Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezes and Google Redirects


  • This topic is locked This topic is locked
35 replies to this topic

#1 DrewpyDog

DrewpyDog

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 28 February 2012 - 07:16 PM

Here is the first thread detailing some of the steps I took to remedy my issue.

http://www.bleepingcomputer.com/forums/topic443746.html/page__p__2607867__fromsearch__1#entry2607867

It still redirects. But it seems as though now Chrome freezes upon opening and have been using Firefox.

And since installing Malware Bytes, I get a periodic notification try icon saying a potential threat has been blocked from IP address: (changes) and the threat was from utorrent.exe and it has been both incoming and outgoing. I'll update next time I see one with the exact wording.

I tried creating a DDS log, but it didn't progress past about 15 "#" and then when I tried clicking out of the DOS box the computer froze.

I was able to create and upload the GMER log. Plus there are additional logs located in the previous forum post.

BC AdBot (Login to Remove)

 


#2 DrewpyDog

DrewpyDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 02 March 2012 - 08:51 PM

The notification from Malwarebytes Anti Malware says...

"Successfully blocked access to a potentially malicious website: 98.142.248.246

Type: outgoing
Port: 6103, Process: utorrent.exe"

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 02 March 2012 - 10:56 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


The first thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps


Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 DrewpyDog

DrewpyDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 03 March 2012 - 03:10 PM

I ran unhide and the computer wouldn't finish loading the desktop icons after the restart. I restarted again and all worked.

I rant OTL and it froze midway through but I think it was because I tried clicking the maximize window button. Quit the program and re-ran the program to produce the following log:

OTL logfile created on: 3/3/2012 2:52:18 PM - Run 1
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Andrew\Downloads\Drivers
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 73.87% Memory free
5.99 Gb Paging File | 5.10 Gb Available in Paging File | 85.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 152.44 Gb Total Space | 71.53 Gb Free Space | 46.92% Space Free | Partition Type: NTFS
Drive E: | 145.65 Gb Total Space | 43.68 Gb Free Space | 29.99% Space Free | Partition Type: NTFS

Computer Name: ANDREW-LAPTOP | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andrew\Downloads\Drivers\OTL.exe (OldTimer Tools)
PRC - E:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - E:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Windows\System32\fsproflt.exe (FSPro Labs)
PRC - E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (WinDefend) -- File not found
SRV - (SBSDWSCService) -- File not found
SRV - (MBAMService) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AVGIDSAgent) -- E:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- E:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (fsproflt) -- C:\Windows\System32\fsproflt.exe (FSPro Labs)
SRV - (StarWindServiceAE) -- E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- File not found
DRV - (tsusbhub) -- File not found
DRV - (Synth3dVsc) -- File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (FSProFilter) -- C:\Windows\System32\Drivers\FSPFltd.sys (FSPro Labs)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i4
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\..\SearchScopes,DefaultScope = {BF5CDBD7-EC78-41F8-A1B1-01829572104D}
IE - HKU\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bleepingcomputer.com/forums/topic444479.html"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: E:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: E:\Program Files\AVG\AVG2012\Firefox4\ [2012/01/31 15:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: E:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 20:02:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/27 13:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/22 19:51:28 | 000,000,000 | ---D | M]

[2011/12/18 14:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2011/12/18 14:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/02/20 16:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\y81hwh0o.default\extensions
[2012/02/22 19:49:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y81HWH0O.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y81HWH0O.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y81HWH0O.DEFAULT\EXTENSIONS\GAMER@ZAKEN.ORG.XPI
() (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y81HWH0O.DEFAULT\EXTENSIONS\VRZWFWWYTI@VRZWFWWYTI.ORG.XPI
[2012/01/31 15:43:05 | 000,000,000 | ---D | M] (AVG Safe Search) -- E:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2012/01/22 20:02:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- E:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: NPCIG.dll (Enabled) = E:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = E:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Select To Get Maps = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0\
CHR - Extension: AVG Safe Search = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: ICE Quick Stream = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\3.9_0\
CHR - Extension: Poppit = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Awaiting The Antagonist = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgieaojfcelkfbplpfembkjgdoakclck\1.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Auto-Reload = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\7.9.8_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,833 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] E:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mylbx] E:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2324314972-704830935-3040404962-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2324314972-704830935-3040404962-1000..\Run: [uTorrent] E:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A854ED2-F44A-4F73-8360-65D720577C5A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E28F2BE-5C5B-4DDA-97AB-E277DE96ADF6}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7674ada6-7446-11e0-9a14-002170905732}\Shell - "" = AutoRun
O33 - MountPoints2\{7674ada6-7446-11e0-9a14-002170905732}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ef313f40-60a4-11e0-ac15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ef313f40-60a4-11e0-ac15-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{ef313f40-60a4-11e0-ac15-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{ef313f40-60a4-11e0-ac15-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (E:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 11:01:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\DDMSettings
[2012/03/01 20:31:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/01 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Round 2
[2012/02/23 16:51:49 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\ElevatedDiagnostics
[2012/02/23 16:30:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/23 16:26:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\BC
[2012/02/22 15:49:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/21 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Malwarebytes
[2012/02/21 21:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/21 21:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/21 21:02:57 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2012/02/21 20:51:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/02/21 20:45:40 | 000,000,000 | ---D | C] -- E:\Program Files\Oracle
[2012/02/21 20:07:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/21 20:04:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/21 20:01:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/20 22:49:28 | 000,000,000 | ---D | C] -- E:\Program Files\ESET
[2012/02/20 22:44:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/20 22:15:09 | 000,000,000 | ---D | C] -- C:\found.000
[2012/02/20 17:51:15 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\New folder
[2012/02/20 17:16:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/20 16:09:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\To Do
[2012/02/20 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Navy
[2012/02/19 23:38:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/15 19:34:16 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew\Desktop\TDSSKiller.exe
[2012/02/15 17:15:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/02/15 17:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/02/15 17:15:31 | 000,000,000 | ---D | C] -- E:\Program Files\SpeedFan
[2012/02/15 17:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/02/15 17:11:39 | 000,000,000 | ---D | C] -- E:\Program Files\Core Temp
[2012/02/14 21:50:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/14 21:50:40 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/14 21:50:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/14 21:50:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/14 21:50:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/14 21:50:36 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 21:29:34 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/14 21:29:23 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/04 15:41:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2012/02/04 15:41:45 | 000,000,000 | ---D | C] -- E:\Program Files\focus booster
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/03 14:57:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2324314972-704830935-3040404962-1000UA.job
[2012/03/03 14:39:25 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 14:39:25 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 14:32:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 14:31:51 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/03 10:56:57 | 090,684,342 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/03/01 20:32:19 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andrew\Desktop\TDSSKiller.exe
[2012/02/29 17:57:58 | 000,270,883 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/02/28 15:57:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2324314972-704830935-3040404962-1000Core.job
[2012/02/27 20:57:27 | 000,000,020 | ---- | M] () -- C:\Users\Andrew\defogger_reenable
[2012/02/24 05:49:37 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/24 05:49:37 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/23 16:30:32 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 17:38:09 | 000,437,081 | ---- | M] () -- C:\Users\Andrew\Desktop\Learn How To Code.pdf
[2012/02/20 22:41:46 | 000,472,064 | ---- | M] ( ) -- C:\Users\Andrew\Desktop\RootRepeal.exe
[2012/02/20 18:30:28 | 264,512,349 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/20 11:01:21 | 000,000,882 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2012/02/15 17:29:44 | 000,000,063 | ---- | M] () -- C:\1.html
[2012/02/15 17:15:31 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2012/02/15 15:44:29 | 001,747,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/04 21:24:34 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 20:57:12 | 000,000,020 | ---- | C] () -- C:\Users\Andrew\defogger_reenable
[2012/02/23 16:30:32 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 17:38:09 | 000,437,081 | ---- | C] () -- C:\Users\Andrew\Desktop\Learn How To Code.pdf
[2012/02/20 17:16:43 | 264,512,349 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/15 17:29:38 | 000,000,063 | ---- | C] () -- C:\1.html
[2012/02/15 17:15:29 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2012/02/04 15:41:46 | 000,000,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\focus booster.lnk
[2012/01/26 20:15:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/09/13 19:30:09 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/08/26 06:51:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/08/26 06:50:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/27 12:40:46 | 000,035,979 | ---- | C] () -- E:\Program Files\Photoshop CS3 Read Me.html
[2011/04/19 21:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/04/06 16:49:58 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2011/04/06 14:43:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 16:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== Custom Scans ==========


< %TEMP%\smtmp\*.* /s >

< End of report >

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 03 March 2012 - 03:47 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 DrewpyDog

DrewpyDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 03 March 2012 - 04:33 PM

I had some difficulty quitting AVG so I just uninstalled it.

When in Task Manager I noticed 3 peculiar files that lack a "User Name" and also "Description".
winlogon.exe
csrss.exe
atieclxx.exe

ComboFix 12-03-03.01 - Andrew 03/03/2012 16:20:08.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2309 [GMT -5:00]
Running from: c:\users\Andrew\Downloads\Drivers\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\oobe\audit.exe
c:\windows\system32\oobe\msoobe.exe
c:\windows\system32\oobe\oobeldr.exe
c:\windows\system32\oobe\Setup.exe
c:\windows\system32\oobe\setupsqm.exe
c:\windows\system32\oobe\windeploy.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 21:28 . 2012-03-03 21:28 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2012-03-03 21:28 . 2012-03-03 21:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-21 21:31 . 2012-02-21 22:19 -------- d-----w- c:\users\TEMP
2012-02-21 03:49 . 2012-02-21 03:49 -------- d-----w- e:\program files\ESET
2012-02-21 03:44 . 2012-03-02 01:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 03:15 . 2012-02-21 03:15 -------- d-----w- C:\found.000
2012-02-20 04:38 . 2012-02-20 04:38 -------- d-----w- c:\windows\Sun
2012-02-15 22:15 . 2012-02-20 20:26 -------- d-----w- e:\program files\SpeedFan
2012-02-15 22:11 . 2012-02-15 22:12 -------- d-----w- e:\program files\Core Temp
2012-02-15 02:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 02:29 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 02:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 02:29 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-04 20:41 . 2012-02-04 20:41 -------- d-----w- c:\users\Andrew\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
2012-02-04 20:41 . 2012-02-04 20:41 -------- d-----w- e:\program files\focus booster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 02:35 . 2012-01-27 02:35 83760 ----a-w- c:\windows\system32\stkMonitor.dll
2011-12-26 16:54 . 2011-12-26 16:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-26 16:54 . 2011-12-26 16:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-26 16:54 . 2011-12-26 16:54 161792 ----a-w- c:\windows\system32\msls31.dll
2011-12-26 16:54 . 2011-12-26 16:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-26 16:53 . 2011-12-26 16:53 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-26 16:53 . 2011-12-26 16:53 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-12-26 16:53 . 2011-12-26 16:53 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-12-26 16:53 . 2011-12-26 16:53 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-26 16:53 . 2011-12-26 16:53 367104 ----a-w- c:\windows\system32\html.iec
2011-12-26 16:53 . 2011-12-26 16:53 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-26 16:53 . 2011-12-26 16:53 152064 ----a-w- c:\windows\system32\wextract.exe
2011-12-26 16:53 . 2011-12-26 16:53 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-12-26 16:53 . 2011-12-26 16:53 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-12-26 16:53 . 2011-12-26 16:53 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-12-26 16:53 . 2011-12-26 16:53 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-26 16:53 . 2011-12-26 16:53 11776 ----a-w- c:\windows\system32\mshta.exe
2011-12-26 16:53 . 2011-12-26 16:53 101888 ----a-w- c:\windows\system32\admparse.dll
2011-12-19 02:24 . 2011-12-19 02:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-04-30 196608]
"IntelliPoint"="e:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"mylbx"="e:\program files\My Lockbox\mylbx.exe" [2010-07-14 1804000]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"GrooveMonitor"="e:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 13:10 35736 ----a-w- e:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- e:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2011-09-13 18:21 5328504 ----a-w- e:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 07:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 05:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- e:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-06 16:53 136176 ----atw- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- e:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 22:22 421736 ----a-w- e:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 19:53 460872 ----a-w- e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 22:03 4283256 ----a-w- e:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- e:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- e:\spybot - search & destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-12-05 12:34 247728 ----a-w- e:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-22 00:37 740216 ----a-w- e:\program files\uTorrent\uTorrent.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SBSDWSCService;SBSD Security Center Service;e:\spybot - search & destroy\SDWinSec.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-04-29 26112]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-07 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-06 436792]
R4 wlcrasvc;Windows Live Mesh remote connections service;e:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648]
S2 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TomTomHOMEService;TomTomHOMEService;e:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-12-05 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 65640]
S3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2009-07-13 229888]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324314972-704830935-3040404962-1000Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-06 16:53]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324314972-704830935-3040404962-1000UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-06 16:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.genieo.com/?v=w3i4
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\y81hwh0o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bleepingcomputer.com/forums/topic444479.html
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AVG_TRAY - e:\program files\AVG\AVG2012\avgtray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-03 16:30:17
ComboFix-quarantined-files.txt 2012-03-03 21:30
ComboFix2.txt 2012-02-22 01:22
.
Pre-Run: 76,831,948,800 bytes free
Post-Run: 76,671,086,592 bytes free
.
- - End Of File - - F61584BBB2588672C74F2575440CE5F7

#7 DrewpyDog

DrewpyDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 03 March 2012 - 05:17 PM

Checked, Chrome and Firefox both redirect still when clicking on Google results

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 03 March 2012 - 09:21 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DrewpyDog

DrewpyDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 04 March 2012 - 08:48 AM

08:18:59.0141 4568 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
08:18:59.0453 4568 ============================================================
08:18:59.0453 4568 Current date / time: 2012/03/04 08:18:59.0453
08:18:59.0453 4568 SystemInfo:
08:18:59.0453 4568
08:18:59.0453 4568 OS Version: 6.1.7601 ServicePack: 1.0
08:18:59.0453 4568 Product type: Workstation
08:18:59.0453 4568 ComputerName: ANDREW-LAPTOP
08:18:59.0453 4568 UserName: Andrew
08:18:59.0453 4568 Windows directory: C:\Windows
08:18:59.0453 4568 System windows directory: C:\Windows
08:18:59.0453 4568 Processor architecture: Intel x86
08:18:59.0453 4568 Number of processors: 2
08:18:59.0453 4568 Page size: 0x1000
08:18:59.0453 4568 Boot type: Normal boot
08:18:59.0453 4568 ============================================================
08:19:00.0436 4568 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:19:00.0436 4568 \Device\Harddisk0\DR0:
08:19:00.0436 4568 MBR used
08:19:00.0436 4568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x130E0000
08:19:00.0436 4568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x130E0800, BlocksNum 0x1234D000
08:19:00.0499 4568 Initialize success
08:19:00.0499 4568 ============================================================
08:19:08.0579 1092 ============================================================
08:19:08.0579 1092 Scan started
08:19:08.0579 1092 Mode: Manual;
08:19:08.0579 1092 ============================================================
08:19:09.0625 1092 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:19:09.0640 1092 1394ohci - ok
08:19:09.0749 1092 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:19:09.0749 1092 ACPI - ok
08:19:09.0859 1092 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:19:09.0859 1092 AcpiPmi - ok
08:19:10.0015 1092 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
08:19:10.0030 1092 adp94xx - ok
08:19:10.0139 1092 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
08:19:10.0155 1092 adpahci - ok
08:19:10.0264 1092 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
08:19:10.0280 1092 adpu320 - ok
08:19:10.0405 1092 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:19:10.0405 1092 AFD - ok
08:19:10.0498 1092 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:19:10.0498 1092 agp440 - ok
08:19:10.0607 1092 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
08:19:10.0607 1092 aic78xx - ok
08:19:10.0717 1092 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:19:10.0717 1092 aliide - ok
08:19:10.0826 1092 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:19:10.0826 1092 amdagp - ok
08:19:10.0935 1092 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:19:10.0935 1092 amdide - ok
08:19:11.0044 1092 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
08:19:11.0044 1092 AmdK8 - ok
08:19:11.0309 1092 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
08:19:11.0481 1092 amdkmdag - ok
08:19:11.0590 1092 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
08:19:11.0590 1092 amdkmdap - ok
08:19:11.0699 1092 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
08:19:11.0699 1092 AmdPPM - ok
08:19:11.0809 1092 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:19:11.0809 1092 amdsata - ok
08:19:11.0918 1092 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
08:19:11.0918 1092 amdsbs - ok
08:19:12.0011 1092 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:19:12.0011 1092 amdxata - ok
08:19:12.0121 1092 androidusb (db0feb51dfa00543bf381d2014550fa3) C:\Windows\system32\Drivers\androidusb.sys
08:19:12.0121 1092 androidusb - ok
08:19:12.0230 1092 AnyDVD (64f24088dbb1d68ee9963f66f8eb68cf) C:\Windows\system32\Drivers\AnyDVD.sys
08:19:12.0230 1092 AnyDVD - ok
08:19:12.0339 1092 ApfiltrService (1de27858a431a5749e0f3df54ba935b9) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:19:12.0339 1092 ApfiltrService - ok
08:19:12.0464 1092 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:19:12.0464 1092 AppID - ok
08:19:12.0604 1092 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
08:19:12.0604 1092 arc - ok
08:19:12.0698 1092 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
08:19:12.0698 1092 arcsas - ok
08:19:12.0807 1092 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:19:12.0807 1092 AsyncMac - ok
08:19:12.0916 1092 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:19:12.0916 1092 atapi - ok
08:19:13.0181 1092 atikmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
08:19:13.0228 1092 atikmdag - ok
08:19:13.0369 1092 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
08:19:13.0384 1092 b06bdrv - ok
08:19:13.0478 1092 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:19:13.0493 1092 b57nd60x - ok
08:19:13.0634 1092 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
08:19:13.0649 1092 BCM43XX - ok
08:19:13.0759 1092 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:19:13.0759 1092 Beep - ok
08:19:13.0868 1092 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:19:13.0868 1092 blbdrive - ok
08:19:14.0008 1092 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:19:14.0008 1092 bowser - ok
08:19:14.0102 1092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:19:14.0102 1092 BrFiltLo - ok
08:19:14.0211 1092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:19:14.0211 1092 BrFiltUp - ok
08:19:14.0351 1092 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
08:19:14.0351 1092 BridgeMP - ok
08:19:14.0461 1092 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:19:14.0461 1092 Brserid - ok
08:19:14.0554 1092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:19:14.0554 1092 BrSerWdm - ok
08:19:14.0632 1092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:19:14.0648 1092 BrUsbMdm - ok
08:19:14.0741 1092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:19:14.0741 1092 BrUsbSer - ok
08:19:14.0819 1092 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
08:19:14.0819 1092 BTHMODEM - ok
08:19:14.0960 1092 catchme - ok
08:19:15.0069 1092 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:19:15.0069 1092 cdfs - ok
08:19:15.0178 1092 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:19:15.0194 1092 cdrom - ok
08:19:15.0303 1092 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
08:19:15.0319 1092 circlass - ok
08:19:15.0381 1092 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:19:15.0381 1092 CLFS - ok
08:19:15.0521 1092 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
08:19:15.0521 1092 CmBatt - ok
08:19:15.0615 1092 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:19:15.0615 1092 cmdide - ok
08:19:15.0724 1092 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
08:19:15.0724 1092 CNG - ok
08:19:15.0833 1092 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
08:19:15.0833 1092 Compbatt - ok
08:19:15.0927 1092 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
08:19:15.0927 1092 CompositeBus - ok
08:19:16.0036 1092 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
08:19:16.0036 1092 crcdisk - ok
08:19:16.0161 1092 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
08:19:16.0177 1092 CSC - ok
08:19:16.0301 1092 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\Windows\system32\DRIVERS\dc3d.sys
08:19:16.0301 1092 dc3d - ok
08:19:16.0442 1092 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:19:16.0442 1092 DfsC - ok
08:19:16.0551 1092 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:19:16.0551 1092 discache - ok
08:19:16.0645 1092 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
08:19:16.0645 1092 Disk - ok
08:19:16.0769 1092 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:19:16.0769 1092 drmkaud - ok
08:19:16.0879 1092 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:19:16.0894 1092 DXGKrnl - ok
08:19:17.0066 1092 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
08:19:17.0097 1092 ebdrv - ok
08:19:17.0222 1092 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
08:19:17.0222 1092 ElbyCDIO - ok
08:19:17.0347 1092 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
08:19:17.0347 1092 elxstor - ok
08:19:17.0440 1092 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:19:17.0440 1092 ErrDev - ok
08:19:17.0549 1092 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:19:17.0549 1092 exfat - ok
08:19:17.0643 1092 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:19:17.0643 1092 fastfat - ok
08:19:17.0752 1092 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
08:19:17.0752 1092 fdc - ok
08:19:17.0846 1092 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:19:17.0846 1092 FileInfo - ok
08:19:17.0955 1092 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:19:17.0955 1092 Filetrace - ok
08:19:18.0064 1092 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
08:19:18.0064 1092 flpydisk - ok
08:19:18.0173 1092 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:19:18.0173 1092 FltMgr - ok
08:19:18.0283 1092 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:19:18.0283 1092 FsDepends - ok
08:19:18.0392 1092 FSProFilter (40a2371ffc715157099282238fc76915) C:\Windows\system32\Drivers\FSPFltd.sys
08:19:18.0392 1092 FSProFilter - ok
08:19:18.0517 1092 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
08:19:18.0517 1092 fssfltr - ok
08:19:18.0626 1092 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:19:18.0626 1092 Fs_Rec - ok
08:19:18.0751 1092 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:19:18.0751 1092 fvevol - ok
08:19:18.0860 1092 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:19:18.0860 1092 gagp30kx - ok
08:19:18.0969 1092 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:19:18.0969 1092 GEARAspiWDM - ok
08:19:19.0063 1092 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
08:19:19.0063 1092 giveio - ok
08:19:19.0109 1092 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:19:19.0109 1092 hcw85cir - ok
08:19:19.0234 1092 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
08:19:19.0250 1092 HdAudAddService - ok
08:19:19.0328 1092 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
08:19:19.0328 1092 HDAudBus - ok
08:19:19.0421 1092 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
08:19:19.0421 1092 HidBatt - ok
08:19:19.0515 1092 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
08:19:19.0515 1092 HidBth - ok
08:19:19.0609 1092 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
08:19:19.0609 1092 HidIr - ok
08:19:19.0733 1092 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:19:19.0733 1092 HidUsb - ok
08:19:19.0858 1092 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:19:19.0858 1092 HpSAMD - ok
08:19:19.0967 1092 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:19:19.0983 1092 HTTP - ok
08:19:20.0092 1092 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:19:20.0092 1092 hwpolicy - ok
08:19:20.0201 1092 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
08:19:20.0201 1092 i8042prt - ok
08:19:20.0311 1092 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:19:20.0311 1092 iaStorV - ok
08:19:20.0435 1092 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
08:19:20.0435 1092 iirsp - ok
08:19:20.0529 1092 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:19:20.0529 1092 intelide - ok
08:19:20.0638 1092 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:19:20.0638 1092 intelppm - ok
08:19:20.0732 1092 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:19:20.0732 1092 IpFilterDriver - ok
08:19:20.0841 1092 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:19:20.0857 1092 IPMIDRV - ok
08:19:20.0950 1092 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:19:20.0950 1092 IPNAT - ok
08:19:21.0091 1092 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:19:21.0091 1092 IRENUM - ok
08:19:21.0184 1092 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:19:21.0184 1092 isapnp - ok
08:19:21.0278 1092 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:19:21.0278 1092 iScsiPrt - ok
08:19:21.0387 1092 itecir (83a0305939e1d113a8d8bc2b2ea64774) C:\Windows\system32\DRIVERS\itecir.sys
08:19:21.0387 1092 itecir - ok
08:19:21.0512 1092 k57nd60x (c4c95805b85bce1eb9d20f4a02fc5f9b) C:\Windows\system32\DRIVERS\k57nd60x.sys
08:19:21.0512 1092 k57nd60x - ok
08:19:21.0621 1092 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
08:19:21.0621 1092 kbdclass - ok
08:19:21.0730 1092 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
08:19:21.0730 1092 kbdhid - ok
08:19:21.0855 1092 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
08:19:21.0855 1092 KSecDD - ok
08:19:21.0964 1092 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
08:19:21.0964 1092 KSecPkg - ok
08:19:22.0073 1092 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:19:22.0089 1092 lltdio - ok
08:19:22.0198 1092 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:19:22.0214 1092 LSI_FC - ok
08:19:22.0307 1092 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:19:22.0323 1092 LSI_SAS - ok
08:19:22.0417 1092 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:19:22.0417 1092 LSI_SAS2 - ok
08:19:22.0510 1092 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:19:22.0526 1092 LSI_SCSI - ok
08:19:22.0635 1092 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:19:22.0635 1092 luafv - ok
08:19:22.0822 1092 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
08:19:22.0822 1092 MBAMProtector - ok
08:19:22.0947 1092 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
08:19:22.0947 1092 megasas - ok
08:19:23.0056 1092 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
08:19:23.0056 1092 MegaSR - ok
08:19:23.0181 1092 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:19:23.0181 1092 Modem - ok
08:19:23.0290 1092 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:19:23.0290 1092 monitor - ok
08:19:23.0399 1092 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:19:23.0399 1092 mouclass - ok
08:19:23.0493 1092 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:19:23.0493 1092 mouhid - ok
08:19:23.0602 1092 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:19:23.0602 1092 mountmgr - ok
08:19:23.0696 1092 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:19:23.0696 1092 mpio - ok
08:19:23.0789 1092 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:19:23.0789 1092 mpsdrv - ok
08:19:23.0899 1092 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:19:23.0899 1092 MRxDAV - ok
08:19:24.0008 1092 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:19:24.0023 1092 mrxsmb - ok
08:19:24.0117 1092 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:19:24.0117 1092 mrxsmb10 - ok
08:19:24.0226 1092 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:19:24.0242 1092 mrxsmb20 - ok
08:19:24.0320 1092 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:19:24.0320 1092 msahci - ok
08:19:24.0398 1092 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:19:24.0413 1092 msdsm - ok
08:19:24.0507 1092 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:19:24.0507 1092 Msfs - ok
08:19:24.0601 1092 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:19:24.0601 1092 mshidkmdf - ok
08:19:24.0679 1092 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:19:24.0694 1092 msisadrv - ok
08:19:24.0803 1092 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:19:24.0803 1092 MSKSSRV - ok
08:19:24.0913 1092 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:19:24.0913 1092 MSPCLOCK - ok
08:19:25.0006 1092 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:19:25.0006 1092 MSPQM - ok
08:19:25.0115 1092 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:19:25.0115 1092 MsRPC - ok
08:19:25.0225 1092 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
08:19:25.0225 1092 mssmbios - ok
08:19:25.0334 1092 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:19:25.0334 1092 MSTEE - ok
08:19:25.0427 1092 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
08:19:25.0427 1092 MTConfig - ok
08:19:25.0505 1092 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:19:25.0505 1092 Mup - ok
08:19:25.0630 1092 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:19:25.0630 1092 NativeWifiP - ok
08:19:25.0771 1092 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:19:25.0771 1092 NDIS - ok
08:19:25.0880 1092 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:19:25.0880 1092 NdisCap - ok
08:19:25.0973 1092 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:19:25.0973 1092 NdisTapi - ok
08:19:26.0114 1092 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:19:26.0114 1092 Ndisuio - ok
08:19:26.0223 1092 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:19:26.0223 1092 NdisWan - ok
08:19:26.0332 1092 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:19:26.0332 1092 NDProxy - ok
08:19:26.0441 1092 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:19:26.0441 1092 NetBIOS - ok
08:19:26.0551 1092 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:19:26.0551 1092 NetBT - ok
08:19:26.0707 1092 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
08:19:26.0707 1092 nfrd960 - ok
08:19:26.0816 1092 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:19:26.0816 1092 Npfs - ok
08:19:26.0925 1092 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:19:26.0925 1092 nsiproxy - ok
08:19:27.0065 1092 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:19:27.0081 1092 Ntfs - ok
08:19:27.0206 1092 NuidFltr (ef2b9a14ec5dd74ade3417faf1b45e16) C:\Windows\system32\DRIVERS\NuidFltr.sys
08:19:27.0206 1092 NuidFltr - ok
08:19:27.0284 1092 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:19:27.0284 1092 Null - ok
08:19:27.0393 1092 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:19:27.0393 1092 nvraid - ok
08:19:27.0502 1092 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:19:27.0502 1092 nvstor - ok
08:19:27.0611 1092 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:19:27.0611 1092 nv_agp - ok
08:19:27.0689 1092 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:19:27.0689 1092 ohci1394 - ok
08:19:27.0799 1092 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:19:27.0799 1092 Parport - ok
08:19:27.0908 1092 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:19:27.0908 1092 partmgr - ok
08:19:28.0001 1092 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:19:28.0001 1092 Parvdm - ok
08:19:28.0095 1092 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:19:28.0095 1092 pci - ok
08:19:28.0204 1092 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:19:28.0204 1092 pciide - ok
08:19:28.0298 1092 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
08:19:28.0298 1092 pcmcia - ok
08:19:28.0329 1092 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:19:28.0329 1092 pcw - ok
08:19:28.0423 1092 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:19:28.0438 1092 PEAUTH - ok
08:19:28.0563 1092 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
08:19:28.0563 1092 Point32 - ok
08:19:28.0672 1092 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:19:28.0672 1092 PptpMiniport - ok
08:19:28.0750 1092 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
08:19:28.0750 1092 Processor - ok
08:19:28.0891 1092 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:19:28.0891 1092 Psched - ok
08:19:29.0015 1092 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
08:19:29.0047 1092 ql2300 - ok
08:19:29.0125 1092 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
08:19:29.0140 1092 ql40xx - ok
08:19:29.0218 1092 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:19:29.0218 1092 QWAVEdrv - ok
08:19:29.0234 1092 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:19:29.0249 1092 RasAcd - ok
08:19:29.0327 1092 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:19:29.0327 1092 RasAgileVpn - ok
08:19:29.0437 1092 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:19:29.0437 1092 Rasl2tp - ok
08:19:29.0546 1092 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:19:29.0546 1092 RasPppoe - ok
08:19:29.0639 1092 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:19:29.0639 1092 RasSstp - ok
08:19:29.0749 1092 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:19:29.0749 1092 rdbss - ok
08:19:29.0842 1092 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
08:19:29.0842 1092 rdpbus - ok
08:19:29.0951 1092 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:19:29.0951 1092 RDPCDD - ok
08:19:30.0061 1092 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
08:19:30.0076 1092 RDPDR - ok
08:19:30.0170 1092 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:19:30.0170 1092 RDPENCDD - ok
08:19:30.0341 1092 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:19:30.0341 1092 RDPREFMP - ok
08:19:30.0560 1092 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
08:19:30.0560 1092 RdpVideoMiniport - ok
08:19:30.0685 1092 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
08:19:30.0685 1092 RDPWD - ok
08:19:30.0809 1092 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:19:30.0809 1092 rdyboost - ok
08:19:30.0919 1092 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
08:19:30.0919 1092 rimmptsk - ok
08:19:31.0028 1092 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
08:19:31.0028 1092 rimsptsk - ok
08:19:31.0121 1092 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
08:19:31.0121 1092 rismxdp - ok
08:19:31.0231 1092 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:19:31.0231 1092 rspndr - ok
08:19:31.0324 1092 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
08:19:31.0324 1092 s3cap - ok
08:19:31.0433 1092 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:19:31.0433 1092 sbp2port - ok
08:19:31.0558 1092 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:19:31.0574 1092 scfilter - ok
08:19:31.0667 1092 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
08:19:31.0683 1092 sdbus - ok
08:19:31.0792 1092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:19:31.0792 1092 secdrv - ok
08:19:31.0901 1092 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:19:31.0917 1092 Serenum - ok
08:19:31.0995 1092 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:19:31.0995 1092 Serial - ok
08:19:32.0089 1092 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
08:19:32.0089 1092 sermouse - ok
08:19:32.0198 1092 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:19:32.0198 1092 sffdisk - ok
08:19:32.0291 1092 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:19:32.0291 1092 sffp_mmc - ok
08:19:32.0369 1092 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:19:32.0369 1092 sffp_sd - ok
08:19:32.0463 1092 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
08:19:32.0463 1092 sfloppy - ok
08:19:32.0572 1092 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:19:32.0572 1092 sisagp - ok
08:19:32.0681 1092 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:19:32.0681 1092 SiSRaid2 - ok
08:19:32.0759 1092 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
08:19:32.0759 1092 SiSRaid4 - ok
08:19:32.0869 1092 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:19:32.0869 1092 Smb - ok
08:19:32.0978 1092 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\Windows\system32\speedfan.sys
08:19:32.0978 1092 speedfan - ok
08:19:33.0009 1092 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:19:33.0025 1092 spldr - ok
08:19:33.0134 1092 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\System32\Drivers\sptd.sys
08:19:33.0149 1092 sptd - ok
08:19:33.0259 1092 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:19:33.0274 1092 srv - ok
08:19:33.0399 1092 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:19:33.0399 1092 srv2 - ok
08:19:33.0508 1092 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:19:33.0508 1092 srvnet - ok
08:19:33.0649 1092 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
08:19:33.0649 1092 stexstor - ok
08:19:33.0742 1092 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
08:19:33.0758 1092 storflt - ok
08:19:33.0836 1092 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
08:19:33.0836 1092 storvsc - ok
08:19:33.0929 1092 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
08:19:33.0945 1092 swenum - ok
08:19:34.0039 1092 Synth3dVsc - ok
08:19:34.0148 1092 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
08:19:34.0163 1092 Tcpip - ok
08:19:34.0288 1092 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
08:19:34.0304 1092 TCPIP6 - ok
08:19:34.0429 1092 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:19:34.0429 1092 tcpipreg - ok
08:19:34.0538 1092 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:19:34.0538 1092 TDPIPE - ok
08:19:34.0600 1092 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
08:19:34.0600 1092 TDTCP - ok
08:19:34.0663 1092 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:19:34.0663 1092 tdx - ok
08:19:34.0756 1092 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
08:19:34.0756 1092 TermDD - ok
08:19:34.0912 1092 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:19:34.0912 1092 tssecsrv - ok
08:19:35.0037 1092 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:19:35.0037 1092 TsUsbFlt - ok
08:19:35.0115 1092 tsusbhub - ok
08:19:35.0240 1092 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:19:35.0240 1092 tunnel - ok
08:19:35.0318 1092 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
08:19:35.0318 1092 uagp35 - ok
08:19:35.0427 1092 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:19:35.0443 1092 udfs - ok
08:19:35.0552 1092 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:19:35.0567 1092 uliagpkx - ok
08:19:35.0661 1092 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
08:19:35.0677 1092 umbus - ok
08:19:35.0755 1092 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
08:19:35.0755 1092 UmPass - ok
08:19:35.0895 1092 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
08:19:35.0895 1092 USBAAPL - ok
08:19:35.0989 1092 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:19:35.0989 1092 usbccgp - ok
08:19:36.0067 1092 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:19:36.0082 1092 usbcir - ok
08:19:36.0129 1092 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
08:19:36.0129 1092 usbehci - ok
08:19:36.0223 1092 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:19:36.0238 1092 usbhub - ok
08:19:36.0316 1092 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
08:19:36.0332 1092 usbohci - ok
08:19:36.0425 1092 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
08:19:36.0425 1092 usbprint - ok
08:19:36.0503 1092 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:19:36.0519 1092 USBSTOR - ok
08:19:36.0550 1092 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:19:36.0550 1092 usbuhci - ok
08:19:36.0659 1092 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
08:19:36.0659 1092 usbvideo - ok
08:19:36.0769 1092 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
08:19:36.0769 1092 usb_rndisx - ok
08:19:36.0878 1092 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:19:36.0878 1092 vdrvroot - ok
08:19:36.0971 1092 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:19:36.0971 1092 vga - ok
08:19:37.0065 1092 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:19:37.0065 1092 VgaSave - ok
08:19:37.0143 1092 VGPU - ok
08:19:37.0174 1092 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:19:37.0190 1092 vhdmp - ok
08:19:37.0283 1092 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:19:37.0283 1092 viaagp - ok
08:19:37.0377 1092 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
08:19:37.0377 1092 ViaC7 - ok
08:19:37.0471 1092 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:19:37.0471 1092 viaide - ok
08:19:37.0564 1092 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
08:19:37.0564 1092 vmbus - ok
08:19:37.0658 1092 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
08:19:37.0658 1092 VMBusHID - ok
08:19:37.0751 1092 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:19:37.0751 1092 volmgr - ok
08:19:37.0845 1092 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:19:37.0861 1092 volmgrx - ok
08:19:37.0939 1092 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:19:37.0954 1092 volsnap - ok
08:19:38.0048 1092 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
08:19:38.0048 1092 vsmraid - ok
08:19:38.0173 1092 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
08:19:38.0173 1092 vwifibus - ok
08:19:38.0266 1092 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
08:19:38.0266 1092 vwififlt - ok
08:19:38.0344 1092 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
08:19:38.0344 1092 WacomPen - ok
08:19:38.0469 1092 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:19:38.0469 1092 WANARP - ok
08:19:38.0485 1092 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:19:38.0485 1092 Wanarpv6 - ok
08:19:38.0594 1092 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
08:19:38.0594 1092 Wd - ok
08:19:38.0719 1092 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
08:19:38.0734 1092 WDC_SAM - ok
08:19:38.0828 1092 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:19:38.0843 1092 Wdf01000 - ok
08:19:38.0968 1092 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:19:38.0968 1092 WfpLwf - ok
08:19:39.0046 1092 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:19:39.0046 1092 WIMMount - ok
08:19:39.0187 1092 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:19:39.0187 1092 WinUsb - ok
08:19:39.0296 1092 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
08:19:39.0296 1092 WmiAcpi - ok
08:19:39.0421 1092 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:19:39.0421 1092 ws2ifsl - ok
08:19:39.0545 1092 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:19:39.0545 1092 WudfPf - ok
08:19:39.0670 1092 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:19:39.0670 1092 WUDFRd - ok
08:19:39.0733 1092 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:19:39.0779 1092 \Device\Harddisk0\DR0 - ok
08:19:39.0795 1092 Boot (0x1200) (88ada3bef99e002c71131056743843e4) \Device\Harddisk0\DR0\Partition0
08:19:39.0795 1092 \Device\Harddisk0\DR0\Partition0 - ok
08:19:39.0811 1092 Boot (0x1200) (4b6d9feb589b8330c738d41399de8290) \Device\Harddisk0\DR0\Partition1
08:19:39.0811 1092 \Device\Harddisk0\DR0\Partition1 - ok
08:19:39.0811 1092 ============================================================
08:19:39.0811 1092 Scan finished
08:19:39.0811 1092 ============================================================
08:19:39.0826 4192 Detected object count: 0
08:19:39.0826 4192 Actual detected object count: 0
08:20:10.0418 4532 Deinitialize success



aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-04 08:23:21
-----------------------------
08:23:21.578 OS Version: Windows 6.1.7601 Service Pack 1
08:23:21.578 Number of processors: 2 586 0xF0D
08:23:21.578 ComputerName: ANDREW-LAPTOP UserName: Andrew
08:23:22.592 Initialize success
08:24:38.774 AVAST engine defs: 12030400
08:25:09.553 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:25:09.553 Disk 0 Vendor: TOSHIBA_MK3263GSX FG021D Size: 305245MB BusType: 11
08:25:09.631 Disk 0 MBR read successfully
08:25:09.631 Disk 0 MBR scan
08:25:09.646 Disk 0 Windows 7 default MBR code
08:25:09.662 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 156096 MB offset 2048
08:25:09.740 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 149146 MB offset 319686656
08:25:09.818 Disk 0 scanning sectors +625137664
08:25:09.896 Disk 0 scanning C:\Windows\system32\drivers
08:25:20.599 Service scanning
08:25:56.682 Modules scanning
08:26:13.203 Disk 0 trace - called modules:
08:26:13.218 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
08:26:13.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867901b8]
08:26:13.234 3 CLASSPNP.SYS[8b3bf59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x862a5908]
08:26:14.108 AVAST engine scan C:\Windows
08:26:16.666 AVAST engine scan C:\Windows\system32
08:28:55.927 AVAST engine scan C:\Windows\system32\drivers
08:29:08.859 AVAST engine scan C:\Users\Andrew
08:45:32.285 AVAST engine scan C:\ProgramData
08:46:46.354 Scan finished successfully
08:47:21.735 Disk 0 MBR has been saved successfully to "C:\Users\Andrew\Desktop\MBR.dat"
08:47:21.750 The log file has been saved successfully to "C:\Users\Andrew\Desktop\aswMBR.txt"


No issue running either or downloading the updates (which is an improvement from the previous thread linked in the OP)

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 04 March 2012 - 01:05 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DrewpyDog

DrewpyDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 04 March 2012 - 01:58 PM

OK here is the result of the OTL log:

OTL logfile created on: 3/4/2012 1:31:43 PM - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Andrew\Downloads\Drivers
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 68.33% Memory free
5.99 Gb Paging File | 5.03 Gb Available in Paging File | 83.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = E:\Program Files
Drive C: | 152.44 Gb Total Space | 70.07 Gb Free Space | 45.97% Space Free | Partition Type: NTFS
Drive E: | 145.65 Gb Total Space | 43.78 Gb Free Space | 30.06% Space Free | Partition Type: NTFS

Computer Name: ANDREW-LAPTOP | User Name: Andrew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andrew\Downloads\Drivers\OTL(1).exe (OldTimer Tools)
PRC - E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\fsproflt.exe (FSPro Labs)
PRC - E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (WinDefend) -- File not found
SRV - (SBSDWSCService) -- File not found
SRV - (MBAMService) -- E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- E:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (fsproflt) -- C:\Windows\System32\fsproflt.exe (FSPro Labs)
SRV - (StarWindServiceAE) -- E:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- File not found
DRV - (tsusbhub) -- File not found
DRV - (Synth3dVsc) -- File not found
DRV - (catchme) -- File not found
DRV - (aswMBR) -- File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Almico Software)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\androidusb.sys (Google Inc)
DRV - (k57nd60x) Broadcom NetLink ™ -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (FSProFilter) -- C:\Windows\System32\Drivers\FSPFltd.sys (FSPro Labs)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i4
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\..\SearchScopes,DefaultScope = {BF5CDBD7-EC78-41F8-A1B1-01829572104D}
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bleepingcomputer.com/forums/topic444479.html"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: E:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: E:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 20:02:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/27 13:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/22 19:51:28 | 000,000,000 | ---D | M]

[2011/12/18 14:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2011/12/18 14:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/02/20 16:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\y81hwh0o.default\extensions
[2012/02/22 19:49:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y81HWH0O.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y81HWH0O.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y81HWH0O.DEFAULT\EXTENSIONS\GAMER@ZAKEN.ORG.XPI
() (No name found) -- C:\USERS\ANDREW\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y81HWH0O.DEFAULT\EXTENSIONS\VRZWFWWYTI@VRZWFWWYTI.ORG.XPI
[2012/01/22 20:02:35 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- E:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Andrew\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Andrew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Andrew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: NPCIG.dll (Enabled) = E:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = E:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = E:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = E:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Add to Amazon Wish List = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_0\
CHR - Extension: Select To Get Maps = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hinehgnhgiohbfpbpgkjnelkcgdkcgha\1.1.1_0\
CHR - Extension: ICE Quick Stream = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\3.9_0\
CHR - Extension: Poppit = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Awaiting The Antagonist = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgieaojfcelkfbplpfembkjgdoakclck\1.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Auto-Reload = C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofojbjgaaddibdfpmmjeonahgbacejid\7.9.8_0\

O1 HOSTS File: ([2012/03/03 16:28:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [mylbx] E:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2324314972-704830935-3040404962-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A854ED2-F44A-4F73-8360-65D720577C5A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E28F2BE-5C5B-4DDA-97AB-E277DE96ADF6}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 17:42:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/03 16:30:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/03 16:30:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\temp
[2012/03/03 16:16:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/03 16:16:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/03 16:16:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 16:16:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/03 11:01:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\DDMSettings
[2012/03/02 09:40:38 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew\Desktop\TDSSKiller.exe
[2012/03/01 20:31:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/01 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Round 2
[2012/02/23 16:51:49 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\ElevatedDiagnostics
[2012/02/23 16:30:30 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/23 16:26:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\BC
[2012/02/21 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Malwarebytes
[2012/02/21 21:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/21 21:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/21 21:02:57 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2012/02/21 20:51:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/02/21 20:45:40 | 000,000,000 | ---D | C] -- E:\Program Files\Oracle
[2012/02/21 20:04:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/21 20:01:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/20 22:49:28 | 000,000,000 | ---D | C] -- E:\Program Files\ESET
[2012/02/20 22:44:12 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/20 22:15:09 | 000,000,000 | ---D | C] -- C:\found.000
[2012/02/20 17:51:15 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\New folder
[2012/02/20 17:16:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/20 16:09:54 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\To Do
[2012/02/20 15:38:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Desktop\Navy
[2012/02/19 23:38:00 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/02/15 17:15:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/02/15 17:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2012/02/15 17:15:31 | 000,000,000 | ---D | C] -- E:\Program Files\SpeedFan
[2012/02/15 17:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/02/15 17:11:39 | 000,000,000 | ---D | C] -- E:\Program Files\Core Temp
[2012/02/14 21:50:41 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/14 21:50:40 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/14 21:50:40 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/14 21:50:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/14 21:50:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/14 21:50:36 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/14 21:29:34 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/02/14 21:29:23 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/04 15:41:48 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2012/02/04 15:41:45 | 000,000,000 | ---D | C] -- E:\Program Files\focus booster
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/04 12:57:06 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2324314972-704830935-3040404962-1000UA.job
[2012/03/04 08:47:21 | 000,000,512 | ---- | M] () -- C:\Users\Andrew\Desktop\MBR.dat
[2012/03/04 08:17:18 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andrew\Desktop\TDSSKiller.exe
[2012/03/04 08:06:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 17:49:30 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 17:49:30 | 000,013,440 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 17:41:53 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/03 16:28:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/03 15:57:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2324314972-704830935-3040404962-1000Core.job
[2012/02/27 20:57:27 | 000,000,020 | ---- | M] () -- C:\Users\Andrew\defogger_reenable
[2012/02/24 05:49:37 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/24 05:49:37 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/23 16:30:32 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 17:38:09 | 000,437,081 | ---- | M] () -- C:\Users\Andrew\Desktop\Learn How To Code.pdf
[2012/02/20 22:41:46 | 000,472,064 | ---- | M] ( ) -- C:\Users\Andrew\Desktop\RootRepeal.exe
[2012/02/20 18:30:28 | 264,512,349 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/20 11:01:21 | 000,000,882 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2012/02/15 17:29:44 | 000,000,063 | ---- | M] () -- C:\1.html
[2012/02/15 17:15:31 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2012/02/15 15:44:29 | 001,747,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/04 21:24:34 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/04 08:47:21 | 000,000,512 | ---- | C] () -- C:\Users\Andrew\Desktop\MBR.dat
[2012/03/03 16:16:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/03 16:16:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/03 16:16:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/03 16:16:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/03 16:16:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/27 20:57:12 | 000,000,020 | ---- | C] () -- C:\Users\Andrew\defogger_reenable
[2012/02/23 16:30:32 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/21 17:38:09 | 000,437,081 | ---- | C] () -- C:\Users\Andrew\Desktop\Learn How To Code.pdf
[2012/02/20 17:16:43 | 264,512,349 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/15 17:29:38 | 000,000,063 | ---- | C] () -- C:\1.html
[2012/02/15 17:15:29 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2012/02/04 15:41:46 | 000,000,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\focus booster.lnk
[2012/01/26 20:15:32 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/09/13 19:30:09 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/08/26 06:51:15 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/08/26 06:50:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/27 12:40:46 | 000,035,979 | ---- | C] () -- E:\Program Files\Photoshop CS3 Read Me.html
[2011/04/19 21:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/04/06 16:49:58 | 000,430,080 | ---- | C] () -- C:\Windows\System32\ZSHP1020.EXE
[2011/04/06 14:43:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 12:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/02/28 16:30:06 | 000,233,012 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 04 March 2012 - 02:12 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i4
    IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\..\SearchScopes,DefaultScope = {BF5CDBD7-EC78-41F8-A1B1-01829572104D}
    IE - HKU\S-1-5-21-2324314972-704830935-3040404962-1000\..\SearchScopes\{BF5CDBD7-EC78-41F8-A1B1-01829572104D}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18570,0,0,6434&p={searchTerms}
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Spybot - Search & Destroy\SDHelper.dll File not found
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Spybot - Search & Destroy\SDHelper.dll File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Edited by gringo_pr, 04 March 2012 - 02:29 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 DrewpyDog

DrewpyDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 04 March 2012 - 02:13 PM

Two things I noticed while looking through that log

It says the processes running there are two AMD processes - my computer runs an Intel processor so Im not sure if that's correct.

And I also see the Geneio toolbar mentioned in there, which is around the time my computer started to go haywire.

But of course most of that log makes no sense to me so I'm really just guessing.

Here is the updated log:

All processes killed
========== OTL ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Andrew\Downloads\Drivers\cmd.bat deleted successfully.
C:\Users\Andrew\Downloads\Drivers\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 52598384 bytes
->Temporary Internet Files folder emptied: 51738147 bytes
->Java cache emptied: 2810026 bytes
->FireFox cache emptied: 859201804 bytes
->Google Chrome cache emptied: 13845302 bytes
->Flash cache emptied: 118560 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 935.00 mb


[EMPTYJAVA]

User: All Users

User: Andrew
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: TEMP

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Andrew
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.35.1 log created on 03042012_141510

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by DrewpyDog, 04 March 2012 - 02:25 PM.


#14 DrewpyDog

DrewpyDog
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:53 PM

Posted 04 March 2012 - 02:29 PM

Sigh...still redirecting. I clicked a few links that worked but on the forth shot it started to redirect me again to a website something along the lines of " http://63.209.69.107/search/web/ (search term) "

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:53 PM

Posted 04 March 2012 - 02:30 PM

the amd looks like it may have to do with graphics and the toolbar I added them to the script


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users