Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a virus?


  • This topic is locked This topic is locked
19 replies to this topic

#1 DianeHarvard

DianeHarvard

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 12 March 2012 - 01:19 PM

I've had the google redirect virus twice in the past. Both times I posted on this website and used combofix to get rid of it. And here we are again. Except this time it is not only affecting google but yahoo and bing as well. So I need your help again. Please let me know how to get rid of this stupid trojan/virus/rootkit/ whatever the hell it is once and for all.

Sorry, here are my DDS logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Diane at 13:20:10 on 2012-03-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2498 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\PROGRA~2\Bandoo\Bandoo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files (x86)\UnHackMe\hackmon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~2\UnHackMe\reanimator.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=109929&tt=090212_noffx&babsrc=HP_ss&mntrId=3015c96700000000000090e6ba58d0f2
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [uTorrent] "C:\Users\Diane\Downloads\utorrent(1).exe" /MINIMIZED
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ConduitHelper] "C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 208.180.42.100 208.180.42.68
TCP: Interfaces\{DF4B6D31-8A27-4C04-9896-4C32350A8C15} : DhcpNameServer = 208.180.42.100 208.180.42.68
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~2\bandoo\bndhook.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [ConduitHelper] "C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: c:\progra~2\bandoo\bndhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\f55zwb6t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Diane\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\Diane\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: extentions.y2layers.installId - 4a1b86d0-dd32-4c3f-aad6-f14443907de1
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3015c96700000000000090e6ba58d0f2
FF - user.js: extensions.BabylonToolbar_i.hardId - 3015c96700000000000090e6ba58d0f2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15385
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:18:53
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100224.002\IDSviA64.sys [2010-2-25 466992]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-11 909152]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-15 135664]
S2 idsvc32;Windows CardSpace ;c:\windows\system32\nlslexicons000232.exe --> c:\windows\system32\nlslexicons000232.exe [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-15 135664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-12 18:06:01 39184 ----a-w- C:\Windows\System32\Partizan.exe
2012-03-12 18:00:04 39184 ----a-w- C:\Windows\SysWow64\Partizan.exe
2012-03-12 18:00:04 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2012-03-12 18:00:00 2 --shatr- C:\Windows\winstart.bat
2012-03-12 17:59:56 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2012-03-12 17:59:53 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-03-12 17:48:32 -------- d-----w- C:\Users\Diane\AppData\Local\NPE
2012-03-11 19:18:39 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-11 18:10:49 -------- d-----w- C:\ComboFix
2012-03-11 03:54:47 98816 ----a-w- C:\Windows\sed.exe
2012-03-11 03:54:47 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-11 03:54:47 256000 ----a-w- C:\Windows\PEV.exe
2012-03-11 03:54:47 208896 ----a-w- C:\Windows\MBR.exe
2012-02-16 17:27:21 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 17:27:21 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 17:27:20 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 17:27:20 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 17:27:19 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 17:27:19 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 17:27:16 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 17:27:16 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 22:18:54 -------- d-----w- C:\Users\Diane\AppData\Local\I Want This
2012-02-15 22:18:54 -------- d-----w- C:\Program Files (x86)\BabylonToolbar
2012-02-15 22:18:52 -------- d-----w- C:\Program Files (x86)\I Want This
2012-02-15 22:18:49 -------- d-----w- C:\Users\Diane\AppData\Local\Babylon
2012-02-15 22:18:48 -------- d-----w- C:\Users\Diane\AppData\Roaming\Babylon
2012-02-15 22:18:48 -------- d-----w- C:\ProgramData\Babylon
2012-02-15 22:18:40 -------- d-----w- C:\Users\Diane\Adlsoft Uncompressor
2012-02-12 01:58:12 696832 ----a-w- C:\Windows\System32\xvidcore.dll
2012-02-12 01:58:12 255488 ----a-w- C:\Windows\System32\xvidvfw.dll
2012-02-12 01:58:12 173568 ----a-w- C:\Windows\System32\xvid.ax
2012-02-12 01:58:12 153088 ----a-w- C:\Windows\SysWow64\xvid.ax
2012-02-12 01:58:11 645632 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-02-12 01:58:11 240640 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-02-12 01:57:04 -------- d-----w- C:\Users\Diane\.bitrock
2012-02-12 01:46:38 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-02-12 01:46:25 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-02-12 01:46:19 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-02-12 01:46:15 108544 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
.
==================== Find3M ====================
.
2012-03-03 20:37:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-12 01:46:10 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-02-12 01:46:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-01-25 03:42:00 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-25 22:26:46 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:20:51.97 ===============

Attached Files


Edited by boopme, 12 March 2012 - 01:33 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 PM

Posted 13 March 2012 - 01:12 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DianeHarvard

DianeHarvard
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 13 March 2012 - 01:32 PM

My computer continues to redirect me :( Please........is there anything you can do?

And here is the log from combofix
ComboFix 12-03-13.01 - Diane 03/13/2012 12:39:20.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2948 [GMT -5:00]
Running from: c:\users\Diane\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
c:\users\Public\AlexaNSISPlugin.2748.dll
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\2c53092c95605355.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\488878d3768d5286.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\e0de16f883bea794.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 17:55 . 2012-03-13 17:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-13 17:55 . 2012-03-13 17:55 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-13 17:55 . 2012-03-13 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 17:55 . 2012-03-13 17:55 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-03-13 17:37 . 2012-03-13 17:37 -------- d-----w- c:\users\Diane\AppData\Roaming\Uniblue
2012-03-13 17:37 . 2012-03-13 17:37 -------- d-----w- c:\program files (x86)\Uniblue
2012-03-12 18:47 . 2012-03-12 18:47 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-03-12 18:47 . 2012-03-12 18:47 -------- d-----w- c:\users\Diane\AppData\Roaming\com.w3i.fliptoast
2012-03-12 18:47 . 2012-03-12 18:47 -------- d-----w- c:\program files (x86)\Fliptoast
2012-03-12 18:46 . 2012-03-12 18:46 -------- d-----w- c:\users\Diane\AppData\Roaming\W3i, LLC
2012-03-12 18:44 . 2012-03-12 18:44 -------- d-----w- c:\users\Diane\AppData\Local\Zoom_Downloader
2012-03-12 18:44 . 2012-03-12 18:44 -------- d-----w- c:\program files (x86)\Zoom Downloader
2012-03-12 18:44 . 2012-03-13 17:46 -------- d-----w- c:\program files (x86)\Amazon Browser Bar
2012-03-12 18:06 . 2012-03-12 18:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-03-12 18:00 . 2012-03-12 18:00 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-03-12 18:00 . 2012-03-12 18:00 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-03-12 18:00 . 2012-03-12 18:00 2 --shatr- c:\windows\winstart.bat
2012-03-12 17:59 . 2012-01-23 22:01 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2012-03-12 17:59 . 2012-03-12 18:11 -------- d-----w- c:\program files (x86)\UnHackMe
2012-03-12 17:48 . 2012-03-12 17:52 -------- d-----w- c:\users\Diane\AppData\Local\NPE
2012-02-16 17:27 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 17:27 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 17:27 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 17:27 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 17:27 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 17:27 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 17:27 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 17:27 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 22:18 . 2012-02-15 22:18 240 ----a-w- C:\user.js
2012-02-15 22:18 . 2012-02-15 22:18 -------- d-----w- c:\users\Diane\AppData\Local\I Want This
2012-02-15 22:18 . 2012-02-15 22:18 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-02-15 22:18 . 2012-02-15 22:19 -------- d-----w- c:\program files (x86)\I Want This
2012-02-15 22:18 . 2012-02-15 22:18 -------- d-----w- c:\users\Diane\AppData\Local\Babylon
2012-02-15 22:18 . 2012-02-15 22:18 -------- d-----w- c:\users\Diane\AppData\Roaming\Babylon
2012-02-15 22:18 . 2012-02-15 22:18 -------- d-----w- c:\programdata\Babylon
2012-02-15 22:18 . 2012-02-15 22:18 -------- d-----w- c:\users\Diane\Adlsoft Uncompressor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-03 20:37 . 2011-06-16 17:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-12 01:46 . 2009-07-24 03:46 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-02-12 01:46 . 2009-07-24 03:46 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-01-25 03:42 . 2012-01-25 03:42 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-25 22:26 . 2011-06-25 02:40 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-11_19.10.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-11 21:18 . 2012-03-12 22:07 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-11 21:18 . 2012-03-12 22:07 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2012-03-11 21:18 . 2012-03-12 22:07 16384 c:\windows\Temp\Cookies\index.dat
+ 2009-08-28 18:43 . 2012-03-12 18:08 54684 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-13 17:59 47520 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-03 04:24 . 2012-03-13 17:59 18218 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1166625813-2935594066-3979737465-1000_UserData.bin
+ 2012-03-12 18:46 . 2012-03-12 18:46 32256 c:\windows\Installer\24c028.msi
+ 2012-03-12 18:47 . 2012-03-12 18:47 82726 c:\windows\Installer\{B25D67C4-E885-43F8-8085-B532F6261529}\fliptoast.exe
+ 2009-12-05 02:47 . 2012-03-12 18:06 3058 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-03-13 17:57 . 2012-03-13 17:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-11 19:09 . 2012-03-11 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-11 19:09 . 2012-03-11 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-13 17:57 . 2012-03-13 17:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-03 18:03 . 2012-03-13 17:33 342710 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-03-03 20:42 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-12 18:12 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-03 20:42 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-12 18:12 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-11 19:09 337180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-13 17:56 337180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-12 18:46 . 2012-03-12 18:46 960000 c:\windows\Installer\24c03b.msi
+ 2012-03-12 18:44 . 2012-03-12 18:44 126976 c:\windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
+ 2009-12-03 04:57 . 2012-03-13 17:57 2473784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-12-03 04:57 . 2012-03-11 04:49 2473784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-12-03 04:57 . 2012-03-13 17:56 6444844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1166625813-2935594066-3979737465-1000-8192.dat
- 2009-12-03 04:57 . 2012-03-11 19:09 6444844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1166625813-2935594066-3979737465-1000-8192.dat
+ 2011-08-05 06:51 . 2012-03-13 17:56 1625860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1166625813-2935594066-3979737465-1000-12288.dat
- 2011-08-05 06:51 . 2012-02-17 09:26 1625860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1166625813-2935594066-3979737465-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 22:07 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"uTorrent"="c:\users\Diane\Downloads\utorrent(1).exe" [2011-09-17 640888]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"DownloadManager"="c:\program files (x86)\Zoom Downloader\DownloadManager.exe" [2012-03-12 848384]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118624]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe" [2011-08-31 274216]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-11 928096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-02-12 296056]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Fliptoast.lnk - c:\program files (x86)\Fliptoast\fliptoast.exe [2012-1-26 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0Partizan\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 idsvc32;Windows CardSpace ;c:\windows\system32\nlslexicons000232.exe [x]
R2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-01-27 203776]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys [2009-10-28 466992]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-03-13 19:41]
.
2012-03-13 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-09-17 20:24]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 16:37]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 16:37]
.
2012-03-10 c:\windows\Tasks\HPCeeScheduleForDiane.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762224]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-16_5e6e53a2b9a3426986728082be8223f7_16_16_20120312_US_ie_sp_
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 208.180.42.100 208.180.42.68
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\f55zwb6t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: extentions.y2layers.installId - 4a1b86d0-dd32-4c3f-aad6-f14443907de1
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3015c96700000000000090e6ba58d0f2
FF - user.js: extensions.BabylonToolbar_i.hardId - 3015c96700000000000090e6ba58d0f2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15385
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:18
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{008f6853-9cb4-41c5-a950-39d55e5e06ba} - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
BHO-{F443A627-5009-4323-9C1D-7FD598D0D712} - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
Toolbar-{EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\progra~2\Bandoo\Bandoo.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\UnHackMe\hackmon.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-03-13 13:24:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 18:23
ComboFix2.txt 2012-03-11 19:14
ComboFix3.txt 2011-07-20 16:51
ComboFix4.txt 2011-06-30 22:41
.
Pre-Run: 356,731,043,840 bytes free
Post-Run: 356,284,846,080 bytes free
.
- - End Of File - - A6C02826F7FA93FD37370E3F731EEF53

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 PM

Posted 13 March 2012 - 02:34 PM

Hello


My computer continues to redirect me :( Please........is there anything you can do?

please slow down this is not run one program and all is back to roses, it will take a ;ittle work but we will get there



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DianeHarvard

DianeHarvard
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 13 March 2012 - 04:14 PM

16:13:37.0086 6932 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
16:13:37.0406 6932 ============================================================
16:13:37.0407 6932 Current date / time: 2012/03/13 16:13:37.0406
16:13:37.0407 6932 SystemInfo:
16:13:37.0407 6932
16:13:37.0407 6932 OS Version: 6.1.7601 ServicePack: 1.0
16:13:37.0407 6932 Product type: Workstation
16:13:37.0407 6932 ComputerName: DIANE-PC
16:13:37.0408 6932 UserName: Diane
16:13:37.0408 6932 Windows directory: C:\Windows
16:13:37.0408 6932 System windows directory: C:\Windows
16:13:37.0408 6932 Running under WOW64
16:13:37.0408 6932 Processor architecture: Intel x64
16:13:37.0408 6932 Number of processors: 2
16:13:37.0408 6932 Page size: 0x1000
16:13:37.0408 6932 Boot type: Normal boot
16:13:37.0408 6932 ============================================================
16:13:38.0539 6932 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
16:13:38.0542 6932 Drive \Device\Harddisk1\DR1 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:13:38.0557 6932 \Device\Harddisk0\DR0:
16:13:38.0557 6932 MBR used
16:13:38.0557 6932 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:13:38.0557 6932 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38B71800
16:13:38.0557 6932 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38BA4000, BlocksNum 0x17E1800
16:13:38.0557 6932 \Device\Harddisk1\DR1:
16:13:38.0559 6932 MBR used
16:13:38.0559 6932 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
16:13:38.0632 6932 Initialize success
16:13:38.0632 6932 ============================================================
16:13:40.0549 6116 ============================================================
16:13:40.0549 6116 Scan started
16:13:40.0549 6116 Mode: Manual;
16:13:40.0549 6116 ============================================================
16:13:41.0255 6116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:13:41.0261 6116 1394ohci - ok
16:13:41.0347 6116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:13:41.0352 6116 ACPI - ok
16:13:41.0392 6116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:13:41.0394 6116 AcpiPmi - ok
16:13:41.0446 6116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:13:41.0455 6116 adp94xx - ok
16:13:41.0490 6116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:13:41.0494 6116 adpahci - ok
16:13:41.0508 6116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:13:41.0511 6116 adpu320 - ok
16:13:41.0578 6116 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:13:41.0586 6116 AFD - ok
16:13:41.0642 6116 AgereSoftModem (184e1ad35dbf9328add7d560a792e6e9) C:\Windows\system32\DRIVERS\agrsm64.sys
16:13:41.0669 6116 AgereSoftModem - ok
16:13:41.0703 6116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:13:41.0704 6116 agp440 - ok
16:13:41.0755 6116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:13:41.0756 6116 aliide - ok
16:13:41.0783 6116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:13:41.0784 6116 amdide - ok
16:13:41.0818 6116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:13:41.0820 6116 AmdK8 - ok
16:13:41.0841 6116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:13:41.0841 6116 AmdPPM - ok
16:13:41.0894 6116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:13:41.0896 6116 amdsata - ok
16:13:41.0953 6116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:13:41.0957 6116 amdsbs - ok
16:13:41.0979 6116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:13:41.0981 6116 amdxata - ok
16:13:42.0036 6116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:13:42.0039 6116 AppID - ok
16:13:42.0127 6116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:13:42.0130 6116 arc - ok
16:13:42.0150 6116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:13:42.0152 6116 arcsas - ok
16:13:42.0192 6116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:13:42.0194 6116 AsyncMac - ok
16:13:42.0237 6116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:13:42.0239 6116 atapi - ok
16:13:42.0283 6116 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
16:13:42.0285 6116 AVGIDSDriver - ok
16:13:42.0319 6116 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
16:13:42.0319 6116 AVGIDSEH - ok
16:13:42.0336 6116 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
16:13:42.0337 6116 AVGIDSFilter - ok
16:13:42.0376 6116 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
16:13:42.0385 6116 Avgldx64 - ok
16:13:42.0432 6116 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
16:13:42.0433 6116 Avgmfx64 - ok
16:13:42.0475 6116 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
16:13:42.0476 6116 Avgrkx64 - ok
16:13:42.0520 6116 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
16:13:42.0526 6116 Avgtdia - ok
16:13:42.0567 6116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:13:42.0571 6116 b06bdrv - ok
16:13:42.0601 6116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:13:42.0605 6116 b57nd60a - ok
16:13:42.0654 6116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:13:42.0655 6116 Beep - ok
16:13:42.0729 6116 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys
16:13:42.0731 6116 BHDrvx64 - ok
16:13:42.0742 6116 BlackBox - ok
16:13:42.0777 6116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:13:42.0778 6116 blbdrive - ok
16:13:42.0839 6116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:13:42.0842 6116 bowser - ok
16:13:42.0865 6116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:13:42.0868 6116 BrFiltLo - ok
16:13:42.0882 6116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:13:42.0885 6116 BrFiltUp - ok
16:13:42.0904 6116 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:13:42.0907 6116 BridgeMP - ok
16:13:42.0935 6116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:13:42.0937 6116 Brserid - ok
16:13:42.0956 6116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:13:42.0957 6116 BrSerWdm - ok
16:13:42.0988 6116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:13:42.0990 6116 BrUsbMdm - ok
16:13:43.0001 6116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:13:43.0002 6116 BrUsbSer - ok
16:13:43.0016 6116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:13:43.0018 6116 BTHMODEM - ok
16:13:43.0051 6116 catchme - ok
16:13:43.0139 6116 ccHP (a2e6ab452b9393ca8d11d28827e0e1a1) C:\Windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys
16:13:43.0149 6116 ccHP - ok
16:13:43.0173 6116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:13:43.0176 6116 cdfs - ok
16:13:43.0234 6116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:13:43.0236 6116 cdrom - ok
16:13:43.0258 6116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:13:43.0260 6116 circlass - ok
16:13:43.0289 6116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:13:43.0293 6116 CLFS - ok
16:13:43.0335 6116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:13:43.0336 6116 CmBatt - ok
16:13:43.0371 6116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:13:43.0372 6116 cmdide - ok
16:13:43.0422 6116 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:13:43.0427 6116 CNG - ok
16:13:43.0447 6116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:13:43.0449 6116 Compbatt - ok
16:13:43.0505 6116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:13:43.0507 6116 CompositeBus - ok
16:13:43.0541 6116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:13:43.0543 6116 crcdisk - ok
16:13:43.0634 6116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:13:43.0636 6116 DfsC - ok
16:13:43.0663 6116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:13:43.0664 6116 discache - ok
16:13:43.0698 6116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:13:43.0700 6116 Disk - ok
16:13:43.0779 6116 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:13:43.0783 6116 Dot4 - ok
16:13:43.0809 6116 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:13:43.0810 6116 Dot4Print - ok
16:13:43.0864 6116 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:13:43.0866 6116 dot4usb - ok
16:13:43.0902 6116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:13:43.0903 6116 drmkaud - ok
16:13:43.0952 6116 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:13:43.0961 6116 DXGKrnl - ok
16:13:44.0033 6116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:13:44.0052 6116 ebdrv - ok
16:13:44.0127 6116 eeCtrl (8ecb5d35f400706016931bd25ae1b554) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:13:44.0137 6116 eeCtrl - ok
16:13:44.0188 6116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:13:44.0193 6116 elxstor - ok
16:13:44.0227 6116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:13:44.0228 6116 ErrDev - ok
16:13:44.0265 6116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:13:44.0299 6116 exfat - ok
16:13:44.0403 6116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:13:44.0407 6116 fastfat - ok
16:13:44.0430 6116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:13:44.0432 6116 fdc - ok
16:13:44.0455 6116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:13:44.0456 6116 FileInfo - ok
16:13:44.0472 6116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:13:44.0473 6116 Filetrace - ok
16:13:44.0495 6116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:13:44.0496 6116 flpydisk - ok
16:13:44.0529 6116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:13:44.0531 6116 FltMgr - ok
16:13:44.0561 6116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:13:44.0563 6116 FsDepends - ok
16:13:44.0581 6116 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:13:44.0582 6116 Fs_Rec - ok
16:13:44.0618 6116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:13:44.0620 6116 fvevol - ok
16:13:44.0635 6116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:13:44.0636 6116 gagp30kx - ok
16:13:44.0696 6116 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:13:44.0697 6116 GEARAspiWDM - ok
16:13:44.0741 6116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:13:44.0742 6116 hcw85cir - ok
16:13:44.0781 6116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:13:44.0784 6116 HDAudBus - ok
16:13:44.0803 6116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:13:44.0805 6116 HidBatt - ok
16:13:44.0826 6116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:13:44.0828 6116 HidBth - ok
16:13:44.0841 6116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:13:44.0842 6116 HidIr - ok
16:13:44.0867 6116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:13:44.0868 6116 HidUsb - ok
16:13:44.0915 6116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:13:44.0917 6116 HpSAMD - ok
16:13:44.0967 6116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:13:44.0975 6116 HTTP - ok
16:13:45.0015 6116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:13:45.0016 6116 hwpolicy - ok
16:13:45.0056 6116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:13:45.0058 6116 i8042prt - ok
16:13:45.0099 6116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:13:45.0103 6116 iaStorV - ok
16:13:45.0234 6116 IDSVia64 (9a793a1451b5e2cf54b4a33342cb58cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys
16:13:45.0243 6116 IDSVia64 - ok
16:13:45.0277 6116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:13:45.0278 6116 iirsp - ok
16:13:45.0342 6116 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
16:13:45.0377 6116 IntcAzAudAddService - ok
16:13:45.0421 6116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:13:45.0422 6116 intelide - ok
16:13:45.0444 6116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:13:45.0445 6116 intelppm - ok
16:13:45.0487 6116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:45.0489 6116 IpFilterDriver - ok
16:13:45.0550 6116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:13:45.0551 6116 IPMIDRV - ok
16:13:45.0581 6116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:13:45.0585 6116 IPNAT - ok
16:13:45.0623 6116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:13:45.0624 6116 IRENUM - ok
16:13:45.0663 6116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:13:45.0664 6116 isapnp - ok
16:13:45.0702 6116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:13:45.0705 6116 iScsiPrt - ok
16:13:45.0726 6116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:13:45.0727 6116 kbdclass - ok
16:13:45.0764 6116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:13:45.0765 6116 kbdhid - ok
16:13:45.0801 6116 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:13:45.0802 6116 KSecDD - ok
16:13:45.0820 6116 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:13:45.0822 6116 KSecPkg - ok
16:13:45.0839 6116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:13:45.0840 6116 ksthunk - ok
16:13:45.0876 6116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:13:45.0877 6116 lltdio - ok
16:13:45.0916 6116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:13:45.0918 6116 LSI_FC - ok
16:13:45.0945 6116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:13:45.0946 6116 LSI_SAS - ok
16:13:45.0961 6116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:13:45.0962 6116 LSI_SAS2 - ok
16:13:45.0980 6116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:13:45.0982 6116 LSI_SCSI - ok
16:13:46.0011 6116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:13:46.0012 6116 luafv - ok
16:13:46.0040 6116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:13:46.0041 6116 megasas - ok
16:13:46.0067 6116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:13:46.0069 6116 MegaSR - ok
16:13:46.0093 6116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:13:46.0094 6116 Modem - ok
16:13:46.0115 6116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:13:46.0116 6116 monitor - ok
16:13:46.0154 6116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:13:46.0155 6116 mouclass - ok
16:13:46.0175 6116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:13:46.0176 6116 mouhid - ok
16:13:46.0211 6116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:13:46.0212 6116 mountmgr - ok
16:13:46.0245 6116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:13:46.0246 6116 mpio - ok
16:13:46.0268 6116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:13:46.0270 6116 mpsdrv - ok
16:13:46.0309 6116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:13:46.0311 6116 MRxDAV - ok
16:13:46.0353 6116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:46.0354 6116 mrxsmb - ok
16:13:46.0381 6116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:46.0385 6116 mrxsmb10 - ok
16:13:46.0398 6116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:46.0400 6116 mrxsmb20 - ok
16:13:46.0435 6116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:13:46.0436 6116 msahci - ok
16:13:46.0488 6116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:13:46.0489 6116 msdsm - ok
16:13:46.0524 6116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:13:46.0525 6116 Msfs - ok
16:13:46.0540 6116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:13:46.0542 6116 mshidkmdf - ok
16:13:46.0577 6116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:13:46.0578 6116 msisadrv - ok
16:13:46.0607 6116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:13:46.0609 6116 MSKSSRV - ok
16:13:46.0629 6116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:46.0631 6116 MSPCLOCK - ok
16:13:46.0648 6116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:13:46.0650 6116 MSPQM - ok
16:13:46.0692 6116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:13:46.0696 6116 MsRPC - ok
16:13:46.0717 6116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:13:46.0718 6116 mssmbios - ok
16:13:46.0738 6116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:13:46.0739 6116 MSTEE - ok
16:13:46.0764 6116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:13:46.0765 6116 MTConfig - ok
16:13:46.0787 6116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:13:46.0788 6116 Mup - ok
16:13:46.0817 6116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:13:46.0822 6116 NativeWifiP - ok
16:13:46.0922 6116 NAVENG (deb92e93a522f85c71bc647ddee8a81d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.006\ENG64.SYS
16:13:46.0924 6116 NAVENG - ok
16:13:46.0972 6116 NAVEX15 (b6bef62e7c7cc46c5ff3bb4fb31ed156) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100226.006\EX64.SYS
16:13:46.0989 6116 NAVEX15 - ok
16:13:47.0046 6116 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:13:47.0052 6116 NDIS - ok
16:13:47.0068 6116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:47.0069 6116 NdisCap - ok
16:13:47.0089 6116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:47.0090 6116 NdisTapi - ok
16:13:47.0130 6116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:47.0132 6116 Ndisuio - ok
16:13:47.0165 6116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:47.0168 6116 NdisWan - ok
16:13:47.0204 6116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:13:47.0205 6116 NDProxy - ok
16:13:47.0230 6116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:13:47.0231 6116 NetBIOS - ok
16:13:47.0266 6116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:13:47.0269 6116 NetBT - ok
16:13:47.0319 6116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:13:47.0320 6116 nfrd960 - ok
16:13:47.0347 6116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:13:47.0348 6116 Npfs - ok
16:13:47.0365 6116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:13:47.0366 6116 nsiproxy - ok
16:13:47.0440 6116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:13:47.0501 6116 Ntfs - ok
16:13:47.0524 6116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:13:47.0525 6116 Null - ok
16:13:47.0726 6116 nvlddmkm (181b6e6f49f9f3ad05589b48e29ba167) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:13:47.0915 6116 nvlddmkm - ok
16:13:48.0037 6116 NVNET (9c3024e48db4c98e50af7d8b72d0ef89) C:\Windows\system32\DRIVERS\nvmf6264.sys
16:13:48.0087 6116 NVNET - ok
16:13:48.0147 6116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:13:48.0151 6116 nvraid - ok
16:13:48.0197 6116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:13:48.0200 6116 nvstor - ok
16:13:48.0233 6116 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
16:13:48.0236 6116 nvstor64 - ok
16:13:48.0286 6116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:13:48.0288 6116 nv_agp - ok
16:13:48.0332 6116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:13:48.0335 6116 ohci1394 - ok
16:13:48.0382 6116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:13:48.0384 6116 Parport - ok
16:13:48.0402 6116 Partizan - ok
16:13:48.0440 6116 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:13:48.0441 6116 partmgr - ok
16:13:48.0447 6116 PcdrNdisuio - ok
16:13:48.0486 6116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:13:48.0487 6116 pci - ok
16:13:48.0520 6116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:13:48.0521 6116 pciide - ok
16:13:48.0553 6116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:13:48.0555 6116 pcmcia - ok
16:13:48.0585 6116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:13:48.0585 6116 pcw - ok
16:13:48.0609 6116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:13:48.0616 6116 PEAUTH - ok
16:13:48.0678 6116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:13:48.0680 6116 PptpMiniport - ok
16:13:48.0703 6116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:13:48.0704 6116 Processor - ok
16:13:48.0751 6116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:13:48.0753 6116 Psched - ok
16:13:48.0796 6116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:13:48.0806 6116 ql2300 - ok
16:13:48.0820 6116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:13:48.0822 6116 ql40xx - ok
16:13:48.0841 6116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:13:48.0843 6116 QWAVEdrv - ok
16:13:48.0861 6116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:13:48.0862 6116 RasAcd - ok
16:13:48.0891 6116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:13:48.0892 6116 RasAgileVpn - ok
16:13:48.0930 6116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:48.0931 6116 Rasl2tp - ok
16:13:48.0953 6116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:48.0954 6116 RasPppoe - ok
16:13:48.0967 6116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:13:48.0969 6116 RasSstp - ok
16:13:49.0010 6116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:13:49.0014 6116 rdbss - ok
16:13:49.0030 6116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:13:49.0032 6116 rdpbus - ok
16:13:49.0048 6116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:49.0049 6116 RDPCDD - ok
16:13:49.0068 6116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:13:49.0068 6116 RDPENCDD - ok
16:13:49.0080 6116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:13:49.0080 6116 RDPREFMP - ok
16:13:49.0119 6116 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:13:49.0123 6116 RDPWD - ok
16:13:49.0168 6116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:13:49.0173 6116 rdyboost - ok
16:13:49.0245 6116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:13:49.0246 6116 rspndr - ok
16:13:49.0290 6116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:13:49.0291 6116 sbp2port - ok
16:13:49.0325 6116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:13:49.0327 6116 scfilter - ok
16:13:49.0353 6116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:13:49.0354 6116 secdrv - ok
16:13:49.0433 6116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:13:49.0436 6116 Serenum - ok
16:13:49.0623 6116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:13:49.0626 6116 Serial - ok
16:13:49.0657 6116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:13:49.0660 6116 sermouse - ok
16:13:49.0723 6116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:13:49.0724 6116 sffdisk - ok
16:13:49.0738 6116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:13:49.0739 6116 sffp_mmc - ok
16:13:49.0754 6116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:13:49.0755 6116 sffp_sd - ok
16:13:49.0779 6116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:13:49.0780 6116 sfloppy - ok
16:13:49.0844 6116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:13:49.0845 6116 SiSRaid2 - ok
16:13:49.0859 6116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:13:49.0861 6116 SiSRaid4 - ok
16:13:49.0892 6116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:13:49.0895 6116 Smb - ok
16:13:49.0919 6116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:13:49.0920 6116 spldr - ok
16:13:50.0008 6116 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008030.006\SRTSP64.SYS
16:13:50.0016 6116 SRTSP - ok
16:13:50.0029 6116 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008030.006\SRTSPX64.SYS
16:13:50.0030 6116 SRTSPX - ok
16:13:50.0068 6116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:13:50.0074 6116 srv - ok
16:13:50.0092 6116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:13:50.0097 6116 srv2 - ok
16:13:50.0116 6116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:13:50.0119 6116 srvnet - ok
16:13:50.0152 6116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:13:50.0153 6116 stexstor - ok
16:13:50.0201 6116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:13:50.0202 6116 swenum - ok
16:13:50.0241 6116 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS
16:13:50.0245 6116 SymEFA - ok
16:13:50.0287 6116 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:13:50.0289 6116 SymEvent - ok
16:13:50.0311 6116 SYMFW - ok
16:13:50.0347 6116 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
16:13:50.0348 6116 SymIM - ok
16:13:50.0370 6116 SYMNDISV - ok
16:13:50.0390 6116 SYMTDI (33b37cb0a74f1f4b78a665ece9184095) C:\Windows\System32\Drivers\NISx64\1008030.006\SYMTDI.SYS
16:13:50.0392 6116 SYMTDI - ok
16:13:50.0460 6116 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:13:50.0471 6116 Tcpip - ok
16:13:50.0510 6116 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:13:50.0521 6116 TCPIP6 - ok
16:13:50.0562 6116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:13:50.0562 6116 tcpipreg - ok
16:13:50.0589 6116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:13:50.0591 6116 TDPIPE - ok
16:13:50.0608 6116 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:13:50.0610 6116 TDTCP - ok
16:13:50.0642 6116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:13:50.0644 6116 tdx - ok
16:13:50.0664 6116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:13:50.0665 6116 TermDD - ok
16:13:50.0697 6116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:50.0700 6116 tssecsrv - ok
16:13:50.0751 6116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:13:50.0756 6116 TsUsbFlt - ok
16:13:50.0805 6116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:13:50.0809 6116 tunnel - ok
16:13:50.0846 6116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:13:50.0849 6116 uagp35 - ok
16:13:50.0898 6116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:13:50.0907 6116 udfs - ok
16:13:50.0949 6116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:13:50.0951 6116 uliagpkx - ok
16:13:50.0991 6116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:13:50.0992 6116 umbus - ok
16:13:51.0014 6116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:13:51.0016 6116 UmPass - ok
16:13:51.0095 6116 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:13:51.0096 6116 USBAAPL64 - ok
16:13:51.0140 6116 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:13:51.0142 6116 usbaudio - ok
16:13:51.0175 6116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:51.0177 6116 usbccgp - ok
16:13:51.0223 6116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:13:51.0225 6116 usbcir - ok
16:13:51.0244 6116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:13:51.0245 6116 usbehci - ok
16:13:51.0270 6116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:13:51.0274 6116 usbhub - ok
16:13:51.0283 6116 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:13:51.0284 6116 usbohci - ok
16:13:51.0316 6116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:13:51.0317 6116 usbprint - ok
16:13:51.0363 6116 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:13:51.0364 6116 usbscan - ok
16:13:51.0377 6116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
16:13:51.0378 6116 USBSTOR - ok
16:13:51.0413 6116 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:13:51.0415 6116 usbuhci - ok
16:13:51.0463 6116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:13:51.0464 6116 vdrvroot - ok
16:13:51.0502 6116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:51.0504 6116 vga - ok
16:13:51.0522 6116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:13:51.0523 6116 VgaSave - ok
16:13:51.0558 6116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:13:51.0560 6116 vhdmp - ok
16:13:51.0598 6116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:13:51.0599 6116 viaide - ok
16:13:51.0638 6116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:13:51.0639 6116 volmgr - ok
16:13:51.0680 6116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:13:51.0683 6116 volmgrx - ok
16:13:51.0704 6116 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:13:51.0706 6116 volsnap - ok
16:13:51.0735 6116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:13:51.0737 6116 vsmraid - ok
16:13:51.0788 6116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:13:51.0789 6116 vwifibus - ok
16:13:51.0882 6116 VX3000 (e13b31e0ada64cf1513d993f436ca39d) C:\Windows\system32\DRIVERS\VX3000.sys
16:13:51.0950 6116 VX3000 - ok
16:13:51.0992 6116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:13:51.0993 6116 WacomPen - ok
16:13:52.0039 6116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:52.0042 6116 WANARP - ok
16:13:52.0053 6116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:13:52.0056 6116 Wanarpv6 - ok
16:13:52.0113 6116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:13:52.0114 6116 Wd - ok
16:13:52.0150 6116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:13:52.0155 6116 Wdf01000 - ok
16:13:52.0185 6116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:13:52.0186 6116 WfpLwf - ok
16:13:52.0203 6116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:13:52.0204 6116 WIMMount - ok
16:13:52.0270 6116 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:13:52.0271 6116 WinUsb - ok
16:13:52.0314 6116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:13:52.0315 6116 WmiAcpi - ok
16:13:52.0347 6116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:13:52.0347 6116 ws2ifsl - ok
16:13:52.0399 6116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:13:52.0400 6116 WudfPf - ok
16:13:52.0424 6116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:52.0426 6116 WUDFRd - ok
16:13:52.0447 6116 MBR (0x1B8) (a5b154d4f8d7652cdc798e81446ea5d5) \Device\Harddisk0\DR0
16:13:52.0648 6116 \Device\Harddisk0\DR0 - ok
16:13:52.0664 6116 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:13:52.0673 6116 \Device\Harddisk1\DR1 - ok
16:13:52.0681 6116 Boot (0x1200) (cab20d97a2d166f09a4f1784751f7808) \Device\Harddisk0\DR0\Partition0
16:13:52.0683 6116 \Device\Harddisk0\DR0\Partition0 - ok
16:13:52.0698 6116 Boot (0x1200) (fe20c010582a1c4ecae7cd0835bf6fb0) \Device\Harddisk0\DR0\Partition1
16:13:52.0699 6116 \Device\Harddisk0\DR0\Partition1 - ok
16:13:52.0728 6116 Boot (0x1200) (1ee363b586308bcd5baebea8a3188fd3) \Device\Harddisk0\DR0\Partition2
16:13:52.0729 6116 \Device\Harddisk0\DR0\Partition2 - ok
16:13:52.0737 6116 Boot (0x1200) (215cf3275022e70f12e6522873af3c9a) \Device\Harddisk1\DR1\Partition0
16:13:52.0739 6116 \Device\Harddisk1\DR1\Partition0 - ok
16:13:52.0740 6116 ============================================================
16:13:52.0740 6116 Scan finished
16:13:52.0740 6116 ============================================================
16:13:52.0755 6096 Detected object count: 0
16:13:52.0756 6096 Actual detected object count: 0

#6 DianeHarvard

DianeHarvard
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 13 March 2012 - 04:24 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 16:15:20
-----------------------------
16:15:20.701 OS Version: Windows x64 6.1.7601 Service Pack 1
16:15:20.701 Number of processors: 2 586 0x602
16:15:20.703 ComputerName: DIANE-PC UserName: Diane
16:15:22.094 Initialize success
16:16:45.558 AVAST engine defs: 12031300
16:16:50.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
16:16:50.297 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
16:16:50.312 Disk 0 MBR read successfully
16:16:50.318 Disk 0 MBR scan
16:16:50.329 Disk 0 unknown MBR code
16:16:50.336 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:16:50.354 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464611 MB offset 206848
16:16:50.392 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12227 MB offset 951730176
16:16:50.441 Disk 0 scanning C:\Windows\system32\drivers
16:17:00.691 Service scanning
16:17:20.587 Modules scanning
16:17:20.607 Disk 0 trace - called modules:
16:17:20.636 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
16:17:20.644 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047da060]
16:17:20.651 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8003c92b50]
16:17:20.658 5 ACPI.sys[fffff88000e4d7a1] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8004674060]
16:17:22.236 AVAST engine scan C:\Windows
16:17:26.289 AVAST engine scan C:\Windows\system32
16:20:24.776 AVAST engine scan C:\Windows\system32\drivers
16:20:40.086 AVAST engine scan C:\Users\Diane
16:22:40.592 Disk 0 MBR has been saved successfully to "C:\Users\Diane\Desktop\MBR.dat"
16:22:40.594 The log file has been saved successfully to "C:\Users\Diane\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 16:15:20
-----------------------------
16:15:20.701 OS Version: Windows x64 6.1.7601 Service Pack 1
16:15:20.701 Number of processors: 2 586 0x602
16:15:20.703 ComputerName: DIANE-PC UserName: Diane
16:15:22.094 Initialize success
16:16:45.558 AVAST engine defs: 12031300
16:16:50.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
16:16:50.297 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
16:16:50.312 Disk 0 MBR read successfully
16:16:50.318 Disk 0 MBR scan
16:16:50.329 Disk 0 unknown MBR code
16:16:50.336 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:16:50.354 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464611 MB offset 206848
16:16:50.392 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12227 MB offset 951730176
16:16:50.441 Disk 0 scanning C:\Windows\system32\drivers
16:17:00.691 Service scanning
16:17:20.587 Modules scanning
16:17:20.607 Disk 0 trace - called modules:
16:17:20.636 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
16:17:20.644 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047da060]
16:17:20.651 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8003c92b50]
16:17:20.658 5 ACPI.sys[fffff88000e4d7a1] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8004674060]
16:17:22.236 AVAST engine scan C:\Windows
16:17:26.289 AVAST engine scan C:\Windows\system32
16:20:24.776 AVAST engine scan C:\Windows\system32\drivers
16:20:40.086 AVAST engine scan C:\Users\Diane
16:22:40.592 Disk 0 MBR has been saved successfully to "C:\Users\Diane\Desktop\MBR.dat"
16:22:40.594 The log file has been saved successfully to "C:\Users\Diane\Desktop\aswMBR.txt"
16:24:41.961 File: C:\Users\Diane\AppData\Roaming\Bandoo\Bandoo\btphzfbs.dll **INFECTED** Win32:Malware-gen
16:27:14.393 AVAST engine scan C:\ProgramData
16:30:46.499 Scan finished successfully
16:41:40.471 Disk 0 MBR has been saved successfully to "C:\Users\Diane\Desktop\MBR.dat"
16:41:40.502 The log file has been saved successfully to "C:\Users\Diane\Desktop\aswMBR.txt"

Edited by DianeHarvard, 13 March 2012 - 04:43 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 PM

Posted 13 March 2012 - 04:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\program files (x86)\BabylonToolbar
c:\program files (x86)\I Want This
c:\users\Diane\AppData\Local\Babylon
c:\users\Diane\AppData\Roaming\Babylon
c:\programdata\Babylon
c:\users\Diane\Adlsoft Uncompressor
c:\program files (x86)\uTorrentBar
c:\users\Public\Conduit
c:\progra~2\Bandoo

Firefox::
FF - ProfilePath - c:\users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\f55zwb6t.default\
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=
FF - user.js: extentions.y2layers.installId - 4a1b86d0-dd32-4c3f-aad6-f14443907de1
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3015c96700000000000090e6ba58d0f2
FF - user.js: extensions.BabylonToolbar_i.hardId - 3015c96700000000000090e6ba58d0f2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15385
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:18
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 DianeHarvard

DianeHarvard
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 13 March 2012 - 05:46 PM

I am still being redirected. The status of my computer has not changed at all.





ComboFix 12-03-13.01 - Diane 03/13/2012 16:57:31.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2144 [GMT -5:00]
Running from: c:\users\Diane\Downloads\ComboFix.exe
Command switches used :: c:\users\Diane\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\Bandoo
c:\progra~2\Bandoo\Bandoo.exe
c:\progra~2\Bandoo\BandooGo.exe
c:\progra~2\Bandoo\BandooUI.exe
c:\progra~2\Bandoo\BndCore.exe
c:\progra~2\Bandoo\BndHook.dll
c:\progra~2\Bandoo\CrashRpt.dll
c:\progra~2\Bandoo\ExtensionsManager.exe
c:\progra~2\Bandoo\FFSettings.exe
c:\progra~2\Bandoo\FlashAnimator.dll
c:\progra~2\Bandoo\GIFAnimator.dll
c:\progra~2\Bandoo\INSTALL.LOG
c:\progra~2\Bandoo\InstallerHelper.dll
c:\progra~2\Bandoo\libungif4.dll
c:\progra~2\Bandoo\license.rtf
c:\progra~2\Bandoo\Plugins.ini
c:\progra~2\Bandoo\Plugins\IE\ieplugin.dll
c:\progra~2\Bandoo\Plugins\IE\Resources\bandoo.js
c:\progra~2\Bandoo\Plugins\IE\Resources\HTML\blank.html
c:\progra~2\Bandoo\Plugins\IE\Resources\HTML\error.html
c:\progra~2\Bandoo\Plugins\MSN\msnplugin.dll
c:\progra~2\Bandoo\Plugins\MSN\Resources\HTML\blank.html
c:\progra~2\Bandoo\Plugins\MSN\Resources\HTML\error.html
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\BandooToolbar.xml
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1001.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1002.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1003.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1004.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1005.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1006.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1011.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1012.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1013.dat
c:\progra~2\Bandoo\Plugins\MSN\Resources\Toolbar\Images\1014.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\HTML\blank.html
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\HTML\error.html
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\BandooToolbar.xml
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\BandooToolbarV9.xml
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1001.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1002.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1003.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1004.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1005.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1006.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1051.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1052.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1053.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1054.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1055.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1056.dat
c:\progra~2\Bandoo\Plugins\Yahoo\Resources\Toolbar\Images\1057.dat
c:\progra~2\Bandoo\Plugins\Yahoo\YahooPlugin.dll
c:\progra~2\Bandoo\PreUninstall.exe
c:\progra~2\Bandoo\Resources.dll
c:\progra~2\Bandoo\Resources\BandooMessages.xml
c:\progra~2\Bandoo\Resources\downloading.gif
c:\progra~2\Bandoo\Resources\nudge0.wav
c:\progra~2\Bandoo\Resources\nudge1.wav
c:\progra~2\Bandoo\Resources\nudge2.wav
c:\progra~2\Bandoo\Resources\nudge3.wav
c:\progra~2\Bandoo\Resources\nudge4.wav
c:\progra~2\Bandoo\Resources\nudge5.wav
c:\progra~2\Bandoo\UNWISE.EXE
c:\program files (x86)\BabylonToolbar
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
c:\program files (x86)\I Want This
c:\program files (x86)\I Want This\appAPIinternalWrapper.js
c:\program files (x86)\I Want This\fb.js
c:\program files (x86)\I Want This\I Want This.dll
c:\program files (x86)\I Want This\I Want This.exe
c:\program files (x86)\I Want This\I Want This.ico
c:\program files (x86)\I Want This\I Want This.ini
c:\program files (x86)\I Want This\I Want ThisGui.exe
c:\program files (x86)\I Want This\I Want ThisInstaller.log
c:\program files (x86)\I Want This\jquery.js
c:\program files (x86)\I Want This\json.js
c:\program files (x86)\I Want This\Uninstall.exe
c:\program files (x86)\uTorrentBar
c:\program files (x86)\uTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\ldrtbuTor.dll
c:\program files (x86)\uTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\prxtbuTor.dll
c:\program files (x86)\uTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\uTorrentBar\tbuTor.dll
c:\program files (x86)\uTorrentBar\toolbar.cfg
c:\program files (x86)\uTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\uTorrentBar\uninstall.exe
c:\program files (x86)\uTorrentBar\uTorrentBarToolbarHelper.exe
c:\programdata\Babylon
c:\users\Diane\Adlsoft Uncompressor
c:\users\Diane\Adlsoft Uncompressor\UnCompressor.exe
c:\users\Diane\Adlsoft Uncompressor\Uninstall\uninst.dat
c:\users\Diane\Adlsoft Uncompressor\Uninstall\Uninstall.exe
c:\users\Diane\AppData\Local\Babylon
c:\users\Diane\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Diane\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Diane\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Diane\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\page1.css
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\page1.html
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\page1.js
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\title1.png
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Diane\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png
c:\users\Diane\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\Diane\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.35.zpb
c:\users\Diane\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Diane\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Diane\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Diane\AppData\Roaming\Babylon
c:\users\Diane\AppData\Roaming\Babylon\log_file.txt
c:\users\Public\Conduit
c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe
c:\users\Public\Conduit\ConduitHelper\ELib.dll
c:\users\Public\Conduit\ConduitHelper\ELib_Lib0.dll
c:\users\Public\Conduit\ConduitHelper\Lang\en.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Bandoo Coordinator
-------\Service_Bandoo Coordinator
.
.
((((((((((((((((((((((((( Files Created from 2012-02-13 to 2012-03-13 )))))))))))))))))))))))))))))))
.
.
2012-03-13 22:13 . 2012-03-13 22:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-13 22:13 . 2012-03-13 22:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-13 22:13 . 2012-03-13 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 22:13 . 2012-03-13 22:13 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-03-13 18:30 . 2012-03-13 18:30 -------- d-----w- c:\users\Diane\AppData\Local\CrashDumps
2012-03-13 17:37 . 2012-03-13 17:37 -------- d-----w- c:\users\Diane\AppData\Roaming\Uniblue
2012-03-13 17:37 . 2012-03-13 17:37 -------- d-----w- c:\program files (x86)\Uniblue
2012-03-12 18:47 . 2012-03-12 18:47 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-03-12 18:47 . 2012-03-12 18:47 -------- d-----w- c:\users\Diane\AppData\Roaming\com.w3i.fliptoast
2012-03-12 18:47 . 2012-03-12 18:47 -------- d-----w- c:\program files (x86)\Fliptoast
2012-03-12 18:46 . 2012-03-12 18:46 -------- d-----w- c:\users\Diane\AppData\Roaming\W3i, LLC
2012-03-12 18:44 . 2012-03-12 18:44 -------- d-----w- c:\users\Diane\AppData\Local\Zoom_Downloader
2012-03-12 18:44 . 2012-03-12 18:44 -------- d-----w- c:\program files (x86)\Zoom Downloader
2012-03-12 18:44 . 2012-03-13 17:46 -------- d-----w- c:\program files (x86)\Amazon Browser Bar
2012-03-12 18:06 . 2012-03-12 18:06 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-03-12 18:00 . 2012-03-12 18:00 39184 ----a-w- c:\windows\SysWow64\Partizan.exe
2012-03-12 18:00 . 2012-03-12 18:00 35816 ----a-w- c:\windows\SysWow64\drivers\Partizan.sys
2012-03-12 18:00 . 2012-03-12 18:00 2 --shatr- c:\windows\winstart.bat
2012-03-12 17:59 . 2012-01-23 22:01 12800 ----a-w- c:\windows\SysWow64\drivers\UnHackMeDrv.sys
2012-03-12 17:59 . 2012-03-12 18:11 -------- d-----w- c:\program files (x86)\UnHackMe
2012-03-12 17:48 . 2012-03-12 17:52 -------- d-----w- c:\users\Diane\AppData\Local\NPE
2012-02-16 17:27 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 17:27 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-16 17:27 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 17:27 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-16 17:27 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 17:27 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-16 17:27 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 17:27 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-15 22:18 . 2012-02-15 22:18 240 ----a-w- C:\user.js
2012-02-15 22:18 . 2012-02-15 22:18 -------- d-----w- c:\users\Diane\AppData\Local\I Want This
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-03 20:37 . 2011-06-16 17:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-12 01:46 . 2009-07-24 03:46 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-02-12 01:46 . 2009-07-24 03:46 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-01-25 03:42 . 2012-01-25 03:42 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-12-25 22:26 . 2011-06-25 02:40 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-11_19.10.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-13 22:16 . 2012-03-13 22:16 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-13 22:16 . 2012-03-13 22:16 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2012-03-13 22:16 . 2012-03-13 22:16 16384 c:\windows\Temp\Cookies\index.dat
+ 2009-08-28 18:43 . 2012-03-13 18:28 55562 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-13 22:17 48088 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-03 04:24 . 2012-03-13 22:17 18584 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1166625813-2935594066-3979737465-1000_UserData.bin
+ 2012-03-12 18:46 . 2012-03-12 18:46 32256 c:\windows\Installer\24c028.msi
+ 2012-03-12 18:47 . 2012-03-12 18:47 82726 c:\windows\Installer\{B25D67C4-E885-43F8-8085-B532F6261529}\fliptoast.exe
+ 2009-12-05 02:47 . 2012-03-12 18:06 3058 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-11 19:09 . 2012-03-11 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-13 22:16 . 2012-03-13 22:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-13 22:16 . 2012-03-13 22:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-11 19:09 . 2012-03-11 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-03 18:03 . 2012-03-13 17:33 342710 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-03-13 18:31 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-03 20:42 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-13 18:31 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-03 20:42 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-03-13 22:15 337180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-11 19:09 337180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-12 18:46 . 2012-03-12 18:46 960000 c:\windows\Installer\24c03b.msi
+ 2012-03-12 18:44 . 2012-03-12 18:44 126976 c:\windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll
- 2009-12-03 04:57 . 2012-03-11 04:49 2473784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-12-03 04:57 . 2012-03-13 22:15 2473784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-12-03 04:57 . 2012-03-11 19:09 6444844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1166625813-2935594066-3979737465-1000-8192.dat
+ 2009-12-03 04:57 . 2012-03-13 22:15 6444844 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1166625813-2935594066-3979737465-1000-8192.dat
- 2011-08-05 06:51 . 2012-02-17 09:26 1625860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1166625813-2935594066-3979737465-1000-12288.dat
+ 2011-08-05 06:51 . 2012-03-13 17:56 1625860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1166625813-2935594066-3979737465-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{008f6853-9cb4-41c5-a950-39d55e5e06ba}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 22:07 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C66DD8-308B-4a4f-AF0A-3D04F25B5343}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"= "c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{ea582743-9076-4178-9aa6-7393fdf4d5ce}]
[HKEY_CLASSES_ROOT\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-30 1689144]
"uTorrent"="c:\users\Diane\Downloads\utorrent(1).exe" [2011-09-17 640888]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"DownloadManager"="c:\program files (x86)\Zoom Downloader\DownloadManager.exe" [2012-03-12 848384]
"DriverScanner"="c:\program files (x86)\Uniblue\DriverScanner\launcher.exe" [2012-03-02 338808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118624]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-11 928096]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-02-12 296056]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Fliptoast.lnk - c:\program files (x86)\Fliptoast\fliptoast.exe [2012-1-26 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0Partizan\0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 idsvc32;Windows CardSpace ;c:\windows\system32\nlslexicons000232.exe [x]
R2 Updater Service for AMZN;Updater Service for AMZN;c:\program files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-01-27 203776]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008030.006\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008030.006\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys [2009-10-28 466992]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-09-22 117648]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2012-03-13 19:41]
.
2012-03-13 c:\windows\Tasks\FinalTorrent Update Checker.job
- c:\program files (x86)\FinalTorrent\FTCheckForUpdates.exe [2011-09-17 20:24]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 16:37]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 16:37]
.
2012-03-10 c:\windows\Tasks\HPCeeScheduleForDiane.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762224]
"combofix"="c:\combofix\CF18593.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-amzn_serp_home?ie=UTF8&tagbase=bds-amzn&tbrId=v1_abb-channel-16_5e6e53a2b9a3426986728082be8223f7_16_16_20120312_US_ie_sp_
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 208.180.42.100 208.180.42.68
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\f55zwb6t.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files (x86)\uTorrentBar\prxtbuTor.dll
Wow6432Node-HKLM-Run-ConduitHelper - c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
AddRemove-Bandoo - c:\program files (x86)\Bandoo\PreUninstall.exe
AddRemove-I Want This - c:\program files (x86)\I Want This\Uninstall.exe
AddRemove-uTorrentBar Toolbar - c:\program files (x86)\uTorrentBar\uninstall.exe
AddRemove-Adlsoft Uncompressor - c:\users\Diane\Adlsoft Uncompressor\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\UnHackMe\hackmon.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-03-13 17:41:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-13 22:40
ComboFix2.txt 2012-03-13 18:24
ComboFix3.txt 2012-03-11 19:14
ComboFix4.txt 2011-07-20 16:51
ComboFix5.txt 2012-03-13 21:55
.
Pre-Run: 355,778,043,904 bytes free
Post-Run: 355,662,581,760 bytes free
.
- - End Of File - - 515C9C7F44DD4B0947796F3225035ABC

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 PM

Posted 13 March 2012 - 08:39 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 DianeHarvard

DianeHarvard
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 15 March 2012 - 01:18 PM

I downloaded OTL but whenever I try to run it, it stops responding and freezes my computer.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 PM

Posted 15 March 2012 - 05:20 PM

try to run it in safe mode

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 DianeHarvard

DianeHarvard
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 18 March 2012 - 11:48 AM

when I try to run it in safe mode, I cannot find the file.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 PM

Posted 18 March 2012 - 01:02 PM

have you saved it to your desktop


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 DianeHarvard

DianeHarvard
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:33 PM

Posted 18 March 2012 - 05:26 PM

OTL continues to freeze even in safe mode. It freezes when it starts to scan firefox settings. Although, I have noticed recently that google has been redirecting a lot less but it still will redirect occasionally to hapilli or gimmeanswers or other websites like those.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 PM

Posted 19 March 2012 - 07:34 AM

Hello


does the redirects happen in all browsers or just firefox?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users