | 002,486,469 | ---- | C] () -- C:\Users\robert\Desktop\photo1.JPG
[2011/10/06 12:46:34 | 000,030,720 | ---- | C] () -- C:\Users\robert\Desktop\iPhone4S.jpg
[2011/10/06 09:14:13 | 025,538,157 | ---- | C] () -- C:\Users\robert\Desktop\Lync_ITPro.chm
[2011/10/06 07:36:38 | 000,000,362 | ---- | C] () -- C:\Users\robert\Desktop\Excalibur RSS Reader.appref-ms
[2011/08/09 07:59:17 | 000,000,203 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
[2011/08/09 07:59:17 | 000,000,026 | ---- | C] () -- C:\ProgramData\IpAndPort.fig
[2011/04/08 10:18:57 | 000,005,120 | ---- | C] () -- C:\Users\robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/11 14:21:52 | 000,027,136 | ---- | C] () -- C:\Windows\SysWow64\HiDvrOcxESN.dll
[2011/03/11 14:21:50 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\HiDvrOcxITA.dll
[2011/03/11 14:21:42 | 000,026,624 | ---- | C] () -- C:\Windows\SysWow64\HiDvrOcxBRG.dll
[2011/03/11 14:21:42 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\HiDvrOcxJPN.dll
[2011/01/03 15:03:02 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/10/13 18:17:19 | 000,798,968 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/18 12:18:50 | 000,002,902 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2010/03/24 15:22:32 | 000,009,046 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/24 12:44:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/03/16 02:47:28 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonServer.exe
[2009/03/16 02:47:24 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\WinMsgBalloonClient.exe
[2009/03/05 21:00:36 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2008/02/07 10:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll

< End of report >

#9 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,522
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 01 November 2011 - 04:29 PM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word Code

:otl
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

<-- Don't worry every little bit helps.

#10 pagerman

Member

Group: Members
Posts: 25
Joined: 28-October 11

Posted 01 November 2011 - 04:47 PM

Here it is. I'll check to see if the redirect is gone.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\robert\Desktop\cmd.bat deleted successfully.
C:\Users\robert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: laura
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38887312 bytes

User: Public
->Temp folder emptied: 0 bytes

User: robert
->Temp folder emptied: 32442444 bytes
->Temporary Internet Files folder emptied: 692855729 bytes
->Java cache emptied: 4823901 bytes
->Flash cache emptied: 1180175 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9230710 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 744.00 mb

[EMPTYFLASH]

User: administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: laura

User: Public

User: robert
->Flash cache emptied: 0 bytes

User: user

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11012011_163223

Files\Folders moved on Reboot...
File\Folder C:\Users\robert\AppData\Local\Temp\A9R6BBE.tmp not found!
C:\Users\robert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat scheduled to be moved on reboot.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX5PST28\11265206166@x23[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX5PST28\1647279779@x23[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX5PST28\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UX5PST28\login_status[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUWUFBXW\1673230187@x23[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PUWUFBXW\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWAZ9B2W\11499935487@x23[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWAZ9B2W\11892560282@x23[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EWAZ9B2W\emily[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOVYMJ94\1864572901@x23[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOVYMJ94\5585554864[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOVYMJ94\fw-nonplayer-banner[10].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOVYMJ94\fw-nonplayer-banner[8].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOVYMJ94\fw-nonplayer-banner[9].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOVYMJ94\noah-francis-harvest-tree-music-video[1].htm moved successfully.
File\Folder C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOVYMJ94\render[1].htm not found!
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKIX7IGS\11655288954@x23[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EKIX7IGS\ProviderWorkorder[3].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AGS9FM2H\login_status[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81P2ZNM7\11130451311@x23[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81P2ZNM7\fw-nonplayer-banner[3].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81P2ZNM7\fw-nonplayer-banner[4].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81P2ZNM7\WorkorderBatchList[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\81P2ZNM7\xd_receiver[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WBDXREZ\1338094841@x23[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WBDXREZ\aceUACping[2].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WBDXREZ\channels[1].htm moved successfully.
C:\Users\robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WBDXREZ\xd_receiver[2].htm moved successfully.
File\Folder C:\Windows\temp\hsperfdata_RMSSTAT005$\1876 not found!
C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#11 pagerman

Member

Group: Members
Posts: 25
Joined: 28-October 11

Posted 01 November 2011 - 04:48 PM

So far so good. And other things seem to be working better now also.

#12 pagerman

Member

Group: Members
Posts: 25
Joined: 28-October 11

Posted 01 November 2011 - 04:52 PM

Again......I closed IE and reopened it and the redirects are back.

#13 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,522
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 01 November 2011 - 05:06 PM

Hello

lets uninstall ie 9 and then reinstall it

http://www.sevenforums.com/tutorials/112121-internet-explorer-9-uninstall.html

http://windows.microsoft.com/en-IN/internet-explorer/products/ie/home

<-- Don't worry every little bit helps.

#14 pagerman

Member

Group: Members
Posts: 25
Joined: 28-October 11

Posted 03 November 2011 - 08:46 AM

Still have the redirect. Seems as if when i type a search in the address bar, if it takes a long time to resolve, then no matter what I click on (when hovering over the Google returned link, the address is correct) I get the redirect. If I open a new instance of IE, type the same search and it resolves instantly, there is no redirect.....

#15 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,522
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 03 November 2011 - 10:04 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.