Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scour Redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 quikag182

quikag182

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 19 March 2012 - 05:19 PM

I have one of the scour redirects that everyone seems to have here, but I just can't get rid of it because nothing can find it anymore. It redirects me from Google to a bunch of random sites. 63.something; http://dailyprize-winners.com; Avast and Malwarebytes each found it at one point but neither could eradicate it. This is a week-old computer running 64-bit windows 7 that must have gotten infected before I installed avast. Thanks in advance, this has really been a headache!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Geoff at 18:06:38 on 2012-03-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.1879 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: samsungsetup.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{9C2CE657-8858-44EF-918E-942EA560939E} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\lrcxhmit.default\
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-24 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-13 42184]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-24 689472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-24 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-19 21:53:41 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C0453B9-B9DE-45B9-89D5-38A76914F544}\offreg.dll
2012-03-19 20:54:12 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-19 20:54:00 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BF80612-ECC3-44DE-BE91-9E037D2D547E}\mpengine.dll
2012-03-19 20:42:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-19 01:41:02 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-19 01:31:13 -------- d-----w- C:\found.000
2012-03-18 22:38:42 98816 ----a-w- C:\Windows\sed.exe
2012-03-18 22:38:42 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-18 22:38:42 256000 ----a-w- C:\Windows\PEV.exe
2012-03-18 22:38:42 208896 ----a-w- C:\Windows\MBR.exe
2012-03-18 17:46:40 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15A19823-1730-4A97-82A2-6DC26D23999F}\gapaengine.dll
2012-03-18 17:36:54 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-18 17:36:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-18 17:23:38 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-18 17:16:43 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-03-16 09:04:13 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C0453B9-B9DE-45B9-89D5-38A76914F544}\mpengine.dll
2012-03-15 10:54:54 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 10:54:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 10:54:53 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 23:12:33 -------- d-----w- C:\ProgramData\Samsung
2012-03-14 23:12:30 36864 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\ssp8mpc.dll
2012-03-14 17:11:24 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 17:11:23 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 17:11:23 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 11:02:28 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-14 11:02:28 -------- d-----w- C:\Windows\System32\Wat
2012-03-14 10:37:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-03-14 10:23:18 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-14 10:23:18 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 10:12:25 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 10:12:25 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 10:12:25 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 10:12:25 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 10:12:25 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 10:12:25 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 10:12:25 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 02:18:53 -------- d-----w- C:\Users\Geoff\AppData\Local\Adobe
2012-03-14 00:54:43 -------- d-----w- C:\Users\Geoff\Cross-Country Trip
2012-03-14 00:46:44 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-14 00:46:44 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-14 00:44:48 40112 ----a-w- C:\Windows\avastSS.scr
2012-03-14 00:44:41 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-14 00:44:41 -------- d-----w- C:\Program Files\AVAST Software
2012-03-14 00:42:00 -------- d-----w- C:\Users\Geoff\AppData\Roaming\Malwarebytes
2012-03-14 00:41:17 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-14 00:41:17 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-14 00:41:14 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-14 00:41:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-14 00:39:55 -------- d-----w- C:\ProgramData\Last.fm
2012-03-14 00:39:19 -------- d-----w- C:\Users\Geoff\AppData\Local\Last.fm
2012-03-14 00:39:15 -------- d-----w- C:\Program Files (x86)\Last.fm
2012-03-14 00:37:21 -------- d-----w- C:\Program Files (x86)\TagRename
2012-03-14 00:33:57 -------- d-----w- C:\Users\Geoff\AppData\Roaming\AccurateRip
2012-03-14 00:33:46 415408 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-03-14 00:33:41 -------- d-----w- C:\Program Files (x86)\Illustrate
2012-03-14 00:24:28 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-03-14 00:24:05 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2012-03-14 00:20:16 -------- d-----w- C:\Users\Geoff\AppData\Local\Apple Computer
2012-03-14 00:19:13 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-03-14 00:19:13 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-03-14 00:19:13 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-03-14 00:17:16 -------- d-----w- C:\Program Files\iPod
2012-03-14 00:17:09 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-14 00:17:09 -------- d-----w- C:\Program Files\iTunes
2012-03-14 00:17:09 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-13 23:52:32 -------- d-----w- C:\Users\Geoff\AppData\Local\Apple
2012-03-13 23:51:31 -------- d-----w- C:\Program Files\Bonjour
2012-03-13 23:51:31 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-03-13 21:03:57 -------- d-----w- C:\Program Files\Dell Support Center
2012-03-13 21:00:35 -------- d-----w- C:\Users\Geoff\AppData\Roaming\PCDr
2012-03-13 21:00:07 -------- d-----w- C:\ProgramData\PCDr
2012-03-13 08:01:24 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-03-13 07:05:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-03-13 02:46:44 -------- d-----w- C:\Users\Geoff\AppData\Roaming\Reallusion
2012-03-13 02:40:35 -------- d-----r- C:\Program Files (x86)\Skype
2012-03-13 00:26:56 -------- d-----w- C:\Users\Geoff\AppData\Local\Intel Wireless Display
2012-03-12 23:07:00 -------- d-----w- C:\Users\Geoff\AppData\Roaming\NeoDownloader
2012-03-12 23:07:00 -------- d-----w- C:\Program Files (x86)\NeoDownloader
2012-03-12 22:55:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-12 22:40:31 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-03-12 22:40:28 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-03-12 22:04:34 -------- d-----w- C:\Users\Geoff\AppData\Local\Mozilla
2012-03-12 18:58:58 -------- d-----w- C:\Users\Geoff\AppData\Local\Dell
2012-03-12 18:58:14 -------- d-----w- C:\Users\Geoff\AppData\Roaming\Dell Touch Zone
2012-03-12 18:58:06 -------- d-----w- C:\Users\Geoff\AppData\Local\Apps
2012-03-12 18:58:03 -------- d-----w- C:\Users\Geoff\AppData\Roaming\Dell
2012-03-12 18:58:03 -------- d-----w- C:\Users\Geoff\AppData\Local\Deployment
2012-03-12 18:57:30 -------- d-----w- C:\Users\Geoff\AppData\Local\VirtualStore
2012-03-12 18:57:07 -------- d-----w- C:\Users\Geoff\AppData\Local\SoftThinks
2012-02-23 17:40:43 -------- d-----w- C:\Windows\SMINST
.
==================== Find3M ====================
.
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 18:07:03.13 ===============

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 19 March 2012 - 05:53 PM

Hello quikag182,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • We need a little more information before we begin cleaning your machine.



1.
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Microsoft Security Essentials.


2.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


3.
Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 quikag182

quikag182
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 19 March 2012 - 06:50 PM

1. Done
2.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 19:18:13
-----------------------------
19:18:13.735 OS Version: Windows x64 6.1.7601 Service Pack 1
19:18:13.735 Number of processors: 4 586 0x2A07
19:18:13.736 ComputerName: GEOFF-PC UserName: Geoff
19:18:15.701 Initialize success
19:18:15.780 AVAST engine defs: 12031901
19:18:20.995 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:18:20.997 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:18:21.015 Disk 0 MBR read successfully
19:18:21.017 Disk 0 MBR scan
19:18:21.020 Disk 0 Windows 7 default MBR code
19:18:21.023 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
19:18:21.042 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208896
19:18:21.064 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928896
19:18:21.103 Disk 0 scanning C:\Windows\system32\drivers
19:18:32.026 Service scanning
19:18:48.481 Modules scanning
19:18:48.489 Disk 0 trace - called modules:
19:18:48.512 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
19:18:48.842 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d4f060]
19:18:48.847 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004adf050]
19:18:50.170 AVAST engine scan C:\Windows
19:19:07.307 AVAST engine scan C:\Windows\system32
19:23:20.802 AVAST engine scan C:\Windows\system32\drivers
19:23:30.669 AVAST engine scan C:\Users\Geoff
19:30:30.405 AVAST engine scan C:\ProgramData
19:31:36.456 Scan finished successfully
19:41:50.207 Disk 0 MBR has been saved successfully to "C:\Users\Geoff\Desktop\MBR.dat"
19:41:50.226 The log file has been saved successfully to "C:\Users\Geoff\Desktop\aswMBR.txt"



ListParts by Farbar Version: 12-03-2012 03
Ran by Geoff (administrator) on 19-03-2012 at 19:48:14
Windows 7 (X64)
Running From: C:\Users\Geoff\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 65%
Total physical RAM: 4010.17 MB
Available physical RAM: 1384.42 MB
Total Pagefile: 8018.54 MB
Available Pagefile: 5317.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:291.63 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 14 GB 102 MB
Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 14 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy Boot

======================================================================================================

****** End Of Log ******

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 19 March 2012 - 07:28 PM

Hello,

Please follow the direction below and post their logs along with how the machine is doing.


1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is the machine doing now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 quikag182

quikag182
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 19 March 2012 - 09:23 PM

It is unfortunately still redirecting. Before coming across this site I had run combofix already on the advice of a friend. Just thought you should know that in case it is an important piece of information. Thank you again for your assistance.


21:28:12.0526 4080 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
21:28:12.0925 4080 ============================================================
21:28:12.0925 4080 Current date / time: 2012/03/19 21:28:12.0925
21:28:12.0925 4080 SystemInfo:
21:28:12.0925 4080
21:28:12.0925 4080 OS Version: 6.1.7601 ServicePack: 1.0
21:28:12.0925 4080 Product type: Workstation
21:28:12.0925 4080 ComputerName: GEOFF-PC
21:28:12.0926 4080 UserName: Geoff
21:28:12.0926 4080 Windows directory: C:\Windows
21:28:12.0926 4080 System windows directory: C:\Windows
21:28:12.0926 4080 Running under WOW64
21:28:12.0926 4080 Processor architecture: Intel x64
21:28:12.0926 4080 Number of processors: 4
21:28:12.0926 4080 Page size: 0x1000
21:28:12.0926 4080 Boot type: Normal boot
21:28:12.0926 4080 ============================================================
21:28:13.0370 4080 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:28:13.0376 4080 \Device\Harddisk0\DR0:
21:28:13.0383 4080 MBR used
21:28:13.0383 4080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1D4C000
21:28:13.0383 4080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7F000, BlocksNum 0x38606830
21:28:13.0414 4080 Initialize success
21:28:13.0414 4080 ============================================================
21:29:15.0260 2264 ============================================================
21:29:15.0260 2264 Scan started
21:29:15.0260 2264 Mode: Manual;
21:29:15.0260 2264 ============================================================
21:29:15.0686 2264 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:29:15.0690 2264 1394ohci - ok
21:29:15.0773 2264 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:29:15.0778 2264 ACPI - ok
21:29:15.0805 2264 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:29:15.0807 2264 AcpiPmi - ok
21:29:15.0868 2264 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:29:15.0879 2264 adp94xx - ok
21:29:15.0932 2264 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:29:15.0941 2264 adpahci - ok
21:29:15.0958 2264 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:29:15.0963 2264 adpu320 - ok
21:29:16.0077 2264 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:29:16.0089 2264 AFD - ok
21:29:16.0145 2264 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:29:16.0148 2264 agp440 - ok
21:29:16.0182 2264 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:29:16.0184 2264 aliide - ok
21:29:16.0195 2264 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:29:16.0196 2264 amdide - ok
21:29:16.0230 2264 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:29:16.0233 2264 AmdK8 - ok
21:29:16.0254 2264 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:29:16.0255 2264 AmdPPM - ok
21:29:16.0303 2264 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:29:16.0305 2264 amdsata - ok
21:29:16.0321 2264 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:29:16.0326 2264 amdsbs - ok
21:29:16.0356 2264 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:29:16.0357 2264 amdxata - ok
21:29:16.0397 2264 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:29:16.0400 2264 AppID - ok
21:29:16.0452 2264 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:29:16.0454 2264 arc - ok
21:29:16.0464 2264 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:29:16.0468 2264 arcsas - ok
21:29:16.0537 2264 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
21:29:16.0539 2264 aswFsBlk - ok
21:29:16.0599 2264 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
21:29:16.0603 2264 aswMonFlt - ok
21:29:16.0670 2264 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
21:29:16.0673 2264 aswRdr - ok
21:29:16.0776 2264 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
21:29:16.0796 2264 aswSnx - ok
21:29:16.0885 2264 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
21:29:16.0894 2264 aswSP - ok
21:29:16.0947 2264 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
21:29:16.0950 2264 aswTdi - ok
21:29:16.0992 2264 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:16.0995 2264 AsyncMac - ok
21:29:17.0017 2264 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:29:17.0020 2264 atapi - ok
21:29:17.0085 2264 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:29:17.0096 2264 b06bdrv - ok
21:29:17.0129 2264 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:17.0136 2264 b57nd60a - ok
21:29:17.0171 2264 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:29:17.0172 2264 Beep - ok
21:29:17.0228 2264 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:17.0231 2264 blbdrive - ok
21:29:17.0296 2264 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:29:17.0298 2264 bowser - ok
21:29:17.0345 2264 bpenum (3dcb409bcbd02ab0675682f8e42a410f) C:\Windows\system32\DRIVERS\bpenum.sys
21:29:17.0348 2264 bpenum - ok
21:29:17.0371 2264 bpmp (6c66eef6669b14df4f426990a1ca5112) C:\Windows\system32\DRIVERS\bpmp.sys
21:29:17.0376 2264 bpmp - ok
21:29:17.0400 2264 bpusb (2ee68405bbade51cbe1c973ff3a1a400) C:\Windows\system32\Drivers\bpusb.sys
21:29:17.0404 2264 bpusb - ok
21:29:17.0441 2264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:29:17.0444 2264 BrFiltLo - ok
21:29:17.0456 2264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:29:17.0458 2264 BrFiltUp - ok
21:29:17.0502 2264 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:29:17.0507 2264 BridgeMP - ok
21:29:17.0535 2264 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:29:17.0543 2264 Brserid - ok
21:29:17.0553 2264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:17.0555 2264 BrSerWdm - ok
21:29:17.0564 2264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:17.0565 2264 BrUsbMdm - ok
21:29:17.0587 2264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:17.0588 2264 BrUsbSer - ok
21:29:17.0645 2264 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:29:17.0648 2264 BthEnum - ok
21:29:17.0680 2264 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:29:17.0684 2264 BTHMODEM - ok
21:29:17.0708 2264 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:29:17.0713 2264 BthPan - ok
21:29:17.0762 2264 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:29:17.0775 2264 BTHPORT - ok
21:29:17.0825 2264 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:29:17.0829 2264 BTHUSB - ok
21:29:17.0874 2264 btmaux (962bd3689e2c85f0ba97f3d7e7ba540b) C:\Windows\system32\DRIVERS\btmaux.sys
21:29:17.0878 2264 btmaux - ok
21:29:17.0919 2264 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys
21:29:17.0928 2264 btmhsf - ok
21:29:17.0965 2264 catchme - ok
21:29:18.0016 2264 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:18.0019 2264 cdfs - ok
21:29:18.0064 2264 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:29:18.0069 2264 cdrom - ok
21:29:18.0109 2264 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:29:18.0113 2264 circlass - ok
21:29:18.0169 2264 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:29:18.0179 2264 CLFS - ok
21:29:18.0225 2264 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:18.0227 2264 CmBatt - ok
21:29:18.0257 2264 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:29:18.0258 2264 cmdide - ok
21:29:18.0308 2264 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:29:18.0320 2264 CNG - ok
21:29:18.0350 2264 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:29:18.0352 2264 Compbatt - ok
21:29:18.0396 2264 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:29:18.0398 2264 CompositeBus - ok
21:29:18.0428 2264 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:29:18.0429 2264 crcdisk - ok
21:29:18.0485 2264 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:29:18.0490 2264 CtClsFlt - ok
21:29:18.0529 2264 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:29:18.0531 2264 DfsC - ok
21:29:18.0552 2264 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:29:18.0555 2264 discache - ok
21:29:18.0567 2264 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:29:18.0569 2264 Disk - ok
21:29:18.0603 2264 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:29:18.0605 2264 drmkaud - ok
21:29:18.0652 2264 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:18.0682 2264 DXGKrnl - ok
21:29:18.0805 2264 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:29:18.0958 2264 ebdrv - ok
21:29:19.0027 2264 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:29:19.0045 2264 elxstor - ok
21:29:19.0061 2264 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:29:19.0064 2264 ErrDev - ok
21:29:19.0125 2264 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:29:19.0131 2264 exfat - ok
21:29:19.0156 2264 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:29:19.0162 2264 fastfat - ok
21:29:19.0187 2264 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:29:19.0189 2264 fdc - ok
21:29:19.0212 2264 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:29:19.0215 2264 FileInfo - ok
21:29:19.0243 2264 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:29:19.0246 2264 Filetrace - ok
21:29:19.0259 2264 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:29:19.0261 2264 flpydisk - ok
21:29:19.0284 2264 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:29:19.0288 2264 FltMgr - ok
21:29:19.0303 2264 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:29:19.0304 2264 FsDepends - ok
21:29:19.0330 2264 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:19.0331 2264 Fs_Rec - ok
21:29:19.0375 2264 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:29:19.0381 2264 fvevol - ok
21:29:19.0405 2264 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:29:19.0409 2264 gagp30kx - ok
21:29:19.0452 2264 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:29:19.0455 2264 GEARAspiWDM - ok
21:29:19.0495 2264 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:29:19.0498 2264 hcw85cir - ok
21:29:19.0536 2264 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:29:19.0540 2264 HDAudBus - ok
21:29:19.0554 2264 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:29:19.0557 2264 HidBatt - ok
21:29:19.0581 2264 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:29:19.0585 2264 HidBth - ok
21:29:19.0638 2264 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:29:19.0642 2264 HidIr - ok
21:29:19.0673 2264 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:29:19.0678 2264 HidUsb - ok
21:29:19.0736 2264 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:29:19.0739 2264 HpSAMD - ok
21:29:19.0765 2264 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:29:19.0775 2264 HTTP - ok
21:29:19.0800 2264 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:29:19.0801 2264 hwpolicy - ok
21:29:19.0814 2264 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:29:19.0817 2264 i8042prt - ok
21:29:19.0860 2264 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
21:29:19.0868 2264 iaStor - ok
21:29:19.0916 2264 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:29:19.0926 2264 iaStorV - ok
21:29:19.0967 2264 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
21:29:19.0971 2264 iBtFltCoex - ok
21:29:20.0319 2264 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:29:20.0616 2264 igfx - ok
21:29:20.0654 2264 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:29:20.0656 2264 iirsp - ok
21:29:20.0708 2264 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
21:29:20.0714 2264 Impcd - ok
21:29:20.0831 2264 IntcAzAudAddService (a9853214cc97796579d75b1f59c51dcd) C:\Windows\system32\drivers\RTKVHD64.sys
21:29:20.0975 2264 IntcAzAudAddService - ok
21:29:21.0020 2264 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:29:21.0027 2264 IntcDAud - ok
21:29:21.0066 2264 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:29:21.0068 2264 intelide - ok
21:29:21.0092 2264 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:21.0095 2264 intelppm - ok
21:29:21.0114 2264 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:21.0116 2264 IpFilterDriver - ok
21:29:21.0134 2264 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:29:21.0136 2264 IPMIDRV - ok
21:29:21.0146 2264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:29:21.0148 2264 IPNAT - ok
21:29:21.0171 2264 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:29:21.0172 2264 IRENUM - ok
21:29:21.0181 2264 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:29:21.0183 2264 isapnp - ok
21:29:21.0204 2264 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:29:21.0213 2264 iScsiPrt - ok
21:29:21.0228 2264 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:21.0231 2264 kbdclass - ok
21:29:21.0242 2264 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:29:21.0244 2264 kbdhid - ok
21:29:21.0298 2264 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:29:21.0302 2264 KSecDD - ok
21:29:21.0329 2264 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:29:21.0335 2264 KSecPkg - ok
21:29:21.0349 2264 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:29:21.0352 2264 ksthunk - ok
21:29:21.0413 2264 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:29:21.0417 2264 lltdio - ok
21:29:21.0478 2264 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:29:21.0482 2264 LSI_FC - ok
21:29:21.0498 2264 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:29:21.0502 2264 LSI_SAS - ok
21:29:21.0514 2264 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:29:21.0516 2264 LSI_SAS2 - ok
21:29:21.0527 2264 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:29:21.0529 2264 LSI_SCSI - ok
21:29:21.0561 2264 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:29:21.0563 2264 luafv - ok
21:29:21.0580 2264 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:29:21.0583 2264 megasas - ok
21:29:21.0623 2264 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:29:21.0632 2264 MegaSR - ok
21:29:21.0683 2264 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:29:21.0687 2264 MEIx64 - ok
21:29:21.0717 2264 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:29:21.0720 2264 Modem - ok
21:29:21.0742 2264 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:29:21.0744 2264 monitor - ok
21:29:21.0757 2264 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:29:21.0759 2264 mouclass - ok
21:29:21.0781 2264 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
21:29:21.0783 2264 mouhid - ok
21:29:21.0819 2264 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:29:21.0821 2264 mountmgr - ok
21:29:21.0846 2264 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:29:21.0851 2264 mpio - ok
21:29:21.0868 2264 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:29:21.0891 2264 mpsdrv - ok
21:29:21.0912 2264 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:29:21.0917 2264 MRxDAV - ok
21:29:21.0965 2264 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:21.0970 2264 mrxsmb - ok
21:29:22.0002 2264 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:22.0011 2264 mrxsmb10 - ok
21:29:22.0040 2264 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:22.0045 2264 mrxsmb20 - ok
21:29:22.0062 2264 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:29:22.0064 2264 msahci - ok
21:29:22.0078 2264 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:29:22.0080 2264 msdsm - ok
21:29:22.0094 2264 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:29:22.0095 2264 Msfs - ok
21:29:22.0126 2264 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:29:22.0127 2264 mshidkmdf - ok
21:29:22.0142 2264 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:29:22.0145 2264 msisadrv - ok
21:29:22.0191 2264 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:29:22.0193 2264 MSKSSRV - ok
21:29:22.0235 2264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:22.0238 2264 MSPCLOCK - ok
21:29:22.0252 2264 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:29:22.0254 2264 MSPQM - ok
21:29:22.0280 2264 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:29:22.0288 2264 MsRPC - ok
21:29:22.0309 2264 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:29:22.0312 2264 mssmbios - ok
21:29:22.0335 2264 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:29:22.0337 2264 MSTEE - ok
21:29:22.0350 2264 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:29:22.0352 2264 MTConfig - ok
21:29:22.0370 2264 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:29:22.0374 2264 Mup - ok
21:29:22.0438 2264 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:29:22.0447 2264 NativeWifiP - ok
21:29:22.0514 2264 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
21:29:22.0530 2264 NDIS - ok
21:29:22.0550 2264 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:22.0552 2264 NdisCap - ok
21:29:22.0587 2264 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:22.0590 2264 NdisTapi - ok
21:29:22.0611 2264 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:22.0614 2264 Ndisuio - ok
21:29:22.0630 2264 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:22.0635 2264 NdisWan - ok
21:29:22.0650 2264 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:29:22.0652 2264 NDProxy - ok
21:29:22.0661 2264 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:29:22.0662 2264 NetBIOS - ok
21:29:22.0683 2264 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:29:22.0687 2264 NetBT - ok
21:29:23.0006 2264 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
21:29:23.0232 2264 NETwNs64 - ok
21:29:23.0253 2264 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:29:23.0255 2264 nfrd960 - ok
21:29:23.0285 2264 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:29:23.0288 2264 Npfs - ok
21:29:23.0316 2264 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:29:23.0319 2264 nsiproxy - ok
21:29:23.0418 2264 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:29:23.0480 2264 Ntfs - ok
21:29:23.0500 2264 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:29:23.0501 2264 Null - ok
21:29:23.0542 2264 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:29:23.0547 2264 nusb3hub - ok
21:29:23.0580 2264 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:29:23.0583 2264 nusb3xhc - ok
21:29:23.0630 2264 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:29:23.0636 2264 nvraid - ok
21:29:23.0662 2264 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:29:23.0666 2264 nvstor - ok
21:29:23.0700 2264 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:29:23.0705 2264 nv_agp - ok
21:29:23.0722 2264 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:29:23.0726 2264 ohci1394 - ok
21:29:23.0749 2264 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:29:23.0754 2264 Parport - ok
21:29:23.0777 2264 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:29:23.0779 2264 partmgr - ok
21:29:23.0797 2264 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:29:23.0803 2264 pci - ok
21:29:23.0827 2264 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:29:23.0829 2264 pciide - ok
21:29:23.0842 2264 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:29:23.0847 2264 pcmcia - ok
21:29:23.0860 2264 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:29:23.0864 2264 pcw - ok
21:29:23.0882 2264 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:29:23.0891 2264 PEAUTH - ok
21:29:23.0949 2264 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:29:23.0954 2264 PptpMiniport - ok
21:29:23.0985 2264 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:29:23.0989 2264 Processor - ok
21:29:24.0042 2264 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:29:24.0044 2264 Psched - ok
21:29:24.0091 2264 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:29:24.0095 2264 PxHlpa64 - ok
21:29:24.0175 2264 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:29:24.0217 2264 ql2300 - ok
21:29:24.0234 2264 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:29:24.0237 2264 ql40xx - ok
21:29:24.0266 2264 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:29:24.0270 2264 QWAVEdrv - ok
21:29:24.0286 2264 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:24.0291 2264 RasAcd - ok
21:29:24.0328 2264 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:24.0331 2264 RasAgileVpn - ok
21:29:24.0353 2264 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:24.0356 2264 Rasl2tp - ok
21:29:24.0384 2264 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:24.0388 2264 RasPppoe - ok
21:29:24.0408 2264 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:24.0412 2264 RasSstp - ok
21:29:24.0442 2264 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:24.0450 2264 rdbss - ok
21:29:24.0478 2264 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:29:24.0480 2264 rdpbus - ok
21:29:24.0505 2264 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:24.0507 2264 RDPCDD - ok
21:29:24.0530 2264 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:29:24.0533 2264 RDPENCDD - ok
21:29:24.0558 2264 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:29:24.0560 2264 RDPREFMP - ok
21:29:24.0599 2264 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:29:24.0605 2264 RDPWD - ok
21:29:24.0657 2264 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:29:24.0664 2264 rdyboost - ok
21:29:24.0764 2264 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:29:24.0770 2264 RFCOMM - ok
21:29:24.0838 2264 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:24.0843 2264 rspndr - ok
21:29:24.0907 2264 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\Windows\system32\Drivers\RtsUStor.sys
21:29:24.0915 2264 RSUSBSTOR - ok
21:29:24.0965 2264 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:29:24.0982 2264 RTL8167 - ok
21:29:24.0996 2264 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:29:24.0998 2264 sbp2port - ok
21:29:25.0018 2264 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:29:25.0020 2264 scfilter - ok
21:29:25.0049 2264 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:29:25.0052 2264 secdrv - ok
21:29:25.0091 2264 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:29:25.0093 2264 Serenum - ok
21:29:25.0116 2264 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:29:25.0118 2264 Serial - ok
21:29:25.0131 2264 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:29:25.0132 2264 sermouse - ok
21:29:25.0162 2264 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:29:25.0165 2264 sffdisk - ok
21:29:25.0175 2264 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:25.0176 2264 sffp_mmc - ok
21:29:25.0186 2264 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:29:25.0188 2264 sffp_sd - ok
21:29:25.0198 2264 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:29:25.0199 2264 sfloppy - ok
21:29:25.0215 2264 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:29:25.0217 2264 SiSRaid2 - ok
21:29:25.0227 2264 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:29:25.0229 2264 SiSRaid4 - ok
21:29:25.0256 2264 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:29:25.0260 2264 Smb - ok
21:29:25.0299 2264 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:29:25.0301 2264 spldr - ok
21:29:25.0355 2264 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:29:25.0367 2264 srv - ok
21:29:25.0400 2264 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:29:25.0410 2264 srv2 - ok
21:29:25.0439 2264 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:25.0445 2264 srvnet - ok
21:29:25.0493 2264 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:29:25.0496 2264 stexstor - ok
21:29:25.0552 2264 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:29:25.0556 2264 swenum - ok
21:29:25.0654 2264 SynTP (bcd5b4ab94da436f083fcd0c636d00f3) C:\Windows\system32\DRIVERS\SynTP.sys
21:29:25.0701 2264 SynTP - ok
21:29:25.0797 2264 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:29:25.0857 2264 Tcpip - ok
21:29:25.0909 2264 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:25.0924 2264 TCPIP6 - ok
21:29:25.0958 2264 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:29:25.0959 2264 tcpipreg - ok
21:29:25.0972 2264 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:29:25.0973 2264 TDPIPE - ok
21:29:25.0997 2264 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:29:25.0998 2264 TDTCP - ok
21:29:26.0032 2264 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:29:26.0037 2264 tdx - ok
21:29:26.0066 2264 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:29:26.0073 2264 TermDD - ok
21:29:26.0108 2264 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:26.0110 2264 tssecsrv - ok
21:29:26.0128 2264 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:29:26.0132 2264 TsUsbFlt - ok
21:29:26.0146 2264 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:29:26.0149 2264 TsUsbGD - ok
21:29:26.0170 2264 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:26.0173 2264 tunnel - ok
21:29:26.0193 2264 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:29:26.0197 2264 uagp35 - ok
21:29:26.0217 2264 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:29:26.0224 2264 udfs - ok
21:29:26.0255 2264 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:29:26.0258 2264 uliagpkx - ok
21:29:26.0290 2264 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:29:26.0294 2264 umbus - ok
21:29:26.0307 2264 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:29:26.0310 2264 UmPass - ok
21:29:26.0372 2264 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:26.0377 2264 usbccgp - ok
21:29:26.0410 2264 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:29:26.0414 2264 usbcir - ok
21:29:26.0440 2264 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:29:26.0444 2264 usbehci - ok
21:29:26.0507 2264 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:26.0517 2264 usbhub - ok
21:29:26.0565 2264 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:29:26.0569 2264 usbohci - ok
21:29:26.0622 2264 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:26.0625 2264 usbprint - ok
21:29:26.0672 2264 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
21:29:26.0677 2264 USBSTOR - ok
21:29:26.0711 2264 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:29:26.0714 2264 usbuhci - ok
21:29:26.0765 2264 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:29:26.0772 2264 usbvideo - ok
21:29:26.0824 2264 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:29:26.0826 2264 vdrvroot - ok
21:29:26.0855 2264 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:26.0857 2264 vga - ok
21:29:26.0868 2264 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:29:26.0870 2264 VgaSave - ok
21:29:26.0890 2264 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:29:26.0897 2264 vhdmp - ok
21:29:26.0912 2264 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:29:26.0913 2264 viaide - ok
21:29:26.0925 2264 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:29:26.0927 2264 volmgr - ok
21:29:26.0940 2264 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:29:26.0945 2264 volmgrx - ok
21:29:26.0959 2264 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:29:26.0963 2264 volsnap - ok
21:29:26.0999 2264 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:29:27.0005 2264 vsmraid - ok
21:29:27.0024 2264 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:29:27.0027 2264 vwifibus - ok
21:29:27.0048 2264 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:29:27.0051 2264 vwififlt - ok
21:29:27.0074 2264 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:29:27.0075 2264 vwifimp - ok
21:29:27.0109 2264 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:29:27.0112 2264 WacomPen - ok
21:29:27.0134 2264 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:27.0136 2264 WANARP - ok
21:29:27.0139 2264 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:27.0141 2264 Wanarpv6 - ok
21:29:27.0176 2264 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:29:27.0177 2264 Wd - ok
21:29:27.0217 2264 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:29:27.0232 2264 Wdf01000 - ok
21:29:27.0264 2264 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
21:29:27.0266 2264 wdkmd - ok
21:29:27.0328 2264 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:27.0330 2264 WfpLwf - ok
21:29:27.0381 2264 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
21:29:27.0388 2264 WimFltr - ok
21:29:27.0412 2264 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:29:27.0415 2264 WIMMount - ok
21:29:27.0489 2264 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:29:27.0492 2264 WmiAcpi - ok
21:29:27.0521 2264 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:27.0522 2264 ws2ifsl - ok
21:29:27.0540 2264 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:29:27.0542 2264 WudfPf - ok
21:29:27.0602 2264 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:29:27.0663 2264 \Device\Harddisk0\DR0 - ok
21:29:27.0670 2264 Boot (0x1200) (0c015fb00e8137babc7bbaa8822c947b) \Device\Harddisk0\DR0\Partition0
21:29:27.0672 2264 \Device\Harddisk0\DR0\Partition0 - ok
21:29:27.0685 2264 Boot (0x1200) (a56618fc5eff69996fbf915452f80170) \Device\Harddisk0\DR0\Partition1
21:29:27.0688 2264 \Device\Harddisk0\DR0\Partition1 - ok
21:29:27.0689 2264 ============================================================
21:29:27.0689 2264 Scan finished
21:29:27.0689 2264 ============================================================
21:29:27.0708 4032 Detected object count: 0
21:29:27.0708 4032 Actual detected object count: 0
21:30:34.0845 5640 Deinitialize success


ComboFix 12-03-17.01 - Geoff 03/19/2012 21:32:23.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4010.2106 [GMT -4:00]
Running from: c:\users\Geoff\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 01:38 . 2012-03-20 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 23:15 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-19 21:53 . 2012-03-19 21:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C0453B9-B9DE-45B9-89D5-38A76914F544}\offreg.dll
2012-03-19 01:41 . 2012-03-19 01:41 -------- d-----w- c:\program files (x86)\ESET
2012-03-19 01:31 . 2012-03-19 01:31 -------- d-----w- C:\found.000
2012-03-18 17:23 . 2012-03-18 17:24 -------- d-----w- c:\programdata\HitmanPro
2012-03-18 17:16 . 2012-03-18 17:16 -------- d-----w- c:\programdata\Kaspersky Lab
2012-03-16 09:04 . 2012-03-01 18:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C0453B9-B9DE-45B9-89D5-38A76914F544}\mpengine.dll
2012-03-15 10:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 10:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 10:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 23:12 . 2012-03-14 23:12 -------- d-----w- c:\programdata\Samsung
2012-03-14 23:12 . 2011-06-17 11:49 36864 ----a-w- c:\windows\system32\Spool\prtprocs\x64\ssp8mpc.dll
2012-03-14 17:11 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:11 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 11:02 . 2012-03-14 11:02 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-14 11:02 . 2012-03-14 11:02 -------- d-----w- c:\windows\system32\Wat
2012-03-14 10:37 . 2012-03-14 10:37 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-14 10:12 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 10:12 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 10:12 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 10:12 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 10:12 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 10:12 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 10:12 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 00:46 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-14 00:46 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-14 00:46 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-14 00:46 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-14 00:46 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-14 00:46 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-14 00:46 . 2011-05-10 11:59 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-14 00:44 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-14 00:44 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-14 00:44 . 2012-03-14 00:44 -------- d-----w- c:\programdata\AVAST Software
2012-03-14 00:44 . 2012-03-14 00:44 -------- d-----w- c:\program files\AVAST Software
2012-03-14 00:41 . 2012-03-14 00:41 -------- d-----w- c:\programdata\Malwarebytes
2012-03-14 00:41 . 2010-12-20 22:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-03-14 00:41 . 2012-03-14 00:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-14 00:41 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 00:39 . 2012-03-14 00:39 -------- d-----w- c:\programdata\Last.fm
2012-03-14 00:17 . 2012-03-14 00:19 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-14 00:17 . 2012-03-14 00:19 -------- d-----w- c:\program files\iTunes
2012-03-14 00:17 . 2012-03-14 00:17 -------- d-----w- c:\programdata\Apple Computer
2012-03-13 23:52 . 2012-03-13 23:52 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-03-13 23:51 . 2012-03-13 23:51 -------- d-----w- c:\program files\Common Files\Apple
2012-03-13 23:51 . 2012-03-13 23:51 -------- d-----w- c:\program files\Bonjour
2012-03-13 23:51 . 2012-03-13 23:51 -------- d-----w- c:\program files (x86)\Bonjour
2012-03-13 23:51 . 2012-03-14 00:17 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-03-13 23:51 . 2012-03-13 23:52 -------- d-----w- c:\programdata\Apple
2012-03-13 21:03 . 2012-03-13 21:04 -------- d-----w- c:\program files\Dell Support Center
2012-03-13 21:00 . 2012-03-13 21:03 -------- d-----w- c:\programdata\PCDr
2012-03-13 07:05 . 2011-07-16 05:41 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-13 02:46 . 2012-03-13 02:46 -------- d-----w- c:\programdata\Creative
2012-03-13 02:40 . 2012-03-13 02:40 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-13 02:40 . 2012-03-13 02:40 -------- d-----r- c:\program files (x86)\Skype
2012-03-13 02:40 . 2012-03-13 02:40 -------- d-----w- c:\programdata\Skype
2012-03-12 23:07 . 2012-03-12 23:07 -------- d-----w- c:\program files (x86)\NeoDownloader
2012-03-12 22:55 . 2012-03-12 22:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-12 22:54 . 2012-03-12 22:54 -------- d-----w- c:\windows\system32\Macromed
2012-03-12 22:40 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-03-12 22:40 . 2012-03-12 22:40 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-03-12 22:04 . 2012-03-12 22:04 -------- d-----w- c:\program files (x86)\uTorrent
2012-03-12 18:57 . 2012-03-12 18:57 -------- d-----w- c:\users\Default\AppData\Local\SoftThinks
2012-03-12 18:54 . 2012-03-18 22:47 -------- d-----w- c:\users\Geoff
2012-02-23 17:40 . 2012-02-23 17:40 -------- d-----w- c:\windows\SMINST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-12 18:54 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-18_22.51.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-20 00:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-18 22:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-18 22:24 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 00:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 00:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-18 22:24 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-03-19 20:43 31768 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-19 20:43 33764 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-03-19 02:25 . 2012-03-19 01:10 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2011-06-24 17:42 . 2012-03-19 20:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-24 17:42 . 2012-03-17 18:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-24 17:42 . 2012-03-17 18:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-24 17:42 . 2012-03-19 20:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-19 20:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-17 18:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-19 15:49 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2012-03-17 18:01 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-06-24 17:56 . 2012-03-19 01:08 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2011-06-24 17:56 . 2011-06-24 17:56 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-03-12 18:55 . 2012-03-19 20:43 2844 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-901196912-1582137699-2908304589-1001_UserData.bin
- 2012-03-17 18:17 . 2012-03-17 18:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-19 20:41 . 2012-03-19 20:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-19 20:41 . 2012-03-19 20:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-17 18:17 . 2012-03-17 18:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-03-19 23:17 660318 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-19 23:17 121214 c:\windows\system32\perfc009.dat
+ 2012-03-15 07:16 . 2012-03-19 20:40 368760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-15 07:16 . 2012-03-17 18:16 368760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-03-19 20:40 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-03-17 18:16 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-14 02:29 . 2012-03-19 01:09 989692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-901196912-1582137699-2908304589-1001-12288.dat
+ 2011-04-19 08:54 . 2011-04-19 08:54 227328 c:\windows\Installer\69d96ac.msi
+ 2011-04-19 08:21 . 2011-04-19 08:21 235520 c:\windows\Installer\69d96a2.msi
- 2009-07-14 04:45 . 2012-03-16 07:21 7187221 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-19 01:36 7187221 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-14 02:29 . 2012-03-19 20:40 7089708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-901196912-1582137699-2908304589-1001-8192.dat
+ 2011-04-16 12:44 . 2011-04-16 12:44 2770944 c:\windows\Installer\69d968a.msi
+ 2012-03-19 01:08 . 2012-03-19 01:08 20333056 c:\windows\Installer\69d9698.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-12 742264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-03-06 39424]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-03-06 39424]
"aswasOutExt64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2012-03-06 40960]
"aswaswOtl.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-03-06 39424]
"aswaswOtl64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2012-03-06 40960]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-02-27 499200]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-02-27 885248]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 52561248
*NewlyCreated* - FIXTDSS
*Deregistered* - 52561248
*Deregistered* - aswMBR
*Deregistered* - FixTDSS
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-03-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ------w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2011-03-02 1617920]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\lrcxhmit.default\
FF - prefs.js: browser.search.selectedEngine - ThePirateBay.org
FF - prefs.js: browser.startup.homepage - hxxp://espn.go.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-19 21:40:15
ComboFix-quarantined-files.txt 2012-03-20 01:40
ComboFix2.txt 2012-03-19 00:35
ComboFix3.txt 2012-03-18 23:06
.
Pre-Run: 313,086,484,480 bytes free
Post-Run: 312,802,910,208 bytes free
.
- - End Of File - - 6D4AFCEB6E808619F53754C4FED79568

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 19 March 2012 - 09:27 PM

Hello,



1.
Are you connected to the internet through a router? If so we need to reset that router.
How to Reset your router.

2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, Click Scan
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again

3.
  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    c:\windows\*. /RP /s
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 quikag182

quikag182
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 20 March 2012 - 08:15 PM

1. Done

2.
RogueKiller V7.3.2 [03/20/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Geoff [Admin rights]
Mode: Scan -- Date: 03/20/2012 20:51:42

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-75HXZT1 +++++
--- User ---
[MBR] 93a1d892f70a81eee30077571df1491b
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928896 | Size: 461837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG HD154UI USB Device +++++
--- User ---
[MBR] 2bda56e1c21ff8a40a26a83f7d219127
[BSP] 479a4c76647cbb9c71249d0e54c9e025 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

3. OTL logfile created on: 3/20/2012 8:54:21 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Geoff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 53.93% Memory free
7.83 Gb Paging File | 5.87 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 285.34 Gb Free Space | 63.27% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 189.36 Gb Free Space | 13.55% Space Free | Partition Type: NTFS

Computer Name: GEOFF-PC | User Name: Geoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 20:31:02 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
PRC - [2012/03/20 20:30:49 | 001,221,120 | ---- | M] () -- C:\Users\Geoff\Desktop\RogueKiller.exe
PRC - [2012/03/14 06:23:18 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/14 02:21:34 | 000,974,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2010/12/14 02:21:30 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2010/12/14 02:21:18 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010/12/14 02:21:12 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/19 19:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/14 06:23:17 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/12 18:55:02 | 008,527,520 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/02/27 12:15:36 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/02/27 12:09:36 | 000,885,248 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/12/14 02:21:34 | 000,974,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2010/12/14 02:21:30 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010/12/14 02:21:18 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/20 19:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/26 05:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/17 01:29:56 | 001,416,240 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 00:42:12 | 000,174,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2011/02/18 00:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino®
DRV:64bit: - [2011/02/18 00:42:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bpenum.sys -- (bpenum) Intel® Centrino®
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/21 21:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/14 09:18:50 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010/12/01 12:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 12:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 03:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21121B89-291B-4FA8-804F-10264B693073}
IE:64bit: - HKLM\..\SearchScopes\{21121B89-291B-4FA8-804F-10264B693073}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {21121B89-291B-4FA8-804F-10264B693073}
IE - HKLM\..\SearchScopes\{21121B89-291B-4FA8-804F-10264B693073}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope = {21121B89-291B-4FA8-804F-10264B693073}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://espn.go.com/"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/19 19:15:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/14 06:23:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/13 20:24:05 | 000,000,000 | ---D | M]

[2012/03/12 18:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Extensions
[2012/03/20 20:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\lrcxhmit.default\extensions
[2012/03/12 18:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/19 19:15:20 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LRCXHMIT.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LRCXHMIT.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
() (No name found) -- C:\USERS\GEOFF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LRCXHMIT.DEFAULT\EXTENSIONS\SOXGXBJDYO@SOXGXBJDYO.ORG.XPI
[2012/03/14 06:23:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/26 14:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/18 18:50:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C2CE657-8858-44EF-918E-942EA560939E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 20:50:16 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\RK_Quarantine
[2012/03/20 20:31:00 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
[2012/03/20 20:27:59 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Diagnostics
[2012/03/19 22:15:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/19 21:27:33 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Geoff\Desktop\TDSSKiller.exe
[2012/03/19 19:17:43 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/03/19 19:15:21 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/19 18:30:16 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\GTOWN
[2012/03/19 18:29:31 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\Malware
[2012/03/19 16:30:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/18 21:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/18 21:31:13 | 000,000,000 | ---D | C] -- C:\found.000
[2012/03/18 18:38:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/18 18:38:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/18 18:38:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/18 18:38:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/18 18:37:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/18 13:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/03/18 13:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/03/14 19:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/03/14 07:02:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/03/14 07:02:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/03/14 06:37:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/03/13 22:18:53 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Adobe
[2012/03/13 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Britannica
[2012/03/13 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Bluetooth Exchange Folder
[2012/03/13 21:02:07 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Backups
[2012/03/13 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\apply.do_files
[2012/03/13 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Amazon MP3
[2012/03/13 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Aimersoft Video Converter Ultimate
[2012/03/13 21:02:06 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Aimersoft iPhone Video Converter
[2012/03/13 21:01:57 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Play Camera Media
[2012/03/13 21:01:57 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\PcSetup
[2012/03/13 21:01:50 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\OneNote Notebooks
[2012/03/13 20:54:43 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Cross-Country Trip
[2012/03/13 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\NeoDownloader
[2012/03/13 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\My Scans
[2012/03/13 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\My EndNote Librarya.Data
[2012/03/13 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\My EndNote Library.Data
[2012/03/13 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\HP Photosmart Projects
[2012/03/13 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Helium Music Manager 8
[2012/03/13 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Helium Music Manager 7
[2012/03/13 20:53:47 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\equifax credit report_files
[2012/03/13 20:53:46 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\DVDVideoSoft
[2012/03/13 20:53:46 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\CyberLink
[2012/03/13 20:53:45 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\CMA51334_files
[2012/03/13 20:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/13 20:46:59 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/13 20:46:58 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/13 20:46:44 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/13 20:46:44 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/13 20:46:44 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/13 20:46:44 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/13 20:46:44 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/03/13 20:44:48 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/13 20:44:48 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/13 20:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/13 20:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/13 20:42:00 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Malwarebytes
[2012/03/13 20:41:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2012/03/13 20:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/13 20:41:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/13 20:41:14 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/13 20:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/13 20:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2012/03/13 20:39:19 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Last.fm
[2012/03/13 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2012/03/13 20:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2012/03/13 20:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename
[2012/03/13 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tag&Rename
[2012/03/13 20:33:57 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\AccurateRip
[2012/03/13 20:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
[2012/03/13 20:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2012/03/13 20:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/03/13 20:24:05 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2012/03/13 20:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2012/03/13 20:23:59 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Winamp
[2012/03/13 20:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012/03/13 20:20:16 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Apple Computer
[2012/03/13 20:20:15 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Apple Computer
[2012/03/13 20:20:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/13 20:19:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/03/13 20:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/13 20:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/13 20:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/13 20:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/03/13 20:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/03/13 19:57:59 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\Visiting Applications
[2012/03/13 19:54:27 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\SCHOOL
[2012/03/13 19:54:26 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\Reading List
[2012/03/13 19:52:32 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Apple
[2012/03/13 19:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/03/13 19:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/13 19:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/03/13 19:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/03/13 19:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/03/13 19:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/03/13 19:33:51 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\MUSIC
[2012/03/13 19:33:51 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\hospice
[2012/03/13 19:30:00 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\EMRAP
[2012/03/13 19:29:59 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\EM Articles
[2012/03/13 17:04:12 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/03/13 17:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/03/13 17:00:35 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\PCDr
[2012/03/13 17:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2012/03/12 23:48:54 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\incoming!
[2012/03/12 22:46:44 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Reallusion
[2012/03/12 22:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012/03/12 22:40:40 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Skype
[2012/03/12 22:40:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/03/12 22:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/12 22:40:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/12 22:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/03/12 20:26:56 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Intel Wireless Display
[2012/03/12 19:07:00 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\NeoDownloader
[2012/03/12 19:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoDownloader
[2012/03/12 19:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoDownloader
[2012/03/12 18:54:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/12 18:44:33 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\WinRAR
[2012/03/12 18:43:23 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/12 18:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/12 18:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/03/12 18:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/03/12 18:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/03/12 18:06:15 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Desktop\tv & movies
[2012/03/12 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Mozilla
[2012/03/12 18:04:34 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Mozilla
[2012/03/12 18:04:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/03/12 18:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/03/12 18:03:40 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\uTorrent
[2012/03/12 14:58:58 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Dell
[2012/03/12 14:58:43 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Macromedia
[2012/03/12 14:58:43 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Adobe
[2012/03/12 14:58:14 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Dell Touch Zone
[2012/03/12 14:58:08 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Roxio
[2012/03/12 14:58:07 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Creative
[2012/03/12 14:58:06 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Apps
[2012/03/12 14:58:05 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Leadertech
[2012/03/12 14:58:03 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Deployment
[2012/03/12 14:58:03 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Dell
[2012/03/12 14:57:45 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Searches
[2012/03/12 14:57:45 | 000,000,000 | R--D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/12 14:57:45 | 000,000,000 | -H-D | C] -- C:\Users\Geoff\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/12 14:57:35 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Identities
[2012/03/12 14:57:33 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Contacts
[2012/03/12 14:57:30 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\VirtualStore
[2012/03/12 14:57:07 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\SoftThinks
[2012/03/12 14:54:16 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Intel
[2012/03/12 14:54:14 | 000,000,000 | --SD | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Videos
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Saved Games
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Pictures
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Music
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Links
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Favorites
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Downloads
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Documents
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\Desktop
[2012/03/12 14:54:14 | 000,000,000 | R--D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\AppData\Local\Temporary Internet Files
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\Templates
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\Start Menu
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\SendTo
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\Recent
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\PrintHood
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\NetHood
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\Documents\My Videos
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\Documents\My Pictures
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\Documents\My Music
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\My Documents
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\Local Settings
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\AppData\Local\History
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\Cookies
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\Application Data
[2012/03/12 14:54:14 | 000,000,000 | -HSD | C] -- C:\Users\Geoff\AppData\Local\Application Data
[2012/03/12 14:54:14 | 000,000,000 | -H-D | C] -- C:\Users\Geoff\AppData
[2012/03/12 14:54:14 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Temp
[2012/03/12 14:54:14 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Roaming
[2012/03/12 14:54:14 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Local\Microsoft
[2012/03/12 14:54:14 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Media Center Programs
[2012/02/23 13:40:43 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2012/02/23 12:57:22 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/03/20 20:31:02 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe
[2012/03/20 20:30:49 | 001,221,120 | ---- | M] () -- C:\Users\Geoff\Desktop\RogueKiller.exe
[2012/03/20 14:00:07 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/19 22:36:07 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/19 22:36:07 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/19 22:36:07 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/19 22:21:18 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 22:21:18 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 22:13:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 22:13:30 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 21:30:41 | 000,001,035 | ---- | M] () -- C:\Users\Geoff\Desktop\ComboFix - Shortcut.lnk
[2012/03/19 21:27:18 | 002,044,822 | ---- | M] () -- C:\Users\Geoff\Desktop\tdsskiller.zip
[2012/03/19 19:44:21 | 000,000,512 | ---- | M] () -- C:\Users\Geoff\Desktop\MBR.dat
[2012/03/19 19:18:54 | 000,801,997 | ---- | M] () -- C:\Users\Geoff\Desktop\ListParts64.exe
[2012/03/19 19:17:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/19 19:15:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/18 18:50:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/18 13:36:57 | 000,796,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/15 03:18:20 | 000,319,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/14 06:06:19 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/13 22:23:13 | 003,450,295 | ---- | M] () -- C:\Users\Geoff\Desktop\ECGs for the Emergency Physician.pdf
[2012/03/13 22:18:51 | 005,597,033 | ---- | M] () -- C:\Users\Geoff\Desktop\ECGs for the Emergency Physician 2.pdf
[2012/03/13 20:47:00 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/13 20:43:27 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 20:37:22 | 000,001,091 | ---- | M] () -- C:\Users\Geoff\Desktop\Tag&Rename.lnk
[2012/03/13 20:36:00 | 000,003,190 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2012/03/13 20:35:50 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
[2012/03/13 20:35:27 | 000,003,071 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2012/03/13 20:35:16 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
[2012/03/13 20:34:55 | 000,003,232 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2012/03/13 20:34:47 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2012/03/13 20:33:54 | 000,013,082 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/03/13 20:33:47 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2012/03/13 20:33:46 | 000,018,123 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/03/13 20:33:32 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2012/03/13 20:24:28 | 000,001,005 | ---- | M] () -- C:\Users\Geoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/03/13 20:24:28 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/03/13 20:20:05 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/12 22:40:35 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/12 18:04:35 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/03/12 18:03:58 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/12 15:52:52 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/03/12 15:52:52 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/03/09 17:12:06 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Geoff\Desktop\TDSSKiller.exe
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/06 19:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/29 13:21:58 | 000,152,029 | ---- | M] () -- C:\Users\Geoff\Desktop\Clinical Eval Form revised 052909.pdf

========== Files Created - No Company Name ==========

[2012/03/20 20:30:48 | 001,221,120 | ---- | C] () -- C:\Users\Geoff\Desktop\RogueKiller.exe
[2012/03/19 21:30:41 | 000,001,035 | ---- | C] () -- C:\Users\Geoff\Desktop\ComboFix - Shortcut.lnk
[2012/03/19 21:27:15 | 002,044,822 | ---- | C] () -- C:\Users\Geoff\Desktop\tdsskiller.zip
[2012/03/19 19:41:50 | 000,000,512 | ---- | C] () -- C:\Users\Geoff\Desktop\MBR.dat
[2012/03/19 19:18:46 | 000,801,997 | ---- | C] () -- C:\Users\Geoff\Desktop\ListParts64.exe
[2012/03/18 18:38:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/18 18:38:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/18 18:38:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/18 18:38:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/18 18:38:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/18 13:37:02 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/13 22:23:11 | 003,450,295 | ---- | C] () -- C:\Users\Geoff\Desktop\ECGs for the Emergency Physician.pdf
[2012/03/13 22:18:40 | 005,597,033 | ---- | C] () -- C:\Users\Geoff\Desktop\ECGs for the Emergency Physician 2.pdf
[2012/03/13 21:02:05 | 018,840,683 | ---- | C] () -- C:\Users\Geoff\Documents\Tracy Morgan NPR Interview.mp3
[2012/03/13 21:02:04 | 004,197,386 | ---- | C] () -- C:\Users\Geoff\Documents\My EndNote Library.enl
[2012/03/13 21:02:04 | 000,052,850 | ---- | C] () -- C:\Users\Geoff\Documents\My EndNote Librarya.enl
[2012/03/13 21:02:04 | 000,000,000 | ---- | C] () -- C:\Users\Geoff\Documents\PDVD_MediaDisc.PlayList
[2012/03/13 21:02:03 | 001,373,492 | ---- | C] () -- C:\Users\Geoff\Documents\mens.health.personal.trainer.pdf
[2012/03/13 21:02:02 | 010,962,299 | ---- | C] () -- C:\Users\Geoff\Documents\Mens Health - Total Body Workout.pdf
[2012/03/13 21:02:02 | 000,136,141 | ---- | C] () -- C:\Users\Geoff\Documents\marathon training table.jpg
[2012/03/13 21:02:02 | 000,025,747 | ---- | C] () -- C:\Users\Geoff\Documents\marathon-novice1-2010-11-21.ics
[2012/03/13 21:02:02 | 000,001,779 | ---- | C] () -- C:\Users\Geoff\Documents\Insurance Information.html
[2012/03/13 21:02:00 | 000,044,596 | ---- | C] () -- C:\Users\Geoff\Documents\Geoff.contact
[2012/03/13 21:02:00 | 000,029,838 | ---- | C] () -- C:\Users\Geoff\Documents\Froehlich_Photo.jpg
[2012/03/13 21:01:59 | 002,459,477 | ---- | C] () -- C:\Users\Geoff\Documents\DrRickStrassman-DMT-TheSpiritMolecule.pdf
[2012/03/13 21:01:59 | 000,136,079 | ---- | C] () -- C:\Users\Geoff\Documents\equifax credit report.htm
[2012/03/13 21:01:59 | 000,008,974 | ---- | C] () -- C:\Users\Geoff\Documents\dsp_stereo_tool.ini
[2012/03/13 21:01:58 | 000,234,454 | ---- | C] () -- C:\Users\Geoff\Documents\BreakthruNutritionPlan.pdf
[2012/03/13 21:01:58 | 000,051,172 | ---- | C] () -- C:\Users\Geoff\Documents\CMA51334.html
[2012/03/13 21:01:58 | 000,016,547 | ---- | C] () -- C:\Users\Geoff\Documents\apply.do.htm
[2012/03/13 21:01:58 | 000,010,291 | ---- | C] () -- C:\Users\Geoff\Documents\b
[2012/03/13 21:01:58 | 000,004,745 | ---- | C] () -- C:\Users\Geoff\Documents\a
[2012/03/13 21:01:58 | 000,001,940 | ---- | C] () -- C:\Users\Geoff\Documents\backup.opi
[2012/03/13 20:47:00 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/13 20:46:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/03/13 20:43:27 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 20:37:22 | 000,001,091 | ---- | C] () -- C:\Users\Geoff\Desktop\Tag&Rename.lnk
[2012/03/13 20:36:00 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
[2012/03/13 20:36:00 | 000,003,190 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2012/03/13 20:35:27 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
[2012/03/13 20:35:27 | 000,003,071 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2012/03/13 20:34:55 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2012/03/13 20:34:55 | 000,003,232 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2012/03/13 20:33:54 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2012/03/13 20:33:54 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/03/13 20:33:46 | 000,415,408 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/03/13 20:33:46 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2012/03/13 20:33:46 | 000,018,123 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/03/13 20:24:28 | 000,001,005 | ---- | C] () -- C:\Users\Geoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/03/13 20:24:28 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/03/13 20:20:05 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/13 19:58:00 | 067,145,748 | ---- | C] () -- C:\Users\Geoff\Desktop\Clinical Procedures EM.chm
[2012/03/13 19:58:00 | 000,152,029 | ---- | C] () -- C:\Users\Geoff\Desktop\Clinical Eval Form revised 052909.pdf
[2012/03/13 19:52:28 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/03/13 17:04:19 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/13 17:04:16 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/12 22:40:35 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/12 18:40:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/03/12 18:03:58 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 18:03:58 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/12 14:54:31 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/03/12 14:54:14 | 000,000,290 | ---- | C] () -- C:\Users\Geoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/12 14:54:14 | 000,000,272 | ---- | C] () -- C:\Users\Geoff\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/23 12:57:16 | 3153,727,488 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/24 15:05:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/06/24 15:04:52 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/24 15:04:49 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/06/24 15:04:47 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 12:10:51 | 000,796,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/03/12 14:58:05 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Leadertech
[2012/03/12 19:08:17 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\NeoDownloader
[2012/03/13 17:03:00 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\PCDr
[2012/03/20 20:50:05 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\uTorrent
[2012/03/14 06:06:19 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 01:08:49 | 000,007,896 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/20 14:00:07 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\WINDOWS\ERDNT\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\WINDOWS\ERDNT\cache86\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\WINDOWS\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\WINDOWS\ERDNT\cache64\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys
[2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 23:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 02:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 02:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\WINDOWS\ERDNT\cache64\netlogon.dll
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 23:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\WINDOWS\ERDNT\cache86\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\WINDOWS\SysWOW64\netlogon.dll
[2010/11/20 23:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 02:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 02:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 23:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\WINDOWS\ERDNT\cache86\scecli.dll
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\WINDOWS\SysWOW64\scecli.dll
[2010/11/20 23:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\WINDOWS\ERDNT\cache64\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 23:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< c:\windows\*. /RP /s >

< %systemroot%\*. /mp /s >

< End of report >

OTL Extras logfile created on: 3/20/2012 8:54:21 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Geoff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 53.93% Memory free
7.83 Gb Paging File | 5.87 Gb Available in Paging File | 74.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 285.34 Gb Free Space | 63.27% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 189.36 Gb Free Space | 13.55% Space Free | Partition Type: NTFS

Computer Name: GEOFF-PC | User Name: Geoff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{18A6B663-A646-457B-A314-5CF58AECB06A}" = Intel® PROSet/Wireless WiMAX Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1" = NeoDownloader 2.9
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Dell Webcam Central" = Dell Webcam Central
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.4.0 (Full)
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Tag&Rename_is1" = Tag&Rename 3.5.7
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2012 9:39:53 PM | Computer Name = Geoff-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Geoff\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 3/18/2012 9:40:57 PM | Computer Name = Geoff-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Geoff\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 3/18/2012 9:41:00 PM | Computer Name = Geoff-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Geoff\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 3/19/2012 2:19:05 AM | Computer Name = Geoff-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 3/19/2012 2:19:20 AM | Computer Name = Geoff-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 3/19/2012 2:21:25 AM | Computer Name = Geoff-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\Geoff\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 3/19/2012 4:41:58 PM | Computer Name = Geoff-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/19/2012 7:18:08 PM | Computer Name = Geoff-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Geoff\Desktop\Malware\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 3/19/2012 10:14:10 PM | Computer Name = Geoff-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/20/2012 12:34:01 AM | Computer Name = Geoff-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Dell Events ]
Error - 3/13/2012 7:28:18 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/14/2012 4:16:56 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/14/2012 4:16:56 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/14/2012 7:05:14 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/14/2012 7:05:14 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/14/2012 7:05:37 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/14/2012 7:05:37 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/15/2012 3:33:23 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/15/2012 3:33:23 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 3/17/2012 2:02:34 PM | Computer Name = Geoff-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 3/14/2012 7:49:21 PM | Computer Name = Geoff-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 3/14/2012 7:49:24 PM | Computer Name = Geoff-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 3/14/2012 7:49:27 PM | Computer Name = Geoff-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 3/14/2012 7:49:30 PM | Computer Name = Geoff-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 3/14/2012 7:49:32 PM | Computer Name = Geoff-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 3/14/2012 7:49:35 PM | Computer Name = Geoff-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 3/14/2012 7:49:38 PM | Computer Name = Geoff-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 3/14/2012 7:49:40 PM | Computer Name = Geoff-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 3/14/2012 7:49:43 PM | Computer Name = Geoff-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 3/15/2012 2:00:26 PM | Computer Name = Geoff-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 20 March 2012 - 08:43 PM

Hello,

Are you still getting redirects? If so is it in all browsers? Can you also tell me if it still redirects to scour.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 quikag182

quikag182
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 20 March 2012 - 09:01 PM

I am... I thought they might be gone, but they're definitely not, at least in firefox. I haven't really used internet explorer other than to download firefox. They're still redirecting to the 63. site and happili.com...

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 21 March 2012 - 07:24 PM

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 quikag182

quikag182
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 21 March 2012 - 07:59 PM

Ran it, still redirecting.



GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:58 on 21/03/2012 (Geoff)
Firefox version 11.0 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:03 12/03/2012]

C:\Users\Geoff\Application Data\Mozilla\Firefox\Profiles\lrcxhmit.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [00:44 14/03/2012]

---------- Old Logs ----------
GooredFix[00.58.06_22-03-2012].txt

-=E.O.F=-

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 22 March 2012 - 04:34 PM

Hello,


Please open Firefox.
Go to Tools at the top.
Select ADD-ONS from the drop down menu.
Select Extensions
Now see if there is Scour in there as one of the extensions if so select disable then remove


If Scour is not in Extensions click Plugins then see if Scour is there. If so click disable.


Now reboot and see if it still redirects.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 25 March 2012 - 09:19 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 quikag182

quikag182
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:10 PM

Posted 25 March 2012 - 10:12 PM

Unfortunately that wasn't the problem. Things also started getting slow and would hang up, then blue-screened. Malwarebytes finally picked it up, but couldn't effectively clear it, so I gave up and reformatted the HDD, and started over with a fresh install. It is working very well now. Thank you so much for the help, sorry there is no satisfaction.

G

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 26 March 2012 - 05:12 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users