Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 dave4mtexas

dave4mtexas

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 15 July 2012 - 11:02 AM

Hello and thanks in advance for helping. I know you are all volunteers, and I'm very grateful for your time.

A few days ago my system (Windows Vista Business SP2 32-bit ) got infected with what I guess is a Google redirect virus. I use both IE 8 and Chrome and it happens on both. When clicking a link in Google search results, I'm taken directly to the spam site; no new tab, but in IE a spam window is opened. The spam is always somehow related to the topic that I'm searching. If I tab back to the initial Google results and click the link a second time, it always takes me to the proper landing site; no spam. This problem doesn't occur with every Google link. Some work just fine. Probably 50-75% of links that I've tried are affected.

I use AVG but it obviously didn't detect the virus. Since this happened, i tried almost every other antivirus and nothing fixed it till now. Most of the programs found and removed various problems. Unfortunately, we didn't keep notes on what either program detected, but a Trojan virus of some sort was found and removed at one point. But all of this did nothing to fix the Google redirect problem. We did some looking and found this site, and are hoping you might be able to help.

Please let me know how to proceed. Thanks again.

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272
Run by Administrator at 10:11:29 on 2012-07-15
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1022.164 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ToolKitService\ToolkitService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\Easy Button Manager\EasyBtnMgr.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: eToolKit Toolbar: {d3b22a92-87a2-47b6-b3e6-a64877b5c242} - c:\program files\toolkitservice\toolbar_v2.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
TCP: Interfaces\{C77C9AA5-C340-485F-B197-3A86E14C24D9} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D1D9B21E-C94A-4BA4-8381-3C0D483CE4FA} : DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-3 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-3 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-3 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-3 57656]
R2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\drivers\KMDFMEMIO.sys [2007-12-6 13312]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-20 22344]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
S3 ToolkitDisk;ToolkitDisk;c:\windows\system32\drivers\toolkitdisk.sys [2011-12-6 57152]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2011-8-15 104752]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2011-8-15 82736]
.
=============== Created Last 30 ================
.
2012-07-12 08:15:08 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:59:56 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 11:59:42 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:59:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:58:16 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 11:58:15 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 11:58:14 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-07 15:29:27 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-07 15:29:27 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-07 15:27:25 -------- d-----w- c:\program files\iPod
2012-07-07 15:27:05 -------- d-----w- c:\program files\iTunes
2012-07-04 02:42:05 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-04 02:42:03 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-04 02:40:59 41224 ----a-w- c:\windows\avastSS.scr
2012-07-04 02:32:10 -------- d-----w- c:\program files\Conduit
2012-07-04 02:32:05 -------- d-----w- c:\users\administrator\appdata\local\Conduit
2012-07-03 18:13:18 -------- d-----w- c:\users\administrator\appdata\local\{BFA53FF5-C53A-11E1-8270-B8AC6F996F26}
2012-07-03 18:13:18 -------- d-----w- c:\users\administrator\appdata\local\{BFA50D0A-C53A-11E1-8270-B8AC6F996F26}
2012-06-30 21:22:02 -------- d-----w- c:\users\administrator\appdata\local\CRE
2012-06-30 21:21:31 -------- d-----w- c:\users\administrator\appdata\local\Vid-Saver
2012-06-30 21:21:27 -------- d-----w- c:\program files\BitTorrentBar
2012-06-30 21:21:16 -------- d-----w- c:\program files\Vid-Saver
2012-06-30 18:55:14 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-30 18:32:42 -------- d-----w- C:\ComboFix
2012-06-30 18:17:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 16:27:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-30 16:27:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-23 01:29:22 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 01:28:36 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 01:28:06 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 01:28:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 02:50:40 -------- d-----w- c:\programdata\AVAST Software
2012-06-21 02:50:40 -------- d-----w- c:\program files\AVAST Software
2012-06-19 02:46:43 -------- d-----w- c:\programdata\eToolKit
2012-06-18 14:16:07 -------- d-----w- c:\program files\OApps
2012-06-18 14:07:00 -------- d-----w- c:\programdata\CounterPath
2012-06-18 14:06:19 -------- d-----w- c:\program files\CounterPath
.
==================== Find3M ====================
.
2012-07-11 18:02:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 22:45:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-12 22:45:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 17:11:36 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 17:11:36 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
============= FINISH: 10:14:31.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:25 AM

Posted 16 July 2012 - 01:02 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dave4mtexas

dave4mtexas
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 16 July 2012 - 07:56 PM

Gringo,

First i like to thank you for helping me to fix the computer. I did what you said and attached all the logs below as you requested. Now when i do Google search on my computer, its redirecting the first search result not the other ones, its very weird for me. I tried for too many different ones and found the first search result is getting redirected. I didnt face any problem running the security check, but when i ran the combo fix it initially said no administrator rights(in the small blue screen window) to run the program and then it started scanning automatically.

Note:- I logged in the system with the administrator rights, so not sure why combo fix initially showed that message.

Security Check log:

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 29
Java™ 6 Update 22
Java version out of Date!
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


ComboFix Log


ComboFix 12-07-16.01 - Administrator 07/16/2012 19:10:04.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1022.444 [GMT -5:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\chrtmp
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 00:26 . 2012-07-17 00:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-17 00:26 . 2012-07-17 00:26 -------- d-----w- c:\users\Super Tech\AppData\Local\temp
2012-07-17 00:26 . 2012-07-17 00:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-17 00:26 . 2012-07-17 00:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-17 00:26 . 2012-07-17 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 08:15 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:59 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 11:59 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:59 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:58 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 11:58 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 11:58 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-07 15:29 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-07 15:29 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-07 15:27 . 2012-07-07 15:27 -------- d-----w- c:\program files\iPod
2012-07-07 15:27 . 2012-07-07 15:29 -------- d-----w- c:\program files\iTunes
2012-07-04 02:42 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-04 02:42 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-04 02:42 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-04 02:42 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-04 02:42 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-04 02:42 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-04 02:40 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-04 02:40 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-04 02:32 . 2012-07-04 02:32 -------- d-----w- c:\program files\Conduit
2012-07-04 02:32 . 2012-07-04 17:29 -------- d-----w- c:\users\Administrator\AppData\Local\Conduit
2012-07-03 18:13 . 2012-07-03 18:13 -------- d-----w- c:\users\Administrator\AppData\Local\{BFA53FF5-C53A-11E1-8270-B8AC6F996F26}
2012-07-03 18:13 . 2012-07-03 18:13 -------- d-----w- c:\users\Administrator\AppData\Local\{BFA50D0A-C53A-11E1-8270-B8AC6F996F26}
2012-06-30 21:22 . 2012-07-04 02:32 -------- d-----w- c:\users\Administrator\AppData\Local\CRE
2012-06-30 21:21 . 2012-06-30 21:21 -------- d-----w- c:\users\Administrator\AppData\Local\Vid-Saver
2012-06-30 21:21 . 2012-06-30 21:21 -------- d-----w- c:\program files\BitTorrentBar
2012-06-30 21:21 . 2012-06-30 21:22 -------- d-----w- c:\program files\Vid-Saver
2012-06-30 18:17 . 2012-07-11 18:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 16:27 . 2012-07-04 17:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-30 16:27 . 2012-06-30 16:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-23 01:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 01:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 01:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 01:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 01:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 01:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 01:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 01:28 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 01:28 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 02:50 . 2012-07-04 02:40 -------- d-----w- c:\programdata\AVAST Software
2012-06-21 02:50 . 2012-07-04 02:40 -------- d-----w- c:\program files\AVAST Software
2012-06-19 02:46 . 2012-06-19 02:46 -------- d-----w- c:\programdata\eToolKit
2012-06-18 14:16 . 2012-07-04 17:30 -------- d-----w- c:\program files\OApps
2012-06-18 14:07 . 2012-06-18 14:07 -------- d-----w- c:\programdata\CounterPath
2012-06-18 14:06 . 2012-06-18 14:06 -------- d-----w- c:\program files\CounterPath
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 18:02 . 2012-03-16 04:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2011-01-21 00:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 22:45 . 2012-06-12 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-12 22:45 . 2012-06-12 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-15 06:37 . 2012-06-14 02:25 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-14 02:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-14 02:25 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-14 02:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-14 02:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-14 02:25 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-14 02:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-14 02:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03 . 2012-06-14 02:25 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 17:11 . 2012-04-25 17:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 17:11 . 2012-04-25 17:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-23 16:00 . 2012-06-14 02:25 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 02:25 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 02:25 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar_v2.dll" [2011-11-04 851600]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-04-02 400760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-06 839680]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-23 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-12 296056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 18:02]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1787316924-336728849-1611007836-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 14:57]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1787316924-336728849-1611007836-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-16 19:27
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,a3,f9,9f,6d,31,70,43,be,58,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,d4,1e,d4,8c,09,ed,40,b7,33,a4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,6a,b3,6d,ed,db,9c,48,84,88,af,\
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RealPlayer.3GPP_AMR.10"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\RealPlay.exe"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\RealPlay.exe"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-07-16 19:33:57
ComboFix-quarantined-files.txt 2012-07-17 00:33
ComboFix2.txt 2012-06-30 18:57
ComboFix3.txt 2011-01-21 03:19
.
Pre-Run: 39,020,417,024 bytes free
Post-Run: 39,346,049,024 bytes free
.
- - End Of File - - 629DD9F1EBA2C49C2406B2F8B855FE1E

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:25 AM

Posted 16 July 2012 - 08:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dave4mtexas

dave4mtexas
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 16 July 2012 - 10:24 PM

Gringo,

Here are the logs

tdssKiller


21:53:09.0588 9228 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
21:53:10.0454 9228 ============================================================
21:53:10.0454 9228 Current date / time: 2012/07/16 21:53:10.0454
21:53:10.0454 9228 SystemInfo:
21:53:10.0454 9228
21:53:10.0454 9228 OS Version: 6.0.6002 ServicePack: 2.0
21:53:10.0454 9228 Product type: Workstation
21:53:10.0455 9228 ComputerName: SUPERTECH-PC
21:53:10.0455 9228 UserName: Administrator
21:53:10.0455 9228 Windows directory: C:\Windows
21:53:10.0455 9228 System windows directory: C:\Windows
21:53:10.0455 9228 Processor architecture: Intel x86
21:53:10.0455 9228 Number of processors: 2
21:53:10.0456 9228 Page size: 0x1000
21:53:10.0456 9228 Boot type: Normal boot
21:53:10.0456 9228 ============================================================
21:53:13.0297 9228 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:53:13.0398 9228 ============================================================
21:53:13.0398 9228 \Device\Harddisk0\DR0:
21:53:13.0399 9228 MBR partitions:
21:53:13.0399 9228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF92FC1
21:53:13.0399 9228 ============================================================
21:53:13.0449 9228 C: <-> \Device\Harddisk0\DR0\Partition0
21:53:13.0493 9228 ============================================================
21:53:13.0493 9228 Initialize success
21:53:13.0493 9228 ============================================================
21:53:21.0700 6048 ============================================================
21:53:21.0700 6048 Scan started
21:53:21.0700 6048 Mode: Manual;
21:53:21.0700 6048 ============================================================
21:53:28.0585 6048 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:53:28.0599 6048 ACPI - ok
21:53:28.0688 6048 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:53:28.0706 6048 AdobeARMservice - ok
21:53:28.0794 6048 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:53:28.0808 6048 AdobeFlashPlayerUpdateSvc - ok
21:53:28.0867 6048 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:53:28.0882 6048 adp94xx - ok
21:53:28.0916 6048 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:53:28.0929 6048 adpahci - ok
21:53:28.0962 6048 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:53:28.0991 6048 adpu160m - ok
21:53:29.0016 6048 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:53:29.0032 6048 adpu320 - ok
21:53:29.0062 6048 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:53:29.0064 6048 AeLookupSvc - ok
21:53:29.0137 6048 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:53:29.0156 6048 AFD - ok
21:53:29.0214 6048 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
21:53:29.0217 6048 AgereModemAudio - ok
21:53:29.0329 6048 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
21:53:29.0388 6048 AgereSoftModem - ok
21:53:29.0418 6048 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:53:29.0422 6048 agp440 - ok
21:53:29.0441 6048 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:53:29.0455 6048 aic78xx - ok
21:53:29.0489 6048 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:53:29.0493 6048 ALG - ok
21:53:29.0517 6048 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:53:29.0522 6048 aliide - ok
21:53:29.0539 6048 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:53:29.0543 6048 amdagp - ok
21:53:29.0560 6048 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:53:29.0563 6048 amdide - ok
21:53:29.0582 6048 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:53:29.0585 6048 AmdK7 - ok
21:53:29.0609 6048 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
21:53:29.0626 6048 AmdK8 - ok
21:53:29.0659 6048 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:53:29.0662 6048 Appinfo - ok
21:53:29.0831 6048 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:53:29.0838 6048 Apple Mobile Device - ok
21:53:29.0885 6048 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
21:53:29.0895 6048 AppMgmt - ok
21:53:29.0918 6048 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:53:29.0922 6048 arc - ok
21:53:29.0954 6048 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:53:29.0959 6048 arcsas - ok
21:53:30.0000 6048 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
21:53:30.0003 6048 aswFsBlk - ok
21:53:30.0033 6048 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
21:53:30.0037 6048 aswMonFlt - ok
21:53:30.0054 6048 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\AswRdr.sys
21:53:30.0058 6048 AswRdr - ok
21:53:30.0132 6048 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
21:53:30.0177 6048 aswSnx - ok
21:53:30.0235 6048 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
21:53:30.0269 6048 aswSP - ok
21:53:30.0305 6048 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
21:53:30.0309 6048 aswTdi - ok
21:53:30.0338 6048 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:53:30.0341 6048 AsyncMac - ok
21:53:30.0378 6048 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:53:30.0380 6048 atapi - ok
21:53:30.0473 6048 athr (0437199c88f6e88a387cfec8a8886a6e) C:\Windows\system32\DRIVERS\athr.sys
21:53:30.0504 6048 athr - ok
21:53:30.0539 6048 ATSWPDRV (4c42e4697f3a4ea0cd73a85116d7af7f) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
21:53:30.0550 6048 ATSWPDRV - ok
21:53:30.0606 6048 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:53:30.0624 6048 AudioEndpointBuilder - ok
21:53:30.0634 6048 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:53:30.0640 6048 Audiosrv - ok
21:53:30.0725 6048 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:53:30.0728 6048 avast! Antivirus - ok
21:53:30.0768 6048 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:53:30.0772 6048 Beep - ok
21:53:30.0827 6048 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:53:30.0848 6048 BFE - ok
21:53:30.0934 6048 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:53:30.0970 6048 BITS - ok
21:53:30.0978 6048 blbdrive - ok
21:53:31.0126 6048 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:53:31.0152 6048 Bonjour Service - ok
21:53:31.0183 6048 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:53:31.0188 6048 bowser - ok
21:53:31.0218 6048 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:53:31.0221 6048 BrFiltLo - ok
21:53:31.0234 6048 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:53:31.0237 6048 BrFiltUp - ok
21:53:31.0264 6048 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:53:31.0269 6048 Browser - ok
21:53:31.0291 6048 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:53:31.0295 6048 Brserid - ok
21:53:31.0310 6048 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:53:31.0314 6048 BrSerWdm - ok
21:53:31.0344 6048 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:53:31.0358 6048 BrUsbMdm - ok
21:53:31.0373 6048 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:53:31.0376 6048 BrUsbSer - ok
21:53:31.0408 6048 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
21:53:31.0411 6048 BthEnum - ok
21:53:31.0434 6048 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:53:31.0437 6048 BTHMODEM - ok
21:53:31.0482 6048 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
21:53:31.0490 6048 BthPan - ok
21:53:31.0646 6048 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
21:53:31.0677 6048 BTHPORT - ok
21:53:31.0729 6048 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
21:53:31.0732 6048 BthServ - ok
21:53:31.0763 6048 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
21:53:31.0779 6048 BTHUSB - ok
21:53:31.0827 6048 btwaudio (27798380a88ffedb4a99ea805fcfd20e) C:\Windows\system32\drivers\btwaudio.sys
21:53:31.0833 6048 btwaudio - ok
21:53:31.0851 6048 btwavdt (751cbe2edc33c58a6278e2ebbc7d964a) C:\Windows\system32\drivers\btwavdt.sys
21:53:31.0857 6048 btwavdt - ok
21:53:31.0927 6048 btwrchid (01ce69ab974bba289755ae8c87f4079c) C:\Windows\system32\DRIVERS\btwrchid.sys
21:53:31.0932 6048 btwrchid - ok
21:53:32.0039 6048 catchme - ok
21:53:32.0086 6048 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:53:32.0090 6048 cdfs - ok
21:53:32.0127 6048 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:53:32.0139 6048 cdrom - ok
21:53:32.0170 6048 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:53:32.0173 6048 CertPropSvc - ok
21:53:32.0205 6048 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:53:32.0210 6048 circlass - ok
21:53:32.0274 6048 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:53:32.0297 6048 CLFS - ok
21:53:32.0360 6048 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:53:32.0368 6048 clr_optimization_v2.0.50727_32 - ok
21:53:32.0483 6048 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:53:32.0529 6048 clr_optimization_v4.0.30319_32 - ok
21:53:32.0563 6048 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
21:53:32.0566 6048 CmBatt - ok
21:53:32.0596 6048 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:53:32.0599 6048 cmdide - ok
21:53:32.0619 6048 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
21:53:32.0637 6048 Compbatt - ok
21:53:32.0644 6048 COMSysApp - ok
21:53:32.0661 6048 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:53:32.0665 6048 crcdisk - ok
21:53:32.0687 6048 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:53:32.0691 6048 Crusoe - ok
21:53:32.0743 6048 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
21:53:32.0752 6048 CryptSvc - ok
21:53:32.0826 6048 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
21:53:32.0846 6048 CSC - ok
21:53:32.0916 6048 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
21:53:32.0954 6048 CscService - ok
21:53:33.0047 6048 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:53:33.0077 6048 DcomLaunch - ok
21:53:33.0134 6048 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:53:33.0139 6048 DfsC - ok
21:53:33.0297 6048 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:53:33.0472 6048 DFSR - ok
21:53:33.0613 6048 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:53:33.0631 6048 Dhcp - ok
21:53:33.0697 6048 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:53:33.0716 6048 disk - ok
21:53:33.0771 6048 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:53:33.0784 6048 Dnscache - ok
21:53:33.0834 6048 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:53:33.0849 6048 dot3svc - ok
21:53:33.0888 6048 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:53:33.0900 6048 DPS - ok
21:53:33.0939 6048 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:53:33.0950 6048 drmkaud - ok
21:53:34.0034 6048 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:53:34.0073 6048 DXGKrnl - ok
21:53:34.0135 6048 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:53:34.0149 6048 e1express - ok
21:53:34.0187 6048 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:53:34.0197 6048 E1G60 - ok
21:53:34.0253 6048 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:53:34.0264 6048 EapHost - ok
21:53:34.0314 6048 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:53:34.0332 6048 Ecache - ok
21:53:34.0374 6048 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:53:34.0391 6048 elxstor - ok
21:53:34.0467 6048 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:53:34.0496 6048 EMDMgmt - ok
21:53:34.0564 6048 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:53:34.0583 6048 EventSystem - ok
21:53:34.0745 6048 EvtEng (33abddb21de2f4bb1b05a5a3a671bd64) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:53:34.0780 6048 EvtEng - ok
21:53:34.0865 6048 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:53:34.0874 6048 exfat - ok
21:53:34.0898 6048 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:53:34.0909 6048 fastfat - ok
21:53:35.0000 6048 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
21:53:35.0029 6048 Fax - ok
21:53:35.0062 6048 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:53:35.0065 6048 fdc - ok
21:53:35.0096 6048 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:53:35.0102 6048 fdPHost - ok
21:53:35.0124 6048 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:53:35.0136 6048 FDResPub - ok
21:53:35.0176 6048 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:53:35.0181 6048 FileInfo - ok
21:53:35.0216 6048 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:53:35.0220 6048 Filetrace - ok
21:53:35.0251 6048 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:53:35.0254 6048 flpydisk - ok
21:53:35.0301 6048 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:53:35.0317 6048 FltMgr - ok
21:53:35.0399 6048 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:53:35.0436 6048 FontCache - ok
21:53:35.0495 6048 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:53:35.0501 6048 FontCache3.0.0.0 - ok
21:53:35.0541 6048 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:53:35.0545 6048 Fs_Rec - ok
21:53:35.0574 6048 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:53:35.0578 6048 gagp30kx - ok
21:53:35.0611 6048 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:53:35.0614 6048 GEARAspiWDM - ok
21:53:35.0691 6048 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:53:35.0715 6048 gpsvc - ok
21:53:35.0765 6048 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:53:35.0780 6048 HdAudAddService - ok
21:53:35.0851 6048 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:53:35.0873 6048 HDAudBus - ok
21:53:35.0903 6048 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:53:35.0906 6048 HidBth - ok
21:53:35.0922 6048 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:53:35.0926 6048 HidIr - ok
21:53:35.0955 6048 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:53:35.0961 6048 hidserv - ok
21:53:35.0984 6048 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
21:53:35.0988 6048 HidUsb - ok
21:53:36.0014 6048 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:53:36.0024 6048 hkmsvc - ok
21:53:36.0045 6048 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:53:36.0049 6048 HpCISSs - ok
21:53:36.0118 6048 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
21:53:36.0153 6048 HTTP - ok
21:53:36.0174 6048 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:53:36.0177 6048 i2omp - ok
21:53:36.0219 6048 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:53:36.0224 6048 i8042prt - ok
21:53:36.0339 6048 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
21:53:36.0406 6048 ialm - ok
21:53:36.0550 6048 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:53:36.0565 6048 iaStorV - ok
21:53:36.0669 6048 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:53:36.0702 6048 idsvc - ok
21:53:36.0723 6048 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:53:36.0727 6048 iirsp - ok
21:53:36.0786 6048 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:53:36.0809 6048 IKEEXT - ok
21:53:36.0958 6048 IntcAzAudAddService (89a57c23e9abcd37321457bd51d48a63) C:\Windows\system32\drivers\RTKVHDA.sys
21:53:37.0022 6048 IntcAzAudAddService - ok
21:53:37.0168 6048 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:53:37.0171 6048 intelide - ok
21:53:37.0199 6048 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:53:37.0203 6048 intelppm - ok
21:53:37.0239 6048 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:53:37.0247 6048 IPBusEnum - ok
21:53:37.0287 6048 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:53:37.0292 6048 IpFilterDriver - ok
21:53:37.0340 6048 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:53:37.0359 6048 iphlpsvc - ok
21:53:37.0371 6048 IpInIp - ok
21:53:37.0407 6048 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:53:37.0413 6048 IPMIDRV - ok
21:53:37.0449 6048 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:53:37.0462 6048 IPNAT - ok
21:53:37.0591 6048 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
21:53:37.0628 6048 iPod Service - ok
21:53:37.0664 6048 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:53:37.0667 6048 IRENUM - ok
21:53:37.0715 6048 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:53:37.0721 6048 isapnp - ok
21:53:37.0779 6048 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:53:37.0796 6048 iScsiPrt - ok
21:53:37.0830 6048 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:53:37.0833 6048 iteatapi - ok
21:53:37.0850 6048 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:53:37.0855 6048 iteraid - ok
21:53:37.0898 6048 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:53:37.0904 6048 kbdclass - ok
21:53:37.0930 6048 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
21:53:37.0934 6048 kbdhid - ok
21:53:37.0971 6048 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:53:37.0978 6048 KeyIso - ok
21:53:38.0016 6048 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
21:53:38.0021 6048 KMDFMEMIO - ok
21:53:38.0113 6048 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
21:53:38.0137 6048 KSecDD - ok
21:53:38.0197 6048 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:53:38.0224 6048 KtmRm - ok
21:53:38.0273 6048 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:53:38.0291 6048 LanmanServer - ok
21:53:38.0357 6048 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:53:38.0379 6048 LanmanWorkstation - ok
21:53:38.0419 6048 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:53:38.0423 6048 lltdio - ok
21:53:38.0516 6048 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:53:38.0588 6048 lltdsvc - ok
21:53:38.0644 6048 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:53:38.0651 6048 lmhosts - ok
21:53:38.0694 6048 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:53:38.0698 6048 LSI_FC - ok
21:53:38.0717 6048 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:53:38.0724 6048 LSI_SAS - ok
21:53:38.0743 6048 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:53:38.0747 6048 LSI_SCSI - ok
21:53:38.0786 6048 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:53:38.0798 6048 luafv - ok
21:53:38.0989 6048 LVcKap (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
21:53:39.0061 6048 LVcKap - ok
21:53:39.0141 6048 LVCOMSer (14e4cc4d46169759d874f57604ea6be5) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
21:53:39.0150 6048 LVCOMSer - ok
21:53:39.0606 6048 LVMVDrv (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys
21:53:39.0682 6048 LVMVDrv - ok
21:53:39.0948 6048 lvpopflt (92990b040b68632cc3f80a742d163937) C:\Windows\system32\DRIVERS\lvpopflt.sys
21:53:40.0012 6048 lvpopflt - ok
21:53:40.0127 6048 LVPr2Mon (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:53:40.0132 6048 LVPr2Mon - ok
21:53:40.0245 6048 LVPrcSrv (b2d04e813ba12ab179daf0b9fdecba3d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
21:53:40.0271 6048 LVPrcSrv - ok
21:53:40.0302 6048 lvselsus (1bf172d36ea236206db7e04822610bd1) C:\Windows\system32\DRIVERS\lvselsus.sys
21:53:40.0309 6048 lvselsus - ok
21:53:40.0333 6048 LVSrvLauncher (a7a2ef5000007ca361da1e2b99df8c57) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
21:53:40.0343 6048 LVSrvLauncher - ok
21:53:40.0376 6048 LVUSBSta (caef4c05ba2c1acad4ebcaa4261cd55d) C:\Windows\system32\drivers\LVUSBSta.sys
21:53:40.0380 6048 LVUSBSta - ok
21:53:40.0649 6048 LVUVC (b0dfee7da5e6d04762e25e355d94d8b5) C:\Windows\system32\DRIVERS\lvuvc.sys
21:53:40.0809 6048 LVUVC - ok
21:53:40.0969 6048 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
21:53:40.0975 6048 MBAMProtector - ok
21:53:41.0104 6048 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:53:41.0144 6048 MBAMService - ok
21:53:41.0174 6048 mcdbus - ok
21:53:41.0222 6048 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:53:41.0226 6048 megasas - ok
21:53:41.0313 6048 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:53:41.0319 6048 Microsoft Office Groove Audit Service - ok
21:53:41.0369 6048 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:53:41.0377 6048 MMCSS - ok
21:53:41.0414 6048 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:53:41.0420 6048 Modem - ok
21:53:41.0458 6048 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:53:41.0462 6048 monitor - ok
21:53:41.0509 6048 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:53:41.0513 6048 mouclass - ok
21:53:41.0543 6048 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\DRIVERS\mouhid.sys
21:53:41.0547 6048 mouhid - ok
21:53:41.0587 6048 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:53:41.0592 6048 MountMgr - ok
21:53:41.0624 6048 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:53:41.0629 6048 mpio - ok
21:53:41.0669 6048 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:53:41.0674 6048 mpsdrv - ok
21:53:41.0743 6048 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:53:41.0776 6048 MpsSvc - ok
21:53:41.0799 6048 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:53:41.0803 6048 Mraid35x - ok
21:53:41.0852 6048 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:53:41.0864 6048 MRxDAV - ok
21:53:41.0922 6048 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:53:41.0935 6048 mrxsmb - ok
21:53:41.0981 6048 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:53:41.0995 6048 mrxsmb10 - ok
21:53:42.0016 6048 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:53:42.0021 6048 mrxsmb20 - ok
21:53:42.0062 6048 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:53:42.0066 6048 msahci - ok
21:53:42.0097 6048 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:53:42.0103 6048 msdsm - ok
21:53:42.0153 6048 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:53:42.0174 6048 MSDTC - ok
21:53:42.0220 6048 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:53:42.0224 6048 Msfs - ok
21:53:42.0246 6048 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:53:42.0250 6048 msisadrv - ok
21:53:42.0285 6048 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:53:42.0296 6048 MSiSCSI - ok
21:53:42.0305 6048 msiserver - ok
21:53:42.0349 6048 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:53:42.0353 6048 MSKSSRV - ok
21:53:42.0375 6048 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:53:42.0380 6048 MSPCLOCK - ok
21:53:42.0395 6048 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:53:42.0400 6048 MSPQM - ok
21:53:42.0441 6048 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:53:42.0457 6048 MsRPC - ok
21:53:42.0499 6048 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:53:42.0503 6048 mssmbios - ok
21:53:42.0522 6048 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:53:42.0526 6048 MSTEE - ok
21:53:42.0545 6048 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:53:42.0549 6048 Mup - ok
21:53:42.0615 6048 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:53:42.0637 6048 napagent - ok
21:53:42.0674 6048 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:53:42.0701 6048 NativeWifiP - ok
21:53:42.0765 6048 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:53:42.0787 6048 NDIS - ok
21:53:42.0830 6048 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:53:42.0834 6048 NdisTapi - ok
21:53:42.0878 6048 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:53:42.0882 6048 Ndisuio - ok
21:53:42.0946 6048 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:53:42.0957 6048 NdisWan - ok
21:53:43.0002 6048 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:53:43.0008 6048 NDProxy - ok
21:53:43.0052 6048 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:53:43.0058 6048 NetBIOS - ok
21:53:43.0107 6048 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:53:43.0123 6048 netbt - ok
21:53:43.0161 6048 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:53:43.0168 6048 Netlogon - ok
21:53:43.0223 6048 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:53:43.0246 6048 Netman - ok
21:53:43.0293 6048 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:53:43.0316 6048 netprofm - ok
21:53:43.0388 6048 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:53:43.0397 6048 NetTcpPortSharing - ok
21:53:43.0584 6048 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys
21:53:43.0665 6048 NETw4v32 - ok
21:53:44.0257 6048 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
21:53:44.0506 6048 NETwLv32 - ok
21:53:44.0679 6048 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:53:44.0684 6048 nfrd960 - ok
21:53:44.0725 6048 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:53:44.0743 6048 NlaSvc - ok
21:53:44.0794 6048 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:53:44.0798 6048 Npfs - ok
21:53:44.0826 6048 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:53:44.0842 6048 nsi - ok
21:53:44.0854 6048 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:53:44.0858 6048 nsiproxy - ok
21:53:44.0965 6048 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:53:45.0012 6048 Ntfs - ok
21:53:45.0054 6048 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:53:45.0059 6048 ntrigdigi - ok
21:53:45.0102 6048 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:53:45.0107 6048 Null - ok
21:53:45.0649 6048 nvlddmkm (e3e9e8cce32ff51c3928f71a0d4dad81) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:53:45.0897 6048 nvlddmkm - ok
21:53:46.0065 6048 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:53:46.0078 6048 nvraid - ok
21:53:46.0097 6048 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:53:46.0104 6048 nvstor - ok
21:53:46.0147 6048 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:53:46.0159 6048 nv_agp - ok
21:53:46.0170 6048 NwlnkFlt - ok
21:53:46.0182 6048 NwlnkFwd - ok
21:53:46.0338 6048 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:53:46.0359 6048 odserv - ok
21:53:46.0400 6048 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
21:53:46.0405 6048 ohci1394 - ok
21:53:46.0456 6048 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:53:46.0464 6048 ose - ok
21:53:46.0543 6048 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:53:46.0577 6048 p2pimsvc - ok
21:53:46.0594 6048 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:53:46.0616 6048 p2psvc - ok
21:53:46.0650 6048 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:53:46.0655 6048 Parport - ok
21:53:46.0687 6048 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:53:46.0692 6048 partmgr - ok
21:53:46.0711 6048 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:53:46.0716 6048 Parvdm - ok
21:53:46.0749 6048 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:53:46.0763 6048 PcaSvc - ok
21:53:46.0796 6048 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:53:46.0814 6048 pci - ok
21:53:46.0843 6048 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
21:53:46.0846 6048 pciide - ok
21:53:46.0894 6048 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
21:53:46.0910 6048 pcmcia - ok
21:53:46.0986 6048 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:53:47.0019 6048 PEAUTH - ok
21:53:47.0196 6048 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:53:47.0258 6048 pla - ok
21:53:47.0407 6048 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:53:47.0431 6048 PlugPlay - ok
21:53:47.0509 6048 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:53:47.0527 6048 PNRPAutoReg - ok
21:53:47.0562 6048 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:53:47.0582 6048 PNRPsvc - ok
21:53:47.0650 6048 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:53:47.0670 6048 PolicyAgent - ok
21:53:47.0737 6048 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:53:47.0742 6048 PptpMiniport - ok
21:53:47.0775 6048 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:53:47.0779 6048 Processor - ok
21:53:47.0824 6048 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:53:47.0842 6048 ProfSvc - ok
21:53:47.0902 6048 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:53:47.0909 6048 ProtectedStorage - ok
21:53:47.0954 6048 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:53:47.0958 6048 PSched - ok
21:53:48.0044 6048 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:53:48.0097 6048 ql2300 - ok
21:53:48.0134 6048 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:53:48.0145 6048 ql40xx - ok
21:53:48.0208 6048 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:53:48.0233 6048 QWAVE - ok
21:53:48.0296 6048 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:53:48.0301 6048 QWAVEdrv - ok
21:53:48.0480 6048 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:53:48.0550 6048 R300 - ok
21:53:48.0699 6048 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:53:48.0702 6048 RasAcd - ok
21:53:48.0766 6048 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:53:48.0785 6048 RasAuto - ok
21:53:48.0849 6048 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:53:48.0862 6048 Rasl2tp - ok
21:53:48.0906 6048 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:53:48.0928 6048 RasMan - ok
21:53:48.0958 6048 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:53:48.0964 6048 RasPppoe - ok
21:53:49.0002 6048 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:53:49.0010 6048 RasSstp - ok
21:53:49.0056 6048 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:53:49.0096 6048 rdbss - ok
21:53:49.0126 6048 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:53:49.0130 6048 RDPCDD - ok
21:53:49.0179 6048 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
21:53:49.0193 6048 rdpdr - ok
21:53:49.0216 6048 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:53:49.0219 6048 RDPENCDD - ok
21:53:49.0280 6048 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
21:53:49.0294 6048 RDPWD - ok
21:53:49.0597 6048 RegSrvc (03d281098ce722210c48e1e8cafea260) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:53:49.0616 6048 RegSrvc - ok
21:53:49.0696 6048 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:53:49.0706 6048 RemoteAccess - ok
21:53:49.0747 6048 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:53:49.0764 6048 RemoteRegistry - ok
21:53:49.0804 6048 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
21:53:49.0814 6048 RFCOMM - ok
21:53:49.0843 6048 rimmptsk (b39f1bd472e4992382875baf0b645c6d) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:53:49.0849 6048 rimmptsk - ok
21:53:49.0864 6048 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:53:49.0870 6048 rimsptsk - ok
21:53:49.0885 6048 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:53:49.0889 6048 rismxdp - ok
21:53:49.0934 6048 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:53:49.0946 6048 RpcLocator - ok
21:53:50.0021 6048 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:53:50.0040 6048 RpcSs - ok
21:53:50.0080 6048 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:53:50.0084 6048 rspndr - ok
21:53:50.0131 6048 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:53:50.0138 6048 SamSs - ok
21:53:50.0224 6048 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:53:50.0233 6048 sbp2port - ok
21:53:50.0268 6048 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:53:50.0290 6048 SCardSvr - ok
21:53:50.0366 6048 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:53:50.0401 6048 Schedule - ok
21:53:50.0435 6048 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:53:50.0438 6048 SCPolicySvc - ok
21:53:50.0484 6048 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
21:53:50.0497 6048 sdbus - ok
21:53:50.0541 6048 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:53:50.0565 6048 SDRSVC - ok
21:53:50.0609 6048 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:53:50.0612 6048 secdrv - ok
21:53:50.0645 6048 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:53:50.0661 6048 seclogon - ok
21:53:50.0682 6048 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:53:50.0695 6048 SENS - ok
21:53:50.0727 6048 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
21:53:50.0730 6048 Serenum - ok
21:53:50.0766 6048 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
21:53:50.0778 6048 Serial - ok
21:53:50.0853 6048 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:53:50.0857 6048 sermouse - ok
21:53:50.0910 6048 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:53:50.0933 6048 SessionEnv - ok
21:53:50.0964 6048 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
21:53:50.0972 6048 sffdisk - ok
21:53:50.0989 6048 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:53:50.0999 6048 sffp_mmc - ok
21:53:51.0013 6048 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
21:53:51.0017 6048 sffp_sd - ok
21:53:51.0073 6048 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:53:51.0077 6048 sfloppy - ok
21:53:51.0125 6048 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:53:51.0162 6048 SharedAccess - ok
21:53:51.0539 6048 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:53:51.0579 6048 ShellHWDetection - ok
21:53:51.0714 6048 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:53:51.0746 6048 sisagp - ok
21:53:51.0838 6048 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:53:51.0863 6048 SiSRaid2 - ok
21:53:52.0085 6048 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:53:52.0107 6048 SiSRaid4 - ok
21:53:52.0636 6048 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:53:52.0720 6048 SkypeUpdate - ok
21:53:56.0163 6048 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:53:56.0319 6048 slsvc - ok
21:53:56.0467 6048 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:53:56.0482 6048 SLUINotify - ok
21:53:56.0531 6048 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:53:56.0536 6048 Smb - ok
21:53:56.0579 6048 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:53:56.0595 6048 SNMPTRAP - ok
21:53:56.0647 6048 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:53:56.0652 6048 spldr - ok
21:53:56.0703 6048 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:53:56.0723 6048 Spooler - ok
21:53:56.0780 6048 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:53:56.0801 6048 srv - ok
21:53:56.0837 6048 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:53:56.0849 6048 srv2 - ok
21:53:56.0877 6048 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:53:56.0888 6048 srvnet - ok
21:53:56.0947 6048 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:53:56.0968 6048 SSDPSRV - ok
21:53:57.0030 6048 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:53:57.0067 6048 SstpSvc - ok
21:53:57.0136 6048 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:53:57.0168 6048 stisvc - ok
21:53:57.0228 6048 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:53:57.0232 6048 swenum - ok
21:53:57.0287 6048 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:53:57.0317 6048 swprv - ok
21:53:57.0353 6048 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:53:57.0359 6048 Symc8xx - ok
21:53:57.0405 6048 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:53:57.0410 6048 Sym_hi - ok
21:53:57.0443 6048 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:53:57.0448 6048 Sym_u3 - ok
21:53:57.0510 6048 SynTP (094b872d466c6cc60cbdf12ec6faefaf) C:\Windows\system32\DRIVERS\SynTP.sys
21:53:57.0529 6048 SynTP - ok
21:53:57.0628 6048 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:53:57.0668 6048 SysMain - ok
21:53:57.0720 6048 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:53:57.0742 6048 TabletInputService - ok
21:53:57.0790 6048 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:53:57.0813 6048 TapiSrv - ok
21:53:57.0845 6048 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:53:57.0868 6048 TBS - ok
21:53:57.0992 6048 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
21:53:58.0036 6048 Tcpip - ok
21:53:58.0083 6048 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
21:53:58.0099 6048 Tcpip6 - ok
21:53:58.0149 6048 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:53:58.0154 6048 tcpipreg - ok
21:53:58.0191 6048 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:53:58.0196 6048 TDPIPE - ok
21:53:58.0218 6048 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:53:58.0222 6048 TDTCP - ok
21:53:58.0261 6048 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:53:58.0266 6048 tdx - ok
21:53:58.0304 6048 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:53:58.0310 6048 TermDD - ok
21:53:58.0375 6048 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:53:58.0408 6048 TermService - ok
21:53:58.0475 6048 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:53:58.0489 6048 Themes - ok
21:53:58.0526 6048 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:53:58.0541 6048 THREADORDER - ok
21:53:58.0594 6048 ToolkitDisk (4ca1ec796519c3f35e69ba19fec272df) C:\Windows\system32\Drivers\toolkitdisk.sys
21:53:58.0599 6048 ToolkitDisk - ok
21:53:58.0722 6048 ToolkitSvc (df56f0cb28886452a998bd6c6280c788) C:\Program Files\ToolKitService\ToolkitService.exe
21:53:58.0746 6048 ToolkitSvc - ok
21:53:58.0804 6048 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
21:53:58.0808 6048 TPM - ok
21:53:58.0840 6048 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:53:58.0862 6048 TrkWks - ok
21:53:58.0913 6048 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:53:58.0919 6048 TrustedInstaller - ok
21:53:58.0945 6048 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:58.0949 6048 tssecsrv - ok
21:53:58.0993 6048 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:53:59.0001 6048 tunmp - ok
21:53:59.0015 6048 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:53:59.0027 6048 tunnel - ok
21:53:59.0064 6048 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:53:59.0070 6048 uagp35 - ok
21:53:59.0141 6048 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:53:59.0152 6048 udfs - ok
21:53:59.0203 6048 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:53:59.0219 6048 UI0Detect - ok
21:53:59.0243 6048 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:53:59.0254 6048 uliagpkx - ok
21:53:59.0289 6048 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:53:59.0304 6048 uliahci - ok
21:53:59.0333 6048 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:53:59.0345 6048 UlSata - ok
21:53:59.0375 6048 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:53:59.0384 6048 ulsata2 - ok
21:53:59.0423 6048 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:53:59.0427 6048 umbus - ok
21:53:59.0487 6048 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
21:53:59.0511 6048 UmRdpService - ok
21:53:59.0588 6048 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:53:59.0611 6048 upnphost - ok
21:53:59.0660 6048 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:53:59.0666 6048 USBAAPL - ok
21:53:59.0714 6048 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
21:53:59.0726 6048 usbaudio - ok
21:53:59.0757 6048 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:53:59.0764 6048 usbccgp - ok
21:53:59.0801 6048 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:53:59.0807 6048 usbcir - ok
21:53:59.0869 6048 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:53:59.0873 6048 usbehci - ok
21:53:59.0935 6048 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:53:59.0951 6048 usbhub - ok
21:53:59.0982 6048 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
21:53:59.0986 6048 usbohci - ok
21:54:00.0030 6048 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:54:00.0047 6048 usbprint - ok
21:54:00.0091 6048 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:54:00.0096 6048 usbscan - ok
21:54:00.0155 6048 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:54:00.0167 6048 USBSTOR - ok
21:54:00.0209 6048 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:54:00.0214 6048 usbuhci - ok
21:54:00.0275 6048 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:54:00.0285 6048 usbvideo - ok
21:54:00.0337 6048 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:54:00.0352 6048 UxSms - ok
21:54:00.0409 6048 VBoxNetAdp (bf69f5c6ecaf24ca5ff0d9394baad7b9) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:54:00.0420 6048 VBoxNetAdp - ok
21:54:00.0431 6048 VBoxNetFlt - ok
21:54:00.0493 6048 VBoxUSB (39360829ec583282e511038ed05c4890) C:\Windows\system32\Drivers\VBoxUSB.sys
21:54:00.0505 6048 VBoxUSB - ok
21:54:00.0572 6048 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:54:00.0604 6048 vds - ok
21:54:00.0636 6048 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:54:00.0641 6048 vga - ok
21:54:00.0676 6048 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:54:00.0680 6048 VgaSave - ok
21:54:00.0703 6048 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:54:00.0708 6048 viaagp - ok
21:54:00.0732 6048 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:54:00.0738 6048 ViaC7 - ok
21:54:00.0756 6048 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:54:00.0760 6048 viaide - ok
21:54:00.0804 6048 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:54:00.0809 6048 volmgr - ok
21:54:00.0858 6048 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:54:00.0881 6048 volmgrx - ok
21:54:00.0933 6048 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:54:00.0948 6048 volsnap - ok
21:54:00.0993 6048 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:54:01.0005 6048 vsmraid - ok
21:54:01.0141 6048 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:54:01.0200 6048 VSS - ok
21:54:01.0265 6048 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:54:01.0288 6048 W32Time - ok
21:54:01.0347 6048 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:54:01.0351 6048 WacomPen - ok
21:54:01.0396 6048 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:01.0400 6048 Wanarp - ok
21:54:01.0407 6048 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:01.0412 6048 Wanarpv6 - ok
21:54:01.0511 6048 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
21:54:01.0558 6048 wbengine - ok
21:54:01.0613 6048 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:54:01.0644 6048 wcncsvc - ok
21:54:01.0692 6048 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:54:01.0717 6048 WcsPlugInService - ok
21:54:01.0764 6048 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:54:01.0769 6048 Wd - ok
21:54:01.0837 6048 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:54:01.0860 6048 Wdf01000 - ok
21:54:01.0896 6048 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:54:01.0918 6048 WdiServiceHost - ok
21:54:01.0926 6048 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:54:01.0941 6048 WdiSystemHost - ok
21:54:01.0995 6048 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:54:02.0017 6048 WebClient - ok
21:54:02.0078 6048 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:54:02.0147 6048 Wecsvc - ok
21:54:02.0186 6048 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:54:02.0208 6048 wercplsupport - ok
21:54:02.0254 6048 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:54:02.0275 6048 WerSvc - ok
21:54:02.0401 6048 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:54:02.0414 6048 WinDefend - ok
21:54:02.0428 6048 WinHttpAutoProxySvc - ok
21:54:02.0520 6048 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:54:02.0539 6048 Winmgmt - ok
21:54:02.0654 6048 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:54:02.0742 6048 WinRM - ok
21:54:02.0843 6048 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:54:02.0881 6048 Wlansvc - ok
21:54:02.0956 6048 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:54:02.0960 6048 WmiAcpi - ok
21:54:03.0046 6048 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:54:03.0056 6048 wmiApSrv - ok
21:54:03.0211 6048 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:54:03.0256 6048 WMPNetworkSvc - ok
21:54:03.0301 6048 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:54:03.0322 6048 WPDBusEnum - ok
21:54:03.0382 6048 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:54:03.0388 6048 WpdUsb - ok
21:54:03.0566 6048 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:54:03.0595 6048 WPFFontCache_v0400 - ok
21:54:03.0633 6048 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:54:03.0637 6048 ws2ifsl - ok
21:54:03.0671 6048 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:54:03.0694 6048 wscsvc - ok
21:54:03.0705 6048 WSearch - ok
21:54:03.0888 6048 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:54:03.0966 6048 wuauserv - ok
21:54:04.0166 6048 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:54:04.0204 6048 WUDFRd - ok
21:54:04.0421 6048 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:54:04.0445 6048 wudfsvc - ok
21:54:04.0611 6048 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:54:04.0637 6048 YahooAUService - ok
21:54:04.0684 6048 yukonwlh (69222091b6285906aff82e43681cf826) C:\Windows\system32\DRIVERS\yk60x86.sys
21:54:04.0701 6048 yukonwlh - ok
21:54:04.0817 6048 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:54:05.0070 6048 \Device\Harddisk0\DR0 - ok
21:54:05.0079 6048 Boot (0x1200) (905157d12d13ab8479ffe559f8f84b27) \Device\Harddisk0\DR0\Partition0
21:54:05.0083 6048 \Device\Harddisk0\DR0\Partition0 - ok
21:54:05.0083 6048 ============================================================
21:54:05.0083 6048 Scan finished
21:54:05.0083 6048 ============================================================
21:54:05.0105 1532 Detected object count: 0
21:54:05.0105 1532 Actual detected object count: 0

aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 21:56:29
-----------------------------
21:56:29.493 OS Version: Windows 6.0.6002 Service Pack 2
21:56:29.493 Number of processors: 2 586 0xF0B
21:56:29.499 ComputerName: SUPERTECH-PC UserName:
21:57:13.831 Initialize success
21:57:15.437 AVAST engine defs: 12071601
21:57:34.731 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:57:34.740 Disk 0 Vendor: ST9120823AS 3.AAB Size: 114473MB BusType: 3
21:57:34.770 Disk 0 MBR read successfully
21:57:34.778 Disk 0 MBR scan
21:57:34.788 Disk 0 Windows VISTA default MBR code
21:57:34.801 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 114469 MB offset 2048
21:57:34.860 Disk 0 scanning sectors +234436545
21:57:34.982 Disk 0 scanning C:\Windows\system32\drivers
21:57:53.310 Service scanning
21:58:33.530 Modules scanning
21:59:06.433 Disk 0 trace - called modules:
21:59:06.476 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
21:59:06.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8590d0f8]
21:59:06.847 3 CLASSPNP.SYS[877a58b3] -> nt!IofCallDriver -> [0x85770918]
21:59:06.870 5 acpi.sys[836926bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x856ec5e0]
21:59:07.520 AVAST engine scan C:\Windows
21:59:11.372 AVAST engine scan C:\Windows\system32
22:02:37.365 AVAST engine scan C:\Windows\system32\drivers
22:03:06.959 AVAST engine scan C:\Users\Administrator
22:08:02.898 AVAST engine scan C:\ProgramData
22:10:01.817 Scan finished successfully
22:17:47.568 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Downloads\Bleeping Computer\MBR.dat"
22:17:47.624 The log file has been saved successfully to "C:\Users\Administrator\Downloads\Bleeping Computer\aswMBR.txt"

Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:25 AM

Posted 16 July 2012 - 10:55 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Conduit
c:\users\Administrator\AppData\Local\Conduit
c:\program files\BitTorrentBar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dave4mtexas

dave4mtexas
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 July 2012 - 07:06 PM

Gringo,

Thanks for your help. I am still getting the first Google result redirected to another website.

Here is the combo fix log


ComboFix 12-07-16.01 - Administrator 07/17/2012 18:20:16.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.1022.329 [GMT -5:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Downloads\Bleeping Computer\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BitTorrentBar
c:\program files\BitTorrentBar\GottenAppsContextMenu.xml
c:\program files\BitTorrentBar\OtherAppsContextMenu.xml
c:\program files\BitTorrentBar\SharedAppsContextMenu.xml
c:\program files\BitTorrentBar\ToolbarContextMenu.xml
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\users\Administrator\AppData\Local\Conduit
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 23:36 . 2012-07-17 23:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-17 23:36 . 2012-07-17 23:36 -------- d-----w- c:\users\Super Tech\AppData\Local\temp
2012-07-17 23:36 . 2012-07-17 23:36 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-17 23:36 . 2012-07-17 23:36 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-17 23:36 . 2012-07-17 23:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 08:15 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:59 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 11:59 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:59 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:58 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 11:58 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 11:58 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-07 15:29 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-07 15:29 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-07 15:27 . 2012-07-07 15:27 -------- d-----w- c:\program files\iPod
2012-07-07 15:27 . 2012-07-07 15:29 -------- d-----w- c:\program files\iTunes
2012-07-04 02:42 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-04 02:42 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-04 02:42 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-04 02:42 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-04 02:42 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-04 02:42 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-04 02:40 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-04 02:40 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 18:13 . 2012-07-03 18:13 -------- d-----w- c:\users\Administrator\AppData\Local\{BFA53FF5-C53A-11E1-8270-B8AC6F996F26}
2012-07-03 18:13 . 2012-07-03 18:13 -------- d-----w- c:\users\Administrator\AppData\Local\{BFA50D0A-C53A-11E1-8270-B8AC6F996F26}
2012-06-30 21:22 . 2012-07-04 02:32 -------- d-----w- c:\users\Administrator\AppData\Local\CRE
2012-06-30 21:21 . 2012-06-30 21:21 -------- d-----w- c:\users\Administrator\AppData\Local\Vid-Saver
2012-06-30 21:21 . 2012-06-30 21:22 -------- d-----w- c:\program files\Vid-Saver
2012-06-30 18:17 . 2012-07-11 18:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-30 16:27 . 2012-07-04 17:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-30 16:27 . 2012-06-30 16:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-23 01:29 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 01:29 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 01:29 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 01:29 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 01:28 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 01:28 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 01:28 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 01:28 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 01:28 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 02:50 . 2012-07-04 02:40 -------- d-----w- c:\programdata\AVAST Software
2012-06-21 02:50 . 2012-07-04 02:40 -------- d-----w- c:\program files\AVAST Software
2012-06-19 02:46 . 2012-06-19 02:46 -------- d-----w- c:\programdata\eToolKit
2012-06-18 14:16 . 2012-07-04 17:30 -------- d-----w- c:\program files\OApps
2012-06-18 14:07 . 2012-06-18 14:07 -------- d-----w- c:\programdata\CounterPath
2012-06-18 14:06 . 2012-06-18 14:06 -------- d-----w- c:\program files\CounterPath
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 18:02 . 2012-03-16 04:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2011-01-21 00:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 22:45 . 2012-06-12 22:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-06-12 22:45 . 2012-06-12 22:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-05-15 06:37 . 2012-06-14 02:25 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-14 02:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-14 02:25 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-14 02:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-14 02:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-14 02:25 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-14 02:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-14 02:25 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03 . 2012-06-14 02:25 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 17:11 . 2012-04-25 17:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-25 17:11 . 2012-04-25 17:11 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-04-23 16:00 . 2012-06-14 02:25 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-14 02:25 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-14 02:25 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D3B22A92-87A2-47b6-B3E6-A64877B5C242}"= "c:\program files\ToolKitService\toolbar_v2.dll" [2011-11-04 851600]
.
[HKEY_CLASSES_ROOT\clsid\{d3b22a92-87a2-47b6-b3e6-a64877b5c242}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}]
[HKEY_CLASSES_ROOT\ToolBand.ToolBandObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-04-02 400760]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 4399104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-06 839680]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-23 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-12 296056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24734228
*NewlyCreated* - ASWMBR
*Deregistered* - 24734228
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-30 18:02]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1787316924-336728849-1611007836-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 14:57]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1787316924-336728849-1611007836-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-12 14:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-17 18:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,a3,f9,9f,6d,31,70,43,be,58,b7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,d4,1e,d4,8c,09,ed,40,b7,33,a4,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,6a,b3,6d,ed,db,9c,48,84,88,af,\
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.002\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="RealPlayer.3GPP_AMR.10"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\RealPlay.exe"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\RealPlay.exe"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-07-17 18:43:15
ComboFix-quarantined-files.txt 2012-07-17 23:43
ComboFix2.txt 2012-07-17 00:33
ComboFix3.txt 2012-06-30 18:57
ComboFix4.txt 2011-01-21 03:19
.
Pre-Run: 39,031,824,384 bytes free
Post-Run: 39,786,766,336 bytes free
.
- - End Of File - - 214BDDC8B697BB52D2F82D99AA1F63E1

Thanks

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:25 AM

Posted 17 July 2012 - 08:34 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dave4mtexas

dave4mtexas
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 17 July 2012 - 09:56 PM

Here is the OTL.txt log


OTL logfile created on: 7/17/2012 9:19:37 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Administrator\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.62 Mb Total Physical Memory | 105.76 Mb Available Physical Memory | 10.35% Memory free
2.26 Gb Paging File | 0.67 Gb Available in Paging File | 29.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 37.69 Gb Free Space | 33.71% Space Free | Partition Type: NTFS

Computer Name: SUPERTECH-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\ToolKitService\toolkitservice.exe (ToolKit Development, Ltd.)
PRC - C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\Easy Button Manager\EasyBtnMgr.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll ()
MOD - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\Logitech\QuickCam\LAppRes.DLL ()
MOD - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll ()
MOD - C:\Program Files\Logitech\QuickCam\EFVal.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
MOD - C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll ()
MOD - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\WinMove.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\Easy Button Manager\HookDllPS2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ToolkitSvc) -- C:\Program Files\ToolKitService\toolkitservice.exe (ToolKit Development, Ltd.)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (ToolkitDisk) -- C:\Windows\System32\drivers\toolkitdisk.sys (Toolkit Development, Ltd.)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (VBoxUSB) -- C:\Windows\System32\drivers\VBoxUSB.sys (Oracle Corporation)
DRV - (NETwLv32) Intel® -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUVC) QuickCam for Notebooks Pro(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvselsus) -- C:\Windows\System32\drivers\lvselsus.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolsoftonic-chromesbox-en-us&tb_uuid=20120618140639699&tb_oid=18-06-2012&tb_mrud=18-06-2012
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{30750DD1-EADD-4cf1-A485-C736C96936AB}: "URL" = http://search.etoolkit.com/search?q={searchTerms}&id=0260eb94a125113182a57b3a2bd3aa4f1c8&s=p
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{32F656FA-DBCE-4A8D-87F5-EBA5A68DF9AE}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p={searchTerms}
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolsoftonic-chromesbox-en-us&tb_uuid=20120618140639699&tb_oid=18-06-2012&tb_mrud=18-06-2012
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{4DF1233F-668F-414A-A2F4-037535322ECC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648106&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=9C&apn_dtid=YYYYYYYYUS&apn_uid=1AFC7D86-9029-4844-A86A-808AE0FC8792&apn_sauid=795852A7-1897-4CB7-8DBD-D9FE44DAC788&
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111116&iesrc={referrer:source}
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{684EAA19-B256-4D79-8D1A-3EAD44A32407}: "URL" = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms}
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/03 19:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/03 19:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/03 21:41:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\toolkit@toolkitdevelopment.com: C:\Program Files\ToolKitService\ffext [2012/06/18 21:46:49 | 000,000,000 | ---D | M]

[2012/07/03 21:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions
[2012/06/30 16:21:54 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/07/03 21:32:19 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: etoolkit Dynamic Link Library (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaagjcfjefodfnlpnmopkkbpgclipnpn\1.1.6_0\CrazyOffers.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Administrator\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/17 18:36:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar_v2.dll (Toolkit Development, Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1787316924-336728849-1611007836-500..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1787316924-336728849-1611007836-500..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1787316924-336728849-1611007836-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1787316924-336728849-1611007836-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1787316924-336728849-1611007836-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C77C9AA5-C340-485F-B197-3A86E14C24D9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1D9B21E-C94A-4BA4-8381-3C0D483CE4FA}: DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/17 18:46:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/17 18:43:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/07/17 18:41:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/17 18:16:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/12 03:15:08 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 06:58:15 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/07 10:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/07 10:29:27 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/07/07 10:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/07 10:27:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/03 21:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/03 21:42:17 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 21:42:16 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 21:42:11 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/03 21:42:10 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 21:42:05 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 21:42:03 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 21:40:59 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 21:40:57 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/03 13:13:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BFA53FF5-C53A-11E1-8270-B8AC6F996F26}
[2012/07/03 13:13:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\{BFA50D0A-C53A-11E1-8270-B8AC6F996F26}
[2012/06/30 16:22:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CRE
[2012/06/30 16:21:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Vid-Saver
[2012/06/30 16:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Vid-Saver
[2012/06/30 13:17:45 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/30 11:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/30 11:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/25 18:52:56 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/06/22 20:29:23 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 20:29:22 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 20:28:37 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 20:28:36 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 20:28:36 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 20:28:06 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 20:28:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/20 21:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/20 21:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/18 21:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\eToolKit
[2012/06/18 09:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/18 09:16:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/06/18 09:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\OApps
[2012/06/18 09:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CounterPath
[2012/06/18 09:06:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\X-Lite
[2012/06/18 09:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\CounterPath

========== Files - Modified Within 30 Days ==========

[2012/07/17 21:07:10 | 000,112,699 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\nvModes.001
[2012/07/17 21:04:45 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 21:04:44 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/17 21:04:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/17 21:04:26 | 1072,029,696 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 21:02:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/17 20:55:04 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1787316924-336728849-1611007836-500UA.job
[2012/07/17 18:55:54 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1787316924-336728849-1611007836-500Core.job
[2012/07/17 18:45:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/17 18:36:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/16 23:11:53 | 000,137,216 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/15 17:37:22 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/14 12:19:23 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/14 12:19:23 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/12 03:35:19 | 000,396,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/11 23:57:36 | 000,002,082 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2012/07/11 23:57:36 | 000,002,044 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/11 13:02:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/07/11 13:02:48 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/08 23:42:50 | 186,766,050 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/07 10:29:36 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/03 22:16:36 | 000,274,406 | ---- | M] () -- C:\Users\Administrator\AppData\Local\census.cache
[2012/07/03 22:15:58 | 000,195,831 | ---- | M] () -- C:\Users\Administrator\AppData\Local\ars.cache
[2012/07/03 21:55:57 | 000,000,036 | ---- | M] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2012/07/03 21:42:18 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/03 21:42:03 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 13:06:01 | 000,001,356 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/07/03 12:46:26 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 11:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/18 09:15:51 | 000,031,470 | ---- | M] () -- C:\Users\Administrator\AppData\Local\funmoods.crx

========== Files Created - No Company Name ==========

[2012/07/15 17:37:22 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 10:29:36 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/03 22:16:36 | 000,274,406 | ---- | C] () -- C:\Users\Administrator\AppData\Local\census.cache
[2012/07/03 22:15:58 | 000,195,831 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ars.cache
[2012/07/03 21:55:57 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2012/07/03 21:42:18 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/03 19:15:19 | 1072,029,696 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/03 12:39:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012/06/30 13:17:47 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/18 09:15:56 | 000,031,470 | ---- | C] () -- C:\Users\Administrator\AppData\Local\funmoods.crx
[2012/03/06 18:48:03 | 000,002,048 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\{31956a54-1145-a6cf-f270-53221cb74742}\@
[2011/12/04 21:38:22 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/02/07 22:21:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/04 23:50:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/04 23:50:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/02/04 23:48:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/01/20 21:53:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/20 21:53:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/20 21:53:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/20 21:53:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/20 21:53:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/20 19:40:22 | 000,001,356 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/01/09 04:49:42 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/01/08 18:59:55 | 000,137,216 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/07 22:48:48 | 000,112,699 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\nvModes.001
[2011/01/07 13:23:42 | 000,112,699 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\nvModes.dat
[2010/12/07 07:20:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:25 AM

Posted 18 July 2012 - 02:21 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
    IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{4DF1233F-668F-414A-A2F4-037535322ECC}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648106&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=9C&apn_dtid=YYYYYYYYUS&apn_uid=1AFC7D86-9029-4844-A86A-808AE0FC8792&apn_sauid=795852A7-1897-4CB7-8DBD-D9FE44DAC788&
    IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{684EAA19-B256-4D79-8D1A-3EAD44A32407}: "URL" = http://mp3tubetoolbarsearch.com/?tmp=nemo_results_removelink2&keywords={searchTerms}
    IE - HKU\S-1-5-21-1787316924-336728849-1611007836-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
    [2012/06/30 16:21:54 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2012/07/03 21:32:19 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
    [2012/06/18 09:15:51 | 000,031,470 | ---- | M] () -- C:\Users\Administrator\AppData\Local\funmoods.crx
    [2012/06/18 09:15:56 | 000,031,470 | ---- | C] () -- C:\Users\Administrator\AppData\Local\funmoods.crx
    [2012/03/06 18:48:03 | 000,002,048 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\{31956a54-1145-a6cf-f270-53221cb74742}\@
    :Files
    C:\Users\Administrator\AppData\Local\{31956a54-1145-a6cf-f270-53221cb74742}
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dave4mtexas

dave4mtexas
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 18 July 2012 - 06:22 PM

hi,

Here is the log from OTL. I am still getting redirected on the first google search results


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
C:\Windows\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Internet Explorer\SearchScopes\{4DF1233F-668F-414A-A2F4-037535322ECC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DF1233F-668F-414A-A2F4-037535322ECC}\ not found.
Registry key HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Internet Explorer\SearchScopes\{684EAA19-B256-4D79-8D1A-3EAD44A32407}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684EAA19-B256-4D79-8D1A-3EAD44A32407}\ not found.
Registry key HKEY_USERS\S-1-5-21-1787316924-336728849-1611007836-500\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\Plugins folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\modules folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\META-INF folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\lib folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults\preferences folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\defaults folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\skin folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\sl folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\lib folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\core folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa\404 folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\wa folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\menu folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gf folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ui folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\searchProtector folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\images folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\options folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js\resources folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\features folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\api folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\res folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\img folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac\css folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\ac folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al\aboutBox folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb\al folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content\tb folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785\content folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome\CT3198785 folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}\chrome folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef} folder moved successfully.
C:\Users\Administrator\AppData\Local\funmoods.crx moved successfully.
File C:\Users\Administrator\AppData\Local\funmoods.crx not found.
C:\Users\Administrator\AppData\Local\{31956a54-1145-a6cf-f270-53221cb74742}\@ moved successfully.
========== FILES ==========
C:\Users\Administrator\AppData\Local\{31956a54-1145-a6cf-f270-53221cb74742}\U folder moved successfully.
C:\Users\Administrator\AppData\Local\{31956a54-1145-a6cf-f270-53221cb74742}\L folder moved successfully.
C:\Users\Administrator\AppData\Local\{31956a54-1145-a6cf-f270-53221cb74742} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Guest

User: Public

User: Super Tech

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 546 bytes

User: All Users

User: Default

User: Default User

User: Guest

User: Public

User: Super Tech
->Flash cache emptied: 1179 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07182012_181529

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:25 AM

Posted 18 July 2012 - 09:10 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dave4mtexas

dave4mtexas
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 18 July 2012 - 10:06 PM

Hello Gringo,

I downloaded and saved the Farbar Recovery Scan Tool to a flash drive. But when i restart the system and under the advanced boot options, i only see the following things

Choose Advanced Options for: Microsoft Windows Vista
(Use the arrow keys to highlight your choice.)

Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt

Enable Boot Logging
Enable low-resolution video(640X480)
Last Known Good Configuration(advanced)
Directory services restore mode
Debugging mode
Disable automatic restart on system failure
Disable Driver signature enforcement

Start Windows Normally

My dvd drive is not working properly in order to use the windows installation disc

Thanks

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:25 AM

Posted 20 July 2012 - 11:23 PM

run it with Safe Mode with Command Prompt



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dave4mtexas

dave4mtexas
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:25 PM

Posted 22 July 2012 - 08:34 PM

Here is the log

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01
Ran by Administrator at 22-07-2012 19:58:05
Running from F:\
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-22 19:57 - 2012-07-22 19:58 - 00000000 ____D C:\FRST
2012-07-18 18:15 - 2012-07-18 18:15 - 00000000 ____D C:\_OTL
2012-07-17 21:56 - 2012-07-17 21:56 - 00041262 ____A C:\Users\Administrator\Downloads\Extras.Txt
2012-07-17 21:52 - 2012-07-17 21:52 - 00077364 ____A C:\Users\Administrator\Downloads\OTL.Txt
2012-07-17 21:18 - 2012-07-17 21:18 - 00596480 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe
2012-07-17 18:43 - 2012-07-17 18:43 - 00022862 ____A C:\ComboFix.txt
2012-07-17 18:16 - 2012-07-17 18:43 - 00000000 ____D C:\ComboFix
2012-07-16 21:55 - 2012-07-16 21:56 - 04731392 ____A (AVAST Software) C:\Users\Administrator\Downloads\aswMBR.exe
2012-07-16 21:52 - 2012-07-16 21:52 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2012-07-16 18:59 - 2012-07-16 18:59 - 04579127 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2012-07-16 18:49 - 2012-07-16 18:50 - 00881475 ____A C:\Users\Administrator\Downloads\SecurityCheck.exe
2012-07-15 17:37 - 2012-07-15 17:37 - 00000866 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-15 10:13 - 2012-07-17 21:57 - 00000000 ____D C:\Users\Administrator\Downloads\Bleeping Computer
2012-07-12 03:15 - 2012-06-13 08:40 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 07:00 - 2012-06-08 12:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 06:59 - 2012-06-05 11:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 06:59 - 2012-06-05 11:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 06:58 - 2012-06-04 10:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 06:58 - 2012-06-01 19:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 06:58 - 2012-06-01 19:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-08 23:43 - 2012-07-08 23:43 - 00140912 ____A C:\Windows\Minidump\Mini070812-01.dmp
2012-07-07 12:51 - 2012-07-07 12:51 - 00000000 ____D C:\Users\Administrator\Downloads\000-B1
2012-07-07 12:50 - 2012-07-07 12:50 - 00000000 ____D C:\Users\Administrator\Downloads\000-A1
2012-07-07 10:29 - 2012-07-07 10:29 - 00001624 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-07 10:29 - 2009-05-18 13:17 - 00026600 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-07-07 10:29 - 2008-04-17 12:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
2012-07-07 10:27 - 2012-07-07 10:29 - 00000000 ____D C:\Program Files\iTunes
2012-07-07 10:27 - 2012-07-07 10:27 - 00000000 ____D C:\Program Files\iPod
2012-07-03 22:16 - 2012-07-03 22:16 - 00274406 ____A C:\Users\Administrator\AppData\Local\census.cache
2012-07-03 22:15 - 2012-07-03 22:15 - 00195831 ____A C:\Users\Administrator\AppData\Local\ars.cache
2012-07-03 21:55 - 2012-07-03 21:55 - 00000036 ____A C:\Users\Administrator\AppData\Local\housecall.guid.cache
2012-07-03 21:42 - 2012-07-03 21:42 - 00001789 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-03 21:42 - 2012-07-03 11:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 21:42 - 2012-07-03 11:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 21:42 - 2012-07-03 11:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 21:42 - 2012-07-03 11:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 21:42 - 2012-07-03 11:21 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-07-03 21:42 - 2012-07-03 11:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 21:40 - 2012-07-03 11:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 21:40 - 2012-07-03 11:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-03 13:13 - 2012-07-03 13:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BFA53FF5-C53A-11E1-8270-B8AC6F996F26}
2012-07-03 13:13 - 2012-07-03 13:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\{BFA50D0A-C53A-11E1-8270-B8AC6F996F26}
2012-07-03 13:12 - 2012-07-03 13:12 - 00000012 ____A C:\Windows\srun.log
2012-07-03 12:39 - 2012-07-03 12:46 - 04503728 ___AT C:\Users\All Users\l_u0_0.pad
2012-06-30 22:30 - 2012-06-30 22:32 - 00001041 ____A C:\rkill.log
2012-06-30 16:22 - 2012-07-03 21:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CRE
2012-06-30 16:21 - 2012-06-30 16:22 - 00000000 ____D C:\Program Files\Vid-Saver
2012-06-30 16:21 - 2012-06-30 16:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\Vid-Saver
2012-06-30 15:50 - 2012-06-30 15:50 - 00001171 ____A C:\checkup.txt
2012-06-30 13:17 - 2012-07-22 19:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-30 13:17 - 2012-07-11 13:02 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-30 11:27 - 2012-07-04 12:21 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-30 11:27 - 2012-06-30 11:27 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-06-27 21:34 - 2012-06-28 22:17 - 00000000 ____D C:\Users\Administrator\Downloads\Sample Resume
2012-06-25 18:52 - 2012-07-18 18:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2012-06-22 20:29 - 2012-06-02 17:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 20:29 - 2012-06-02 17:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 20:29 - 2012-06-02 17:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 20:29 - 2012-06-02 17:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 20:28 - 2012-06-02 17:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 20:28 - 2012-06-02 17:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 20:28 - 2012-06-02 17:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 20:28 - 2012-06-02 15:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 20:28 - 2012-06-02 15:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-22 19:46 - 2007-12-06 18:46 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-07-22 19:46 - 2007-12-06 18:45 - 01775952 ____A C:\Windows\WindowsUpdate.log
2012-07-22 19:46 - 2006-11-02 08:01 - 00032544 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-22 19:46 - 2006-11-02 08:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-22 19:46 - 2006-11-02 07:47 - 00003648 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-22 19:46 - 2006-11-02 07:47 - 00003648 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-22 19:41 - 2012-06-30 13:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-22 19:41 - 2011-03-12 09:57 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1787316924-336728849-1611007836-500UA.job
2012-07-22 19:41 - 2011-03-12 09:57 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1787316924-336728849-1611007836-500Core.job
2012-07-19 18:48 - 2011-01-08 18:59 - 00139264 ____A C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-18 22:13 - 2011-01-07 22:48 - 00112699 ____A C:\Users\Administrator\AppData\Roaming\nvModes.001
2012-07-18 21:48 - 2006-11-02 07:47 - 00107520 ____A C:\Windows\System32\umstartup.etl
2012-07-17 21:56 - 2012-07-17 21:56 - 00041262 ____A C:\Users\Administrator\Downloads\Extras.Txt
2012-07-17 21:52 - 2012-07-17 21:52 - 00077364 ____A C:\Users\Administrator\Downloads\OTL.Txt
2012-07-17 21:18 - 2012-07-17 21:18 - 00596480 ____A (OldTimer Tools) C:\Users\Administrator\Downloads\OTL.exe
2012-07-17 18:46 - 2006-11-02 08:00 - 00041574 ____A C:\Windows\PFRO.log
2012-07-17 18:43 - 2012-07-17 18:43 - 00022862 ____A C:\ComboFix.txt
2012-07-17 18:37 - 2006-11-02 05:23 - 00000215 ____A C:\Windows\system.ini
2012-07-16 21:56 - 2012-07-16 21:55 - 04731392 ____A (AVAST Software) C:\Users\Administrator\Downloads\aswMBR.exe
2012-07-16 21:52 - 2012-07-16 21:52 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2012-07-16 18:59 - 2012-07-16 18:59 - 04579127 ____R (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2012-07-16 18:50 - 2012-07-16 18:49 - 00881475 ____A C:\Users\Administrator\Downloads\SecurityCheck.exe
2012-07-15 17:37 - 2012-07-15 17:37 - 00000866 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 12:19 - 2006-11-02 05:33 - 00707392 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 03:35 - 2006-11-02 07:47 - 00396320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 03:13 - 2006-11-02 05:23 - 00000219 ____A C:\Windows\win.ini
2012-07-12 03:06 - 2006-11-02 05:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 23:57 - 2012-03-12 20:37 - 00002082 ____A C:\Users\Administrator\Desktop\Google Chrome.lnk
2012-07-11 13:02 - 2012-06-30 13:17 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-07-11 13:02 - 2012-03-15 23:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-07-08 23:43 - 2012-07-08 23:43 - 00140912 ____A C:\Windows\Minidump\Mini070812-01.dmp
2012-07-08 23:42 - 2011-01-23 00:11 - 186766050 ____A C:\Windows\MEMORY.DMP
2012-07-07 10:31 - 2006-11-02 07:52 - 00033306 ____A C:\Windows\setupact.log
2012-07-07 10:30 - 2011-01-07 00:50 - 00106568 ____A C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-07 10:29 - 2012-07-07 10:29 - 00001624 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-03 22:16 - 2012-07-03 22:16 - 00274406 ____A C:\Users\Administrator\AppData\Local\census.cache
2012-07-03 22:15 - 2012-07-03 22:15 - 00195831 ____A C:\Users\Administrator\AppData\Local\ars.cache
2012-07-03 21:55 - 2012-07-03 21:55 - 00000036 ____A C:\Users\Administrator\AppData\Local\housecall.guid.cache
2012-07-03 21:42 - 2012-07-03 21:42 - 00001789 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-07-03 21:42 - 2006-11-02 05:23 - 00002577 ____A C:\Windows\System32\config.nt
2012-07-03 19:14 - 2006-11-02 05:22 - 44564480 ____A C:\Windows\System32\config\software_previous
2012-07-03 19:14 - 2006-11-02 05:22 - 42991616 ____A C:\Windows\System32\config\components_previous
2012-07-03 19:14 - 2006-11-02 05:22 - 36438016 ____A C:\Windows\System32\config\system_previous
2012-07-03 19:14 - 2006-11-02 05:22 - 00524288 ____A C:\Windows\System32\config\default_previous
2012-07-03 19:14 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2012-07-03 19:14 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2012-07-03 13:46 - 2011-01-20 19:53 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 13:12 - 2012-07-03 13:12 - 00000012 ____A C:\Windows\srun.log
2012-07-03 13:06 - 2011-01-20 19:40 - 00001356 ____A C:\Users\Administrator\AppData\Local\d3d9caps.dat
2012-07-03 12:46 - 2012-07-03 12:39 - 04503728 ___AT C:\Users\All Users\l_u0_0.pad
2012-07-03 11:21 - 2012-07-03 21:42 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 11:21 - 2012-07-03 21:42 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 11:21 - 2012-07-03 21:42 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 11:21 - 2012-07-03 21:42 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 11:21 - 2012-07-03 21:42 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-07-03 11:21 - 2012-07-03 21:42 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 11:21 - 2012-07-03 21:40 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 11:21 - 2012-07-03 21:40 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-30 22:32 - 2012-06-30 22:30 - 00001041 ____A C:\rkill.log
2012-06-30 16:12 - 2011-09-24 12:26 - 00004835 ____A C:\Windows\IE9_main.log
2012-06-30 15:50 - 2012-06-30 15:50 - 00001171 ____A C:\checkup.txt
2012-06-13 08:40 - 2012-07-12 03:15 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 17:48 - 2012-06-12 17:48 - 00000847 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-12 17:46 - 2012-06-12 17:46 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-06-12 17:46 - 2012-06-12 17:46 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-06-12 17:46 - 2012-06-12 17:46 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-06-12 17:46 - 2012-06-12 17:46 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-06-12 17:45 - 2012-06-12 17:45 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-06-12 17:45 - 2012-06-12 17:45 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-06-08 12:47 - 2012-07-11 07:00 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 17:42 - 2011-01-07 13:23 - 00112699 ____A C:\Users\Administrator\AppData\Roaming\nvModes.dat
2012-06-05 11:47 - 2012-07-11 06:59 - 01401856 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 11:47 - 2012-07-11 06:59 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-04 10:26 - 2012-07-11 06:58 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 17:19 - 2012-06-22 20:29 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-22 20:29 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-22 20:29 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-22 20:28 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-22 20:28 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:12 - 2012-06-22 20:29 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:12 - 2012-06-22 20:28 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-22 20:28 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:12 - 2012-06-22 20:28 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 19:04 - 2012-07-11 06:58 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 19:03 - 2012-07-11 06:58 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-27 12:03 - 2011-12-05 18:48 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-05-27 08:58 - 2011-12-05 22:13 - 00002377 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-15 01:37 - 2012-06-13 21:25 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-15 01:37 - 2012-06-13 21:25 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-15 01:37 - 2012-06-13 21:25 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-15 01:35 - 2012-06-13 21:25 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-05-15 01:33 - 2012-06-13 21:25 - 06007808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-15 01:33 - 2012-06-13 21:25 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-05-15 01:33 - 2012-06-13 21:25 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-05-15 01:33 - 2012-06-13 21:25 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-15 01:33 - 2012-06-13 21:25 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-05-15 01:32 - 2012-06-13 21:25 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-15 01:32 - 2012-06-13 21:25 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-05-15 01:32 - 2012-06-13 21:25 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-15 01:31 - 2012-06-13 21:25 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-15 01:31 - 2012-06-13 21:25 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-15 01:31 - 2012-06-13 21:25 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-05-15 01:31 - 2012-06-13 21:25 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-05-15 01:31 - 2012-06-13 21:25 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-15 01:31 - 2012-06-13 21:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-05-15 01:31 - 2012-06-13 21:25 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-05-15 01:31 - 2012-06-13 21:25 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-05-15 00:01 - 2012-06-13 21:25 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-05-14 22:26 - 2012-06-13 21:25 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-14 22:25 - 2012-06-13 21:25 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-05-14 22:24 - 2012-06-13 21:25 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-05-14 22:23 - 2012-06-13 21:25 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-01 09:03 - 2012-06-13 21:25 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-29 14:09 - 2012-04-29 14:09 - 00000749 ____A C:\Users\Administrator\Desktop\20638_219701919207_677279207_3099847_532864_n.jpg - Shortcut.lnk
2012-04-25 12:11 - 2012-04-25 12:11 - 04547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-04-25 12:11 - 2012-04-25 12:11 - 00043520 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl.sys


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 29%
Total physical RAM: 1021.62 MB
Available physical RAM: 715.28 MB
Total Pagefile: 2299.55 MB
Available Pagefile: 2124.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.61 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:111.79 GB) (Free:37.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive f: () (Removable) (Total:3.76 GB) (Free:1.14 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B
Disk 1 Online 3855 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 112 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 112 GB Healthy System (partition with boot components)

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3855 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F FAT32 Removable 3855 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-18 22:21

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users