Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus infected my computer


  • This topic is locked This topic is locked
50 replies to this topic

#1 leonce

leonce

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 07 August 2012 - 12:34 AM

My computer has the Google/Yahoo redirect virus/malware.
When I click on a website, it goes to another website instead. So I will hit the "back" button, and click on the link again, then it goes to the correct website. The "redirecting" does not always happen; I might click on 20 links from Google search and have no problem. Then I might click on the 1st link and it gets redirected.
Tried Hitman Pro, Malwarebytes, CCleaner, Spybot, TDSSKiller--and still no luck. I've checked the Hosts file and everything looks okay. Any suggestions?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Ben at 0:45:50 on 2012-08-07
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1819 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [KeePass 2 PreLoad] "c:\program files\keepass password safe 2\KeePass.exe" --preload
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [ATT-SST_UninstallTracking] c:\users\ben\appdata\local\temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
StartupFolder: c:\users\ben\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: motive.com\patttbc.att
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{326093D1-75F9-4D6E-85FE-A05EAA5D90A1} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ben\appdata\roaming\mozilla\firefox\profiles\vvsthx2f.default\
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-W1&o=100000080&locale=en_US&apn_uid=97b342ca-0d8a-4261-8bfa-ce66248b6cd2&apn_ptnrs=JM&apn_sauid=78008218-40E5-43FB-B65C-1A8850A76F96&apn_dtid=YYYYYYYYUS&&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\users\ben\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\ben\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\ben\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\ben\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\ben\appdata\roaming\move networks\plugins\npqmp071705000014.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-23 64288]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-8-6 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-8-6 83392]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-26 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-5-26 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-5-26 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-26 83392]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-7-25 105832]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-5-26 465360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-5 136176]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2011-11-12 33792]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-07 04:06:01 -------- d-----w- c:\users\ben\appdata\roaming\SUPERAntiSpyware.com
2012-08-07 04:05:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-07 04:05:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-07 00:13:57 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-08-07 00:13:49 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-08-07 00:13:48 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2012-08-07 00:13:46 169088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-06 00:38:21 -------- d-----w- c:\windows\pss
2012-08-05 01:14:55 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{71cce024-4943-49b6-af97-4e86130b9736}\mpengine.dll
2012-07-27 01:00:39 388096 ----a-r- c:\users\ben\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-27 01:00:39 -------- d-----w- c:\program files\Trend Micro
2012-07-26 18:29:17 -------- d-----w- c:\users\ben\appdata\local\temp
2012-07-26 18:28:26 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-26 18:18:04 -------- d-----w- C:\ComboFix
2012-07-26 17:56:29 -------- d-----w- c:\users\ben\appdata\local\Secunia PSI
2012-07-26 17:56:01 -------- d-----w- c:\program files\Secunia
2012-07-26 17:41:27 -------- d-----w- c:\users\ben\appdata\local\Threat Expert
2012-07-25 22:49:38 98816 ----a-w- c:\windows\sed.exe
2012-07-25 22:49:38 518144 ----a-w- c:\windows\SWREG.exe
2012-07-25 22:49:38 256000 ----a-w- c:\windows\PEV.exe
2012-07-25 22:49:38 208896 ----a-w- c:\windows\MBR.exe
2012-07-25 21:46:53 -------- d-----w- c:\program files\Enigma Software Group
2012-07-25 21:46:18 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-25 20:10:48 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-25 18:58:47 -------- d-----w- c:\program files\HitmanPro
2012-07-25 18:58:00 -------- d-----w- c:\programdata\HitmanPro
2012-07-25 14:38:50 -------- d-----w- c:\program files\PC Tools
2012-07-25 14:10:57 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-25 14:10:57 -------- d-----w- c:\program files\common files\PC Tools
2012-07-25 14:09:51 -------- d-----w- c:\users\ben\appdata\roaming\TestApp
2012-07-25 14:09:51 -------- d-----w- c:\programdata\PC Tools
2012-07-25 04:20:34 -------- d-----w- c:\users\ben\appdata\local\CrashDumps
2012-07-25 04:14:01 -------- d-----w- c:\users\ben\appdata\local\NPE
2012-07-25 04:14:01 -------- d-----w- c:\programdata\Norton
2012-07-13 00:27:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:21:46 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 11:21:44 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 11:21:44 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 11:21:44 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 11:21:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:21:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
==================== Find3M ====================
.
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2008-12-18 02:23:34 336 ----a-w- c:\program files\temp995.bat
.
============= FINISH: 0:46:36.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 08 August 2012 - 11:32 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 leonce

leonce
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 09 August 2012 - 01:13 PM

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.62
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome plugins...
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 09 August 2012 - 01:59 PM

let me have the combofix report when it is complete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 leonce

leonce
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 09 August 2012 - 02:10 PM

I didn't experience any problems running Combofix. I went to Google to do a search, but I am still experiencing the "redirect" issue.


ComboFix 12-08-09.01 - Ben 08/09/2012 14:25:15.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.1733 [GMT -4:00]
Running from: c:\users\Ben\Documents\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 18:33 . 2012-08-09 18:34 -------- d-----w- c:\users\Ben\AppData\Local\temp
2012-08-09 18:33 . 2012-08-09 18:33 -------- d-----w- c:\users\Yi\AppData\Local\temp
2012-08-09 18:33 . 2012-08-09 18:33 -------- d-----w- c:\users\Shiow\AppData\Local\temp
2012-08-09 18:33 . 2012-08-09 18:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-09 18:33 . 2012-08-09 18:33 -------- d-----w- c:\users\Gien\AppData\Local\temp
2012-08-09 18:33 . 2012-08-09 18:33 -------- d-----w- c:\users\Gien.Home\AppData\Local\temp
2012-08-09 18:33 . 2012-08-09 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 14:56 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10966595-5383-4B7E-B1EF-E47CC3AD295F}\mpengine.dll
2012-08-07 04:06 . 2012-08-07 04:06 -------- d-----w- c:\users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2012-08-07 04:05 . 2012-08-07 04:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-07 04:05 . 2012-08-07 04:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-07 00:13 . 2012-08-07 00:13 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-08-07 00:13 . 2012-08-07 00:13 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-08-07 00:13 . 2012-08-07 00:13 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2012-08-07 00:13 . 2012-08-07 00:13 169088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-07 00:13 . 2012-08-07 00:13 -------- d-----w- c:\program files\Acronis
2012-08-07 00:13 . 2012-08-07 00:13 -------- d-----w- c:\program files\Common Files\Acronis
2012-07-31 20:51 . 2012-07-31 20:52 -------- d-----w- c:\users\Shiow\AppData\Roaming\HpUpdate
2012-07-27 01:00 . 2012-07-27 01:00 388096 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-27 01:00 . 2012-07-27 01:00 -------- d-----w- c:\program files\Trend Micro
2012-07-26 17:56 . 2012-07-26 17:56 -------- d-----w- c:\users\Ben\AppData\Local\Secunia PSI
2012-07-26 17:56 . 2012-07-26 17:56 -------- d-----w- c:\program files\Secunia
2012-07-26 17:41 . 2012-07-26 17:41 -------- d-----w- c:\users\Ben\AppData\Local\Threat Expert
2012-07-25 21:46 . 2012-07-25 21:46 -------- d-----w- c:\program files\Enigma Software Group
2012-07-25 21:46 . 2012-07-26 17:42 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-25 20:10 . 2012-07-25 20:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-25 18:58 . 2012-07-25 18:58 -------- d-----w- c:\program files\HitmanPro
2012-07-25 18:58 . 2012-07-25 20:10 -------- d-----w- c:\programdata\HitmanPro
2012-07-25 14:38 . 2012-07-26 22:45 -------- d-----w- c:\program files\PC Tools
2012-07-25 14:10 . 2012-07-26 22:45 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-25 14:10 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-25 14:09 . 2012-07-26 22:43 -------- d-----w- c:\programdata\PC Tools
2012-07-25 14:09 . 2012-07-25 14:09 -------- d-----w- c:\users\Ben\AppData\Roaming\TestApp
2012-07-25 04:20 . 2012-08-09 17:15 -------- d-----w- c:\users\Ben\AppData\Local\CrashDumps
2012-07-25 04:14 . 2012-07-25 04:35 -------- d-----w- c:\users\Ben\AppData\Local\NPE
2012-07-25 04:14 . 2012-07-25 04:14 -------- d-----w- c:\programdata\Norton
2012-07-13 00:27 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:21 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 11:21 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:21 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:21 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 11:21 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 11:21 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-06-10 01:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-22 23:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 23:04 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 23:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 23:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 23:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 23:04 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 23:04 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 23:04 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-22 23:04 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2009-10-02 18:23 237072 ------w- c:\windows\system32\MpSigStub.exe
2008-12-18 02:23 . 2008-12-18 02:23 336 ----a-w- c:\program files\temp995.bat
2012-07-27 00:10 . 2012-02-21 15:20 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-20 17:18 1519824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-18 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-05-05 153672]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-23 50688]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-28 692224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 04:39]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 04:39]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532833285-3097925050-780435239-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-01 19:52]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532833285-3097925050-780435239-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-01 19:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\vvsthx2f.default\
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-W1&o=100000080&locale=en_US&apn_uid=97b342ca-0d8a-4261-8bfa-ce66248b6cd2&apn_ptnrs=JM&apn_sauid=78008218-40E5-43FB-B65C-1A8850A76F96&apn_dtid=YYYYYYYYUS&&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-09 14:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5672)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2012-08-09 14:36:56
ComboFix-quarantined-files.txt 2012-08-09 18:36
ComboFix2.txt 2012-07-26 18:29
ComboFix3.txt 2012-07-25 23:04
.
Pre-Run: 21,450,350,592 bytes free
Post-Run: 21,383,974,912 bytes free
.
- - End Of File - - 2DD8A0CAF8594B3484AD099BB1578DEC

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 09 August 2012 - 02:21 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 leonce

leonce
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 09 August 2012 - 07:39 PM

19:06:56.0052 5084 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:06:56.0458 5084 ============================================================
19:06:56.0458 5084 Current date / time: 2012/08/09 19:06:56.0458
19:06:56.0458 5084 SystemInfo:
19:06:56.0458 5084
19:06:56.0458 5084 OS Version: 6.0.6002 ServicePack: 2.0
19:06:56.0458 5084 Product type: Workstation
19:06:56.0458 5084 ComputerName: HOME
19:06:56.0458 5084 UserName: Ben
19:06:56.0458 5084 Windows directory: C:\Windows
19:06:56.0458 5084 System windows directory: C:\Windows
19:06:56.0458 5084 Processor architecture: Intel x86
19:06:56.0458 5084 Number of processors: 2
19:06:56.0458 5084 Page size: 0x1000
19:06:56.0458 5084 Boot type: Normal boot
19:06:56.0458 5084 ============================================================
19:06:57.0144 5084 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:06:57.0253 5084 ============================================================
19:06:57.0253 5084 \Device\Harddisk0\DR0:
19:06:57.0253 5084 MBR partitions:
19:06:57.0253 5084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
19:06:57.0253 5084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x115E9800
19:06:57.0253 5084 ============================================================
19:06:57.0300 5084 C: <-> \Device\Harddisk0\DR0\Partition1
19:06:57.0331 5084 D: <-> \Device\Harddisk0\DR0\Partition0
19:06:57.0331 5084 ============================================================
19:06:57.0331 5084 Initialize success
19:06:57.0331 5084 ============================================================
19:07:08.0641 3572 ============================================================
19:07:08.0641 3572 Scan started
19:07:08.0641 3572 Mode: Manual;
19:07:08.0641 3572 ============================================================
19:07:10.0623 3572 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:07:10.0623 3572 !SASCORE - ok
19:07:10.0935 3572 61883 (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
19:07:10.0935 3572 61883 - ok
19:07:11.0621 3572 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:07:11.0621 3572 ACDaemon - ok
19:07:11.0715 3572 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:07:11.0761 3572 ACPI - ok
19:07:12.0822 3572 AcrSch2Svc (af6481c648ea9a76569aacb73eac286a) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
19:07:12.0838 3572 AcrSch2Svc - ok
19:07:12.0916 3572 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:07:12.0963 3572 adp94xx - ok
19:07:13.0025 3572 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:07:13.0150 3572 adpahci - ok
19:07:13.0197 3572 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:07:13.0212 3572 adpu160m - ok
19:07:13.0243 3572 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:07:13.0275 3572 adpu320 - ok
19:07:13.0321 3572 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:07:13.0321 3572 AeLookupSvc - ok
19:07:13.0415 3572 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:07:13.0431 3572 AFD - ok
19:07:13.0462 3572 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
19:07:13.0477 3572 agp440 - ok
19:07:13.0524 3572 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:07:13.0571 3572 aic78xx - ok
19:07:13.0602 3572 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:07:13.0602 3572 ALG - ok
19:07:13.0633 3572 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
19:07:13.0649 3572 aliide - ok
19:07:13.0680 3572 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
19:07:13.0696 3572 amdagp - ok
19:07:13.0743 3572 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
19:07:13.0743 3572 amdide - ok
19:07:13.0805 3572 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:07:13.0852 3572 AmdK7 - ok
19:07:13.0867 3572 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:07:13.0883 3572 AmdK8 - ok
19:07:13.0977 3572 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:07:13.0977 3572 AntiVirSchedulerService - ok
19:07:14.0008 3572 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:07:14.0008 3572 AntiVirService - ok
19:07:14.0055 3572 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
19:07:14.0055 3572 AntiVirWebService - ok
19:07:14.0148 3572 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:07:14.0148 3572 Appinfo - ok
19:07:14.0257 3572 Apple Mobile Device (1961cb10bb48eb4d97e37db6373e9e63) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
19:07:14.0257 3572 Apple Mobile Device - ok
19:07:14.0304 3572 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:07:14.0335 3572 arc - ok
19:07:15.0022 3572 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:07:15.0053 3572 arcsas - ok
19:07:15.0084 3572 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:15.0100 3572 AsyncMac - ok
19:07:15.0131 3572 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys
19:07:15.0147 3572 atapi - ok
19:07:15.0225 3572 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:07:15.0225 3572 AudioEndpointBuilder - ok
19:07:15.0240 3572 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:07:15.0240 3572 Audiosrv - ok
19:07:15.0287 3572 Avc (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
19:07:15.0318 3572 Avc - ok
19:07:15.0365 3572 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:07:15.0381 3572 avgntflt - ok
19:07:15.0443 3572 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:07:15.0474 3572 avipbb - ok
19:07:15.0490 3572 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
19:07:15.0521 3572 avkmgr - ok
19:07:15.0568 3572 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:07:15.0583 3572 Beep - ok
19:07:15.0693 3572 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:07:15.0693 3572 BFE - ok
19:07:15.0786 3572 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
19:07:15.0802 3572 BITS - ok
19:07:15.0802 3572 blbdrive - ok
19:07:15.0880 3572 Bonjour Service (cfd4c3352e29a8b729536648466e8df5) C:\Program Files\Bonjour\mDNSResponder.exe
19:07:15.0880 3572 Bonjour Service - ok
19:07:15.0911 3572 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:07:15.0958 3572 bowser - ok
19:07:15.0989 3572 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:07:16.0020 3572 BrFiltLo - ok
19:07:16.0036 3572 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:07:16.0051 3572 BrFiltUp - ok
19:07:16.0083 3572 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:07:16.0223 3572 Browser - ok
19:07:16.0410 3572 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:07:16.0426 3572 Brserid - ok
19:07:16.0473 3572 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:07:16.0488 3572 BrSerWdm - ok
19:07:16.0519 3572 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:07:16.0535 3572 BrUsbMdm - ok
19:07:16.0551 3572 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:07:16.0566 3572 BrUsbSer - ok
19:07:16.0613 3572 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:07:16.0644 3572 BTHMODEM - ok
19:07:16.0691 3572 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
19:07:16.0691 3572 BthServ - ok
19:07:16.0785 3572 catchme - ok
19:07:16.0831 3572 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:07:16.0863 3572 cdfs - ok
19:07:16.0941 3572 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:07:16.0987 3572 cdrom - ok
19:07:17.0034 3572 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:07:17.0050 3572 CertPropSvc - ok
19:07:17.0097 3572 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:07:17.0143 3572 circlass - ok
19:07:17.0596 3572 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:07:17.0627 3572 CLFS - ok
19:07:17.0721 3572 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:17.0736 3572 clr_optimization_v2.0.50727_32 - ok
19:07:17.0799 3572 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:07:17.0845 3572 clr_optimization_v4.0.30319_32 - ok
19:07:17.0892 3572 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
19:07:17.0892 3572 cmdide - ok
19:07:17.0939 3572 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:07:17.0955 3572 Compbatt - ok
19:07:17.0955 3572 COMSysApp - ok
19:07:18.0017 3572 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:07:18.0033 3572 crcdisk - ok
19:07:18.0064 3572 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:07:18.0064 3572 Crusoe - ok
19:07:18.0111 3572 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:07:18.0111 3572 CryptSvc - ok
19:07:23.0929 3572 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:07:23.0961 3572 DcomLaunch - ok
19:07:24.0210 3572 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:07:24.0241 3572 DfsC - ok
19:07:24.0397 3572 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:07:24.0444 3572 DFSR - ok
19:07:24.0631 3572 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:07:24.0631 3572 Dhcp - ok
19:07:24.0756 3572 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:07:24.0787 3572 disk - ok
19:07:24.0819 3572 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:07:24.0819 3572 Dnscache - ok
19:07:24.0850 3572 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:07:24.0881 3572 dot3svc - ok
19:07:24.0975 3572 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
19:07:24.0990 3572 Dot4 - ok
19:07:25.0021 3572 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:07:25.0053 3572 Dot4Print - ok
19:07:25.0099 3572 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
19:07:25.0115 3572 dot4usb - ok
19:07:26.0488 3572 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:07:26.0488 3572 DPS - ok
19:07:26.0535 3572 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:07:26.0613 3572 drmkaud - ok
19:07:26.0737 3572 DSBrokerService (245f62a2aa67f4a61f10174bf1017327) C:\Program Files\DellSupport\brkrsvc.exe
19:07:26.0737 3572 DSBrokerService - ok
19:07:26.0815 3572 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
19:07:26.0815 3572 DSproct - ok
19:07:26.0815 3572 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
19:07:26.0878 3572 dsunidrv - ok
19:07:26.0940 3572 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:07:27.0065 3572 DXGKrnl - ok
19:07:27.0627 3572 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
19:07:27.0642 3572 e1express - ok
19:07:27.0705 3572 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:07:27.0736 3572 E1G60 - ok
19:07:27.0767 3572 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:07:27.0767 3572 EapHost - ok
19:07:27.0798 3572 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:07:27.0861 3572 Ecache - ok
19:07:27.0892 3572 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:07:27.0970 3572 elxstor - ok
19:07:28.0079 3572 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:07:28.0079 3572 EMDMgmt - ok
19:07:30.0216 3572 esgiguard - ok
19:07:30.0279 3572 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:07:30.0279 3572 EventSystem - ok
19:07:30.0388 3572 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:07:30.0403 3572 exfat - ok
19:07:30.0435 3572 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:07:30.0809 3572 fastfat - ok
19:07:30.0871 3572 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:07:30.0887 3572 fdc - ok
19:07:30.0918 3572 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:07:30.0934 3572 fdPHost - ok
19:07:30.0981 3572 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:07:30.0981 3572 FDResPub - ok
19:07:31.0012 3572 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:07:31.0043 3572 FileInfo - ok
19:07:31.0074 3572 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:07:31.0090 3572 Filetrace - ok
19:07:31.0121 3572 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:07:31.0137 3572 flpydisk - ok
19:07:31.0168 3572 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:07:31.0183 3572 FltMgr - ok
19:07:32.0057 3572 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:07:32.0338 3572 FontCache - ok
19:07:33.0087 3572 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:07:33.0102 3572 FontCache3.0.0.0 - ok
19:07:33.0633 3572 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:07:33.0633 3572 Fs_Rec - ok
19:07:34.0116 3572 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:07:35.0068 3572 gagp30kx - ok
19:07:37.0111 3572 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:07:37.0127 3572 GEARAspiWDM - ok
19:07:37.0189 3572 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:07:37.0205 3572 gpsvc - ok
19:07:37.0392 3572 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:07:37.0408 3572 gupdate - ok
19:07:37.0423 3572 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:07:37.0423 3572 gupdatem - ok
19:07:38.0671 3572 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:07:39.0202 3572 HdAudAddService - ok
19:07:40.0122 3572 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:07:40.0715 3572 HDAudBus - ok
19:07:41.0417 3572 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:07:41.0433 3572 HidBth - ok
19:07:41.0542 3572 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:07:41.0573 3572 HidIr - ok
19:07:41.0760 3572 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:07:41.0760 3572 hidserv - ok
19:07:42.0181 3572 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:07:42.0181 3572 HidUsb - ok
19:07:42.0244 3572 HitmanProScheduler (da53819fbb21e6ff91d377283597a6c6) C:\Program Files\HitmanPro\hmpsched.exe
19:07:42.0259 3572 HitmanProScheduler - ok
19:07:42.0322 3572 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:07:42.0322 3572 hkmsvc - ok
19:07:42.0369 3572 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:07:42.0384 3572 HpCISSs - ok
19:07:42.0868 3572 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll
19:07:42.0868 3572 hpqcxs08 - ok
19:07:42.0915 3572 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll
19:07:42.0915 3572 hpqddsvc - ok
19:07:43.0149 3572 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:07:43.0305 3572 HSF_DPV - ok
19:07:43.0336 3572 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
19:07:43.0383 3572 HSXHWBS2 - ok
19:07:43.0429 3572 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
19:07:43.0617 3572 HTTP - ok
19:07:43.0710 3572 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:07:43.0741 3572 i2omp - ok
19:07:43.0929 3572 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:07:44.0131 3572 i8042prt - ok
19:07:44.0475 3572 IAANTMON (0bcee844a02747dd7f1e30352e619f2e) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
19:07:44.0490 3572 IAANTMON - ok
19:07:44.0521 3572 iaStor (e9f704ca833bd24bfaa3b4a59707633a) C:\Windows\system32\drivers\iastor.sys
19:07:44.0521 3572 iaStor - ok
19:07:44.0584 3572 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:07:44.0693 3572 iaStorV - ok
19:07:45.0145 3572 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:07:45.0364 3572 IDriverT - ok
19:07:46.0674 3572 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:07:46.0705 3572 idsvc - ok
19:07:46.0877 3572 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:07:46.0908 3572 iirsp - ok
19:07:46.0971 3572 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:07:46.0986 3572 IKEEXT - ok
19:07:47.0127 3572 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
19:07:47.0173 3572 intelide - ok
19:07:47.0220 3572 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:07:47.0345 3572 intelppm - ok
19:07:47.0454 3572 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:07:47.0953 3572 IPBusEnum - ok
19:07:48.0219 3572 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:48.0234 3572 IpFilterDriver - ok
19:07:48.0437 3572 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:07:48.0453 3572 iphlpsvc - ok
19:07:48.0453 3572 IpInIp - ok
19:07:48.0640 3572 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:07:48.0952 3572 IPMIDRV - ok
19:07:49.0233 3572 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:07:49.0389 3572 IPNAT - ok
19:07:49.0513 3572 iPod Service (e1bd28ca09ee8f30e8edbd6c19f5579d) C:\Program Files\iPod\bin\iPodService.exe
19:07:49.0513 3572 iPod Service - ok
19:07:49.0560 3572 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:07:49.0779 3572 IRENUM - ok
19:07:50.0153 3572 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
19:07:51.0354 3572 isapnp - ok
19:07:51.0495 3572 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:07:51.0682 3572 iScsiPrt - ok
19:07:51.0838 3572 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:07:51.0994 3572 iteatapi - ok
19:07:52.0259 3572 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:07:52.0368 3572 iteraid - ok
19:07:52.0384 3572 ivusb - ok
19:07:52.0462 3572 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:07:52.0524 3572 kbdclass - ok
19:07:52.0930 3572 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:07:52.0945 3572 kbdhid - ok
19:07:52.0992 3572 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:07:53.0008 3572 KeyIso - ok
19:07:53.0055 3572 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
19:07:53.0757 3572 KSecDD - ok
19:07:53.0819 3572 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:07:53.0819 3572 KtmRm - ok
19:07:53.0897 3572 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:07:53.0897 3572 LanmanServer - ok
19:07:53.0975 3572 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:07:53.0975 3572 LanmanWorkstation - ok
19:07:54.0084 3572 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
19:07:54.0661 3572 Lbd - ok
19:07:55.0972 3572 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
19:07:56.0112 3572 LeapFrog Connect Device Service - ok
19:07:56.0487 3572 Leapfrog-USBLAN (5cffda921fe0c9e9ebde3150d3c81594) C:\Windows\system32\DRIVERS\btblan.sys
19:07:56.0783 3572 Leapfrog-USBLAN - ok
19:07:56.0861 3572 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:07:57.0547 3572 LHidFilt - ok
19:07:57.0610 3572 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:07:57.0750 3572 lltdio - ok
19:07:57.0797 3572 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:07:58.0093 3572 lltdsvc - ok
19:07:58.0125 3572 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:07:58.0125 3572 lmhosts - ok
19:07:58.0359 3572 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:07:58.0452 3572 LMouFilt - ok
19:07:58.0951 3572 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:07:58.0998 3572 LSI_FC - ok
19:07:59.0061 3572 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:07:59.0061 3572 LSI_SAS - ok
19:07:59.0170 3572 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:07:59.0591 3572 LSI_SCSI - ok
19:07:59.0731 3572 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:07:59.0778 3572 luafv - ok
19:07:59.0965 3572 McciCMService - ok
19:08:00.0059 3572 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:08:00.0137 3572 mdmxsdk - ok
19:08:00.0199 3572 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:08:00.0199 3572 megasas - ok
19:08:00.0231 3572 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:08:00.0231 3572 MMCSS - ok
19:08:00.0262 3572 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:08:00.0527 3572 Modem - ok
19:08:00.0589 3572 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:08:00.0621 3572 monitor - ok
19:08:00.0699 3572 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:08:01.0323 3572 mouclass - ok
19:08:01.0369 3572 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:08:01.0447 3572 mouhid - ok
19:08:01.0479 3572 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:08:01.0510 3572 MountMgr - ok
19:08:01.0603 3572 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:08:01.0619 3572 MozillaMaintenance - ok
19:08:01.0806 3572 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:08:01.0915 3572 mpio - ok
19:08:02.0181 3572 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:08:02.0196 3572 mpsdrv - ok
19:08:02.0243 3572 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:08:02.0259 3572 MpsSvc - ok
19:08:02.0321 3572 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:08:02.0337 3572 Mraid35x - ok
19:08:02.0383 3572 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19:08:02.0399 3572 MREMP50 - ok
19:08:02.0399 3572 MREMP50a64 - ok
19:08:02.0430 3572 MREMPR5 - ok
19:08:02.0430 3572 MRENDIS5 - ok
19:08:02.0493 3572 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
19:08:02.0508 3572 MRESP50 - ok
19:08:02.0508 3572 MRESP50a64 - ok
19:08:02.0633 3572 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:08:02.0664 3572 MRxDAV - ok
19:08:02.0711 3572 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:02.0758 3572 mrxsmb - ok
19:08:02.0820 3572 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:02.0898 3572 mrxsmb10 - ok
19:08:02.0929 3572 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:02.0945 3572 mrxsmb20 - ok
19:08:02.0976 3572 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
19:08:03.0007 3572 msahci - ok
19:08:03.0039 3572 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:08:03.0070 3572 msdsm - ok
19:08:03.0101 3572 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:08:03.0132 3572 MSDTC - ok
19:08:03.0179 3572 MSDV (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
19:08:03.0179 3572 MSDV - ok
19:08:03.0210 3572 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:08:03.0319 3572 Msfs - ok
19:08:03.0429 3572 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:08:03.0444 3572 msisadrv - ok
19:08:03.0491 3572 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:08:03.0491 3572 MSiSCSI - ok
19:08:03.0507 3572 msiserver - ok
19:08:03.0569 3572 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:08:03.0569 3572 MSKSSRV - ok
19:08:03.0600 3572 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:03.0600 3572 MSPCLOCK - ok
19:08:03.0631 3572 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:08:03.0647 3572 MSPQM - ok
19:08:03.0694 3572 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:08:03.0725 3572 MsRPC - ok
19:08:03.0756 3572 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:08:03.0787 3572 mssmbios - ok
19:08:03.0834 3572 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:08:03.0834 3572 MSTEE - ok
19:08:03.0865 3572 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:08:03.0897 3572 Mup - ok
19:08:03.0943 3572 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:08:03.0959 3572 napagent - ok
19:08:03.0990 3572 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:08:04.0006 3572 NativeWifiP - ok
19:08:04.0068 3572 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:08:04.0131 3572 NDIS - ok
19:08:04.0177 3572 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:04.0209 3572 NdisTapi - ok
19:08:04.0318 3572 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:04.0349 3572 Ndisuio - ok
19:08:04.0396 3572 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:04.0427 3572 NdisWan - ok
19:08:04.0458 3572 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:08:04.0489 3572 NDProxy - ok
19:08:04.0723 3572 Nero BackItUp Scheduler 3 (6d4028d458eaaa1782099750790dc8c9) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
19:08:04.0817 3572 Nero BackItUp Scheduler 3 - ok
19:08:04.0848 3572 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
19:08:04.0864 3572 Net Driver HPZ12 - ok
19:08:04.0926 3572 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:08:04.0957 3572 NetBIOS - ok
19:08:05.0004 3572 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:08:05.0004 3572 netbt - ok
19:08:05.0067 3572 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:08:05.0082 3572 Netlogon - ok
19:08:05.0113 3572 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:08:05.0129 3572 Netman - ok
19:08:05.0160 3572 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:08:05.0160 3572 netprofm - ok
19:08:05.0285 3572 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:08:05.0285 3572 NetTcpPortSharing - ok
19:08:05.0363 3572 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:08:05.0379 3572 nfrd960 - ok
19:08:05.0410 3572 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:08:05.0425 3572 NlaSvc - ok
19:08:05.0628 3572 NMIndexingService (ff4d73b16ea3a32d34ceb3a7bc3c3773) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:08:05.0675 3572 NMIndexingService - ok
19:08:05.0784 3572 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:08:05.0815 3572 Npfs - ok
19:08:05.0847 3572 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:08:05.0847 3572 nsi - ok
19:08:05.0940 3572 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:08:05.0956 3572 nsiproxy - ok
19:08:06.0049 3572 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:08:06.0143 3572 Ntfs - ok
19:08:06.0174 3572 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:08:06.0174 3572 ntrigdigi - ok
19:08:06.0205 3572 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:08:06.0221 3572 Null - ok
19:08:06.0939 3572 nvlddmkm (e633e4e0e6a65fea569dc2773f1c6d58) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:08:07.0173 3572 nvlddmkm - ok
19:08:07.0391 3572 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:08:07.0422 3572 nvraid - ok
19:08:07.0453 3572 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:08:07.0469 3572 nvstor - ok
19:08:07.0516 3572 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
19:08:07.0531 3572 nv_agp - ok
19:08:07.0531 3572 NwlnkFlt - ok
19:08:07.0547 3572 NwlnkFwd - ok
19:08:07.0625 3572 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:08:07.0641 3572 ohci1394 - ok
19:08:07.0781 3572 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:08:07.0781 3572 ose - ok
19:08:08.0233 3572 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:08:08.0374 3572 osppsvc - ok
19:08:08.0577 3572 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:08:08.0608 3572 p2pimsvc - ok
19:08:08.0623 3572 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:08:08.0623 3572 p2psvc - ok
19:08:08.0686 3572 PalmUSBD - ok
19:08:08.0717 3572 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:08:08.0733 3572 Parport - ok
19:08:08.0795 3572 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:08:08.0826 3572 partmgr - ok
19:08:08.0842 3572 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:08:08.0873 3572 Parvdm - ok
19:08:08.0904 3572 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:08:08.0920 3572 PcaSvc - ok
19:08:08.0967 3572 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:08:09.0013 3572 pci - ok
19:08:09.0045 3572 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
19:08:09.0060 3572 pciide - ok
19:08:09.0107 3572 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:08:09.0154 3572 pcmcia - ok
19:08:09.0201 3572 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
19:08:09.0201 3572 pcouffin - ok
19:08:09.0294 3572 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:08:09.0325 3572 PEAUTH - ok
19:08:09.0497 3572 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:08:09.0544 3572 pla - ok
19:08:09.0840 3572 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:08:09.0856 3572 PlugPlay - ok
19:08:10.0355 3572 PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
19:08:10.0355 3572 PMBDeviceInfoProvider - ok
19:08:10.0402 3572 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
19:08:10.0402 3572 Pml Driver HPZ12 - ok
19:08:10.0480 3572 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:08:10.0480 3572 PNRPAutoReg - ok
19:08:10.0495 3572 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:08:10.0495 3572 PNRPsvc - ok
19:08:10.0776 3572 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:08:10.0776 3572 PolicyAgent - ok
19:08:10.0854 3572 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:08:10.0870 3572 PptpMiniport - ok
19:08:10.0901 3572 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:08:10.0932 3572 Processor - ok
19:08:10.0963 3572 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:08:10.0963 3572 ProfSvc - ok
19:08:11.0041 3572 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:08:11.0041 3572 ProtectedStorage - ok
19:08:11.0073 3572 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:08:11.0104 3572 PSched - ok
19:08:11.0416 3572 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:08:11.0447 3572 ql2300 - ok
19:08:11.0478 3572 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:08:11.0525 3572 ql40xx - ok
19:08:11.0572 3572 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:08:11.0603 3572 QWAVE - ok
19:08:11.0634 3572 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:08:11.0634 3572 QWAVEdrv - ok
19:08:12.0243 3572 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
19:08:12.0336 3572 R300 - ok
19:08:12.0492 3572 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
19:08:12.0492 3572 RapiMgr - ok
19:08:12.0695 3572 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:08:12.0711 3572 RasAcd - ok
19:08:12.0773 3572 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:08:12.0804 3572 RasAuto - ok
19:08:12.0835 3572 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:12.0851 3572 Rasl2tp - ok
19:08:12.0898 3572 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:08:12.0898 3572 RasMan - ok
19:08:12.0929 3572 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:12.0945 3572 RasPppoe - ok
19:08:12.0960 3572 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:08:12.0976 3572 RasSstp - ok
19:08:13.0038 3572 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:08:13.0069 3572 rdbss - ok
19:08:13.0116 3572 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:13.0116 3572 RDPCDD - ok
19:08:13.0163 3572 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
19:08:13.0179 3572 rdpdr - ok
19:08:13.0179 3572 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:08:13.0210 3572 RDPENCDD - ok
19:08:13.0257 3572 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:08:13.0288 3572 RDPWD - ok
19:08:13.0335 3572 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:08:13.0366 3572 RemoteAccess - ok
19:08:13.0413 3572 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:08:13.0444 3572 RemoteRegistry - ok
19:08:13.0475 3572 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:08:13.0506 3572 RpcLocator - ok
19:08:13.0584 3572 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:08:13.0600 3572 RpcSs - ok
19:08:13.0662 3572 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:08:13.0693 3572 rspndr - ok
19:08:13.0740 3572 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:08:13.0740 3572 SamSs - ok
19:08:14.0021 3572 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:08:14.0037 3572 SASDIFSV - ok
19:08:14.0083 3572 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:08:14.0115 3572 SASKUTIL - ok
19:08:14.0177 3572 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:08:14.0193 3572 sbp2port - ok
19:08:14.0271 3572 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:08:14.0286 3572 SCardSvr - ok
19:08:14.0364 3572 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:08:14.0364 3572 Schedule - ok
19:08:14.0411 3572 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:08:14.0411 3572 SCPolicySvc - ok
19:08:14.0442 3572 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:08:14.0458 3572 SDRSVC - ok
19:08:14.0489 3572 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:08:14.0520 3572 secdrv - ok
19:08:14.0567 3572 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:08:14.0567 3572 seclogon - ok
19:08:14.0598 3572 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:08:14.0598 3572 SENS - ok
19:08:14.0629 3572 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:08:14.0661 3572 Serenum - ok
19:08:14.0676 3572 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:08:14.0723 3572 Serial - ok
19:08:14.0754 3572 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:08:14.0754 3572 sermouse - ok
19:08:14.0863 3572 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:08:14.0863 3572 SessionEnv - ok
19:08:14.0910 3572 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:08:14.0941 3572 sffdisk - ok
19:08:14.0973 3572 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:08:14.0988 3572 sffp_mmc - ok
19:08:15.0019 3572 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:08:15.0019 3572 sffp_sd - ok
19:08:15.0035 3572 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:08:15.0035 3572 sfloppy - ok
19:08:15.0066 3572 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:08:15.0113 3572 SharedAccess - ok
19:08:15.0160 3572 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:08:15.0160 3572 ShellHWDetection - ok
19:08:15.0238 3572 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
19:08:15.0253 3572 sisagp - ok
19:08:15.0269 3572 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:08:15.0285 3572 SiSRaid2 - ok
19:08:15.0331 3572 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:08:15.0331 3572 SiSRaid4 - ok
19:08:15.0643 3572 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:08:15.0721 3572 slsvc - ok
19:08:15.0940 3572 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:08:15.0971 3572 SLUINotify - ok
19:08:16.0049 3572 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:08:16.0049 3572 Smb - ok
19:08:16.0127 3572 snapman (98b44c15b4eed76aa8dccb64a4ca11af) C:\Windows\system32\DRIVERS\snapman.sys
19:08:16.0143 3572 snapman - ok
19:08:16.0189 3572 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:08:16.0189 3572 SNMPTRAP - ok
19:08:16.0205 3572 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:08:16.0252 3572 spldr - ok
19:08:16.0283 3572 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:08:16.0283 3572 Spooler - ok
19:08:16.0361 3572 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:08:16.0408 3572 srv - ok
19:08:16.0486 3572 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:08:16.0501 3572 srv2 - ok
19:08:16.0564 3572 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:08:16.0579 3572 srvnet - ok
19:08:16.0626 3572 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:08:16.0626 3572 SSDPSRV - ok
19:08:16.0657 3572 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:08:16.0689 3572 ssmdrv - ok
19:08:16.0720 3572 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:08:16.0735 3572 SstpSvc - ok
19:08:16.0782 3572 Steam Client Service - ok
19:08:16.0845 3572 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
19:08:16.0891 3572 STHDA - ok
19:08:16.0985 3572 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:08:16.0985 3572 stisvc - ok
19:08:17.0016 3572 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:08:17.0016 3572 swenum - ok
19:08:17.0063 3572 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:08:17.0063 3572 swprv - ok
19:08:17.0094 3572 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:08:17.0110 3572 Symc8xx - ok
19:08:17.0141 3572 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:08:17.0172 3572 Sym_hi - ok
19:08:17.0188 3572 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:08:17.0203 3572 Sym_u3 - ok
19:08:17.0250 3572 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:08:17.0266 3572 SysMain - ok
19:08:17.0297 3572 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:08:17.0297 3572 TabletInputService - ok
19:08:17.0344 3572 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:08:17.0344 3572 TapiSrv - ok
19:08:17.0391 3572 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:08:17.0406 3572 TBS - ok
19:08:17.0531 3572 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
19:08:17.0656 3572 Tcpip - ok
19:08:17.0671 3572 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
19:08:17.0671 3572 Tcpip6 - ok
19:08:17.0718 3572 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:08:17.0734 3572 tcpipreg - ok
19:08:17.0796 3572 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:08:17.0812 3572 TDPIPE - ok
19:08:17.0827 3572 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:08:17.0843 3572 TDTCP - ok
19:08:17.0874 3572 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:08:17.0874 3572 tdx - ok
19:08:18.0451 3572 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:08:18.0451 3572 TermDD - ok
19:08:18.0498 3572 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:08:18.0514 3572 TermService - ok
19:08:18.0561 3572 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:08:18.0561 3572 Themes - ok
19:08:18.0592 3572 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:08:18.0592 3572 THREADORDER - ok
19:08:19.0341 3572 timounter (d8a96d0e25d43fdac3bed09adf39fde9) C:\Windows\system32\DRIVERS\timntr.sys
19:08:19.0387 3572 timounter - ok
19:08:19.0434 3572 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:08:19.0434 3572 TrkWks - ok
19:08:19.0528 3572 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:08:19.0559 3572 TrustedInstaller - ok
19:08:19.0590 3572 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:19.0590 3572 tssecsrv - ok
19:08:19.0637 3572 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:08:19.0684 3572 tunmp - ok
19:08:19.0715 3572 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:08:19.0746 3572 tunnel - ok
19:08:19.0777 3572 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:08:19.0793 3572 uagp35 - ok
19:08:19.0840 3572 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:08:19.0887 3572 udfs - ok
19:08:19.0902 3572 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:08:19.0918 3572 UI0Detect - ok
19:08:19.0949 3572 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
19:08:19.0980 3572 uliagpkx - ok
19:08:20.0043 3572 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:08:20.0074 3572 uliahci - ok
19:08:20.0089 3572 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:08:20.0105 3572 UlSata - ok
19:08:20.0136 3572 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:08:20.0152 3572 ulsata2 - ok
19:08:20.0199 3572 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:08:20.0245 3572 umbus - ok
19:08:20.0277 3572 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:08:20.0292 3572 upnphost - ok
19:08:20.0323 3572 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:20.0370 3572 usbccgp - ok
19:08:20.0417 3572 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:08:20.0433 3572 usbcir - ok
19:08:20.0542 3572 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:08:20.0542 3572 usbehci - ok
19:08:20.0620 3572 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:08:20.0682 3572 usbhub - ok
19:08:20.0713 3572 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:08:20.0729 3572 usbohci - ok
19:08:20.0776 3572 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:08:20.0791 3572 usbprint - ok
19:08:20.0838 3572 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
19:08:20.0869 3572 usbscan - ok
19:08:20.0916 3572 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:20.0916 3572 USBSTOR - ok
19:08:20.0947 3572 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:08:20.0979 3572 usbuhci - ok
19:08:21.0057 3572 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
19:08:21.0072 3572 usb_rndisx - ok
19:08:21.0103 3572 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:08:21.0103 3572 UxSms - ok
19:08:21.0150 3572 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:08:21.0213 3572 vds - ok
19:08:21.0259 3572 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:21.0275 3572 vga - ok
19:08:21.0291 3572 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:08:21.0291 3572 VgaSave - ok
19:08:21.0337 3572 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
19:08:21.0337 3572 viaagp - ok
19:08:21.0353 3572 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:08:21.0369 3572 ViaC7 - ok
19:08:21.0400 3572 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
19:08:21.0415 3572 viaide - ok
19:08:21.0462 3572 vididr (149ec3e217f9d11e9ca6c54ce3d70c73) C:\Windows\system32\DRIVERS\vididr.sys
19:08:21.0478 3572 vididr - ok
19:08:21.0525 3572 vidsflt53 (e31e9cd40677b84b3adaa7a0d80dc439) C:\Windows\system32\DRIVERS\vsflt53.sys
19:08:21.0540 3572 vidsflt53 - ok
19:08:21.0571 3572 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:08:21.0618 3572 volmgr - ok
19:08:21.0665 3572 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:08:21.0727 3572 volmgrx - ok
19:08:21.0805 3572 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:08:21.0852 3572 volsnap - ok
19:08:21.0883 3572 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:08:21.0899 3572 vsmraid - ok
19:08:22.0195 3572 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:08:22.0242 3572 VSS - ok
19:08:22.0289 3572 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:08:22.0305 3572 W32Time - ok
19:08:22.0367 3572 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:08:22.0414 3572 WacomPen - ok
19:08:22.0445 3572 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:22.0476 3572 Wanarp - ok
19:08:22.0476 3572 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:22.0476 3572 Wanarpv6 - ok
19:08:22.0570 3572 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
19:08:22.0570 3572 WcesComm - ok
19:08:22.0648 3572 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:08:22.0695 3572 wcncsvc - ok
19:08:22.0710 3572 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:08:22.0726 3572 WcsPlugInService - ok
19:08:22.0741 3572 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:08:22.0757 3572 Wd - ok
19:08:22.0788 3572 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
19:08:22.0788 3572 WDC_SAM - ok
19:08:22.0835 3572 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:08:22.0882 3572 Wdf01000 - ok
19:08:22.0913 3572 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:08:22.0913 3572 WdiServiceHost - ok
19:08:22.0913 3572 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:08:22.0913 3572 WdiSystemHost - ok
19:08:22.0975 3572 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:08:22.0975 3572 WebClient - ok
19:08:23.0022 3572 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:08:23.0038 3572 Wecsvc - ok
19:08:23.0069 3572 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:08:23.0069 3572 wercplsupport - ok
19:08:23.0100 3572 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:08:23.0100 3572 WerSvc - ok
19:08:23.0147 3572 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:08:23.0209 3572 winachsf - ok
19:08:23.0319 3572 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:08:23.0334 3572 WinDefend - ok
19:08:23.0334 3572 WinHttpAutoProxySvc - ok
19:08:23.0397 3572 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:08:23.0397 3572 Winmgmt - ok
19:08:23.0599 3572 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:08:23.0724 3572 WinRM - ok
19:08:23.0833 3572 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:08:23.0880 3572 Wlansvc - ok
19:08:24.0005 3572 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\Windows\system32\drivers\WmBEnum.sys
19:08:24.0052 3572 WmBEnum - ok
19:08:24.0099 3572 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\Windows\system32\drivers\WmFilter.sys
19:08:24.0099 3572 WmFilter - ok
19:08:24.0130 3572 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:08:24.0161 3572 WmiAcpi - ok
19:08:24.0239 3572 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:08:24.0239 3572 wmiApSrv - ok
19:08:24.0489 3572 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:08:24.0520 3572 WMPNetworkSvc - ok
19:08:24.0567 3572 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\Windows\system32\drivers\WmVirHid.sys
19:08:24.0598 3572 WmVirHid - ok
19:08:24.0660 3572 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\Windows\system32\drivers\WmXlCore.sys
19:08:24.0676 3572 WmXlCore - ok
19:08:24.0707 3572 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:08:24.0738 3572 WPCSvc - ok
19:08:24.0785 3572 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:08:24.0785 3572 WPDBusEnum - ok
19:08:24.0863 3572 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:08:24.0894 3572 WpdUsb - ok
19:08:25.0066 3572 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:08:25.0144 3572 WPFFontCache_v0400 - ok
19:08:25.0175 3572 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:08:25.0191 3572 ws2ifsl - ok
19:08:25.0237 3572 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:08:25.0253 3572 wscsvc - ok
19:08:25.0253 3572 WSearch - ok
19:08:25.0503 3572 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:08:25.0565 3572 wuauserv - ok
19:08:25.0830 3572 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:25.0830 3572 WUDFRd - ok
19:08:25.0877 3572 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:08:25.0877 3572 wudfsvc - ok
19:08:25.0908 3572 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
19:08:25.0908 3572 XAudio - ok
19:08:25.0955 3572 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
19:08:25.0955 3572 XAudioService - ok
19:08:26.0017 3572 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
19:08:26.0049 3572 xnacc - ok
19:08:26.0095 3572 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:08:26.0454 3572 \Device\Harddisk0\DR0 - ok
19:08:26.0563 3572 Boot (0x1200) (eff6b875ab9127949d6ccae70be041fb) \Device\Harddisk0\DR0\Partition0
19:08:26.0563 3572 \Device\Harddisk0\DR0\Partition0 - ok
19:08:26.0579 3572 Boot (0x1200) (be7f3f37ea62d9ed6abcd3b9f2e9d578) \Device\Harddisk0\DR0\Partition1
19:08:26.0579 3572 \Device\Harddisk0\DR0\Partition1 - ok
19:08:26.0579 3572 ============================================================
19:08:26.0579 3572 Scan finished
19:08:26.0579 3572 ============================================================
19:08:26.0595 4940 Detected object count: 0
19:08:26.0595 4940 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-09 19:22:05
-----------------------------
19:22:05.610 OS Version: Windows 6.0.6002 Service Pack 2
19:22:05.610 Number of processors: 2 586 0xF06
19:22:05.610 ComputerName: HOME UserName: Ben
19:22:07.061 Initialize success
19:28:58.269 AVAST engine defs: 12080901
19:31:26.383 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:31:26.383 Disk 0 Vendor: WDC_WD16 05.0 Size: 152587MB BusType: 3
19:31:26.398 Disk 0 MBR read successfully
19:31:26.398 Disk 0 MBR scan
19:31:26.429 Disk 0 Windows VISTA default MBR code
19:31:26.429 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
19:31:26.461 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
19:31:26.601 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 142291 MB offset 21084160
19:31:26.617 Disk 0 scanning sectors +312496128
19:31:28.473 Disk 0 scanning C:\Windows\system32\drivers
19:31:57.115 Service scanning
19:32:22.106 Modules scanning
19:32:27.706 Disk 0 trace - called modules:
19:32:27.753 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys hal.dll iastor.sys
19:32:27.753 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86cfc180]
19:32:27.753 3 CLASSPNP.SYS[8add48b3] -> nt!IofCallDriver -> [0x86cfced8]
19:32:27.753 5 vsflt53.sys[82b18c2b] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d11030]
19:32:29.609 AVAST engine scan C:\Windows
19:32:34.492 AVAST engine scan C:\Windows\system32
19:36:56.182 AVAST engine scan C:\Windows\system32\drivers
19:37:13.904 AVAST engine scan C:\Users\Ben
19:53:50.338 AVAST engine scan C:\ProgramData
19:58:15.788 Scan finished successfully
20:26:18.914 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
20:26:18.935 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 10 August 2012 - 12:17 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Ask.com

Firefox::
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\vvsthx2f.default\
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-W1&o=100000080&locale=en_US&apn_uid=97b342ca-0d8a-4261-8bfa-ce66248b6cd2&apn_ptnrs=JM&apn_sauid=78008218-40E5-43FB-B65C-1A8850A76F96&apn_dtid=YYYYYYYYUS&&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 leonce

leonce
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 12 August 2012 - 09:48 PM

I had no problems running Combofix (dragging the script into Combofix). However, the browser is still redirecting, though possibly with lesser frequency.



ComboFix 12-08-10.02 - Ben 08/11/2012 21:18:07.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3069.2246 [GMT -4:00]
Running from: c:\users\Ben\Documents\ComboFix.exe
Command switches used :: c:\users\Ben\Desktop\cfscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\AviraBrowserSecurity.exe
c:\program files\Ask.com\cb_ed4.ico
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_fd37.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 01:25 . 2012-08-12 01:25 -------- d-----w- c:\users\Ben\AppData\Local\temp
2012-08-12 01:25 . 2012-08-12 01:25 -------- d-----w- c:\users\Yi\AppData\Local\temp
2012-08-12 01:25 . 2012-08-12 01:25 -------- d-----w- c:\users\Shiow\AppData\Local\temp
2012-08-12 01:25 . 2012-08-12 01:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-12 01:25 . 2012-08-12 01:25 -------- d-----w- c:\users\Gien\AppData\Local\temp
2012-08-12 01:25 . 2012-08-12 01:25 -------- d-----w- c:\users\Gien.Home\AppData\Local\temp
2012-08-12 01:25 . 2012-08-12 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 08:46 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0ED11AAA-F0C7-4CCF-AE52-36902E54F2AC}\mpengine.dll
2012-08-07 04:06 . 2012-08-07 04:06 -------- d-----w- c:\users\Ben\AppData\Roaming\SUPERAntiSpyware.com
2012-08-07 04:05 . 2012-08-07 04:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-07 04:05 . 2012-08-07 04:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-07 00:13 . 2012-08-07 00:13 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-08-07 00:13 . 2012-08-07 00:13 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-08-07 00:13 . 2012-08-07 00:13 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2012-08-07 00:13 . 2012-08-07 00:13 169088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-07 00:13 . 2012-08-07 00:13 -------- d-----w- c:\program files\Acronis
2012-08-07 00:13 . 2012-08-07 00:13 -------- d-----w- c:\program files\Common Files\Acronis
2012-07-31 20:51 . 2012-07-31 20:52 -------- d-----w- c:\users\Shiow\AppData\Roaming\HpUpdate
2012-07-27 01:00 . 2012-07-27 01:00 388096 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-27 01:00 . 2012-07-27 01:00 -------- d-----w- c:\program files\Trend Micro
2012-07-26 17:56 . 2012-07-26 17:56 -------- d-----w- c:\users\Ben\AppData\Local\Secunia PSI
2012-07-26 17:56 . 2012-07-26 17:56 -------- d-----w- c:\program files\Secunia
2012-07-26 17:41 . 2012-07-26 17:41 -------- d-----w- c:\users\Ben\AppData\Local\Threat Expert
2012-07-25 21:46 . 2012-07-25 21:46 -------- d-----w- c:\program files\Enigma Software Group
2012-07-25 21:46 . 2012-07-26 17:42 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-07-25 20:10 . 2012-07-25 20:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-07-25 18:58 . 2012-07-25 18:58 -------- d-----w- c:\program files\HitmanPro
2012-07-25 18:58 . 2012-07-25 20:10 -------- d-----w- c:\programdata\HitmanPro
2012-07-25 14:38 . 2012-07-26 22:45 -------- d-----w- c:\program files\PC Tools
2012-07-25 14:10 . 2012-07-26 22:45 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-25 14:10 . 2012-06-22 19:34 203120 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-25 14:09 . 2012-07-26 22:43 -------- d-----w- c:\programdata\PC Tools
2012-07-25 14:09 . 2012-07-25 14:09 -------- d-----w- c:\users\Ben\AppData\Roaming\TestApp
2012-07-25 04:20 . 2012-08-11 16:34 -------- d-----w- c:\users\Ben\AppData\Local\CrashDumps
2012-07-25 04:14 . 2012-07-25 04:35 -------- d-----w- c:\users\Ben\AppData\Local\NPE
2012-07-25 04:14 . 2012-07-25 04:14 -------- d-----w- c:\programdata\Norton
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-06-10 01:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:40 . 2012-07-13 00:27 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 11:21 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 11:21 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 11:21 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 23:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 23:04 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 23:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 23:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 23:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 23:04 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 23:04 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 23:04 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-22 23:04 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-13 00:20 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-13 00:20 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-13 00:20 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-13 00:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-13 00:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 11:21 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 11:21 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2009-10-02 18:23 237072 ------w- c:\windows\system32\MpSigStub.exe
2008-12-18 02:23 . 2008-12-18 02:23 336 ----a-w- c:\program files\temp995.bat
2012-07-27 00:10 . 2012-02-21 15:20 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-18 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-05-05 153672]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2012-01-05 1823744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-23 50688]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-28 692224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 04:39]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-05 04:39]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532833285-3097925050-780435239-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-01 19:52]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1532833285-3097925050-780435239-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-01 19:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: motive.com\patttbc.att
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\vvsthx2f.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-11 21:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4148)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2012-08-11 21:27:44
ComboFix-quarantined-files.txt 2012-08-12 01:27
ComboFix2.txt 2012-08-09 18:36
ComboFix3.txt 2012-07-26 18:29
ComboFix4.txt 2012-07-25 23:04
.
Pre-Run: 21,569,388,544 bytes free
Post-Run: 21,867,253,760 bytes free
.
- - End Of File - - 9D791A2039970A2A3FBF2490943AECFF

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 13 August 2012 - 12:05 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 leonce

leonce
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 13 August 2012 - 11:19 PM

OTL logfile created on: 8/14/2012 12:00:40 AM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Ben\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.08% Memory free
6.22 Gb Paging File | 4.82 Gb Available in Paging File | 77.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 21.00 Gb Free Space | 15.11% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.90 Gb Free Space | 69.01% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Ben | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ben\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avnotify.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Windows\sttray.exe (SigmaTel, Inc.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll ()
MOD - C:\Program Files\7-Zip\7-zip.dll ()


========== Win32 Services (SafeList) ==========

SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (PalmUSBD) -- system32\drivers\PalmUSBD.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found
DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (ivusb) -- system32\DRIVERS\ivusb.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (catchme) -- C:\Users\Ben\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (vididr) -- C:\Windows\System32\drivers\vididr.sys (Acronis)
DRV - (vidsflt53) -- C:\Windows\System32\drivers\vsflt53.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (Leapfrog-USBLAN) -- C:\Windows\System32\drivers\btblan.sys (Belcarra Technologies)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\..\SearchScopes,DefaultScope = ComcastSearch
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=JM&apn_dtid=YYYYYYYYUS&apn_uid=97b342ca-0d8a-4261-8bfa-ce66248b6cd2&apn_sauid=78008218-40E5-43FB-B65C-1A8850A76F96
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1606
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070724
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=JM&apn_dtid=YYYYYYYYUS&apn_uid=97b342ca-0d8a-4261-8bfa-ce66248b6cd2&apn_sauid=78008218-40E5-43FB-B65C-1A8850A76F96
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS
IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:myworld|http://www.netscape.com/"
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.2
FF - prefs.js..flock.keyword.provider: "Yahoo!"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Ben\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Ben\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Ben\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/24 20:36:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Components: C:\Program Files\Flock\components [2012/07/27 19:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.0.3\extensions\\Plugins: C:\Program Files\Flock\plugins [2012/07/27 19:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5\extensions\\Components: C:\Program Files\Flock\components [2012/07/27 19:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.5\extensions\\Plugins: C:\Program Files\Flock\plugins [2012/07/27 19:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components [2012/07/27 19:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2012/07/27 19:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.2\extensions\\Components: C:\Program Files\Flock\components [2012/07/27 19:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.2\extensions\\Plugins: C:\Program Files\Flock\plugins [2012/07/27 19:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/27 19:22:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/27 19:22:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Ben\AppData\Roaming\Move Networks [2010/01/29 12:18:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/09/24 20:36:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{316E81E3-AABD-11E1-8270-B8AC6F996F26}: C:\Users\Ben\AppData\Local\{316E81E3-AABD-11E1-8270-B8AC6F996F26}\ [2012/05/30 21:09:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/27 19:22:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/27 19:22:29 | 000,000,000 | ---D | M]

[2009/02/01 12:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions
[2009/02/01 12:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2012/07/26 14:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\vvsthx2f.default\extensions
[2012/03/18 23:01:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/26 20:10:20 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/17 20:32:59 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/03/05 12:48:33 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/02/05 00:02:56 | 001,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2009/05/04 16:02:22 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2012/02/21 11:20:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/21 11:20:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ben\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX\u00AE Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: LizardTech DjVu (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ben\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Ben\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Ben\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\Ben\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/08/11 21:25:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\Toolbar\WebBrowser: (no name) - {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - No CLSID value found.
O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{326093D1-75F9-4D6E-85FE-A05EAA5D90A1}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Ben\Documents\204.JPG
O24 - Desktop BackupWallPaper: C:\Users\Ben\Documents\204.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 23:55:37 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2012/08/11 21:27:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/11 21:27:46 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\temp
[2012/08/11 21:27:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/11 21:16:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/09 19:05:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ben\Desktop\aswMBR.exe
[2012/08/09 15:57:37 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ben\Documents\tdsskiller(1).exe
[2012/08/09 14:11:23 | 004,729,547 | R--- | C] (Swearware) -- C:\Users\Ben\Documents\ComboFix.exe
[2012/08/07 00:42:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ben\Documents\dds.com
[2012/08/07 00:06:01 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/07 00:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/07 00:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/07 00:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/07 00:02:14 | 018,987,688 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Ben\Documents\SUPERAntiSpyware(1).exe
[2012/08/06 20:20:26 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Acronis
[2012/08/06 20:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2012/08/06 20:13:57 | 000,601,408 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012/08/06 20:13:49 | 000,125,472 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012/08/06 20:13:48 | 000,083,392 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\vsflt53.sys
[2012/08/06 20:13:46 | 000,169,088 | ---- | C] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012/08/06 20:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
[2012/08/06 20:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Acronis
[2012/08/06 20:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2012/08/06 12:47:33 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ben\Documents\TDSSKiller.exe
[2012/08/05 20:38:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/07/26 21:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/26 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/07/26 13:56:29 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Secunia PSI
[2012/07/26 13:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/07/26 13:54:04 | 000,463,080 | ---- | C] (CNET Download.com) -- C:\Users\Ben\Documents\cnet2_PSISetup_exe.exe
[2012/07/26 13:41:27 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\Threat Expert
[2012/07/25 18:49:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/25 18:49:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/25 18:49:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/25 18:49:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 18:48:52 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/25 17:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/25 17:41:10 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Ben\Documents\SpyHunter-Installer(1).exe
[2012/07/25 17:38:24 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\Ben\Documents\SpyHunter-Installer.exe
[2012/07/25 17:10:29 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Ben\Documents\FixTDSS.exe
[2012/07/25 16:28:32 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\Ben\Documents\ccsetup321.exe
[2012/07/25 16:10:48 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/07/25 14:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/07/25 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/25 14:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/25 10:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/07/25 10:14:53 | 007,718,272 | ---- | C] (SurfRight B.V.) -- C:\Users\Ben\Documents\HitmanPro36.exe
[2012/07/25 10:10:57 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/07/25 10:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/07/25 10:09:51 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Roaming\TestApp
[2012/07/25 10:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/25 10:09:06 | 004,122,616 | ---- | C] (PC Tools) -- C:\Users\Ben\Documents\sdsetup.exe
[2012/07/25 00:20:34 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\CrashDumps
[2012/07/25 00:14:01 | 000,000,000 | ---D | C] -- C:\Users\Ben\AppData\Local\NPE
[2012/07/25 00:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/07/25 00:13:15 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Users\Ben\Documents\NPE.exe
[2012/07/24 22:36:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ben\Documents\aswMBR.exe
[2012/07/23 20:42:02 | 000,000,000 | ---D | C] -- C:\Users\Ben\Documents\Azureus Downloads
[2012/07/23 20:34:18 | 009,250,272 | ---- | C] (Vuze Inc.) -- C:\Users\Ben\Documents\Vuze_Installer.exe
[2007/12/12 00:45:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Ben\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,725,297 | ---- | M] () -- C:\Users\Ben\Documents\189.JPG
[2049/12/31 16:00:00 | 000,643,278 | ---- | M] () -- C:\Users\Ben\Documents\193.JPG
[2049/12/31 16:00:00 | 000,590,786 | ---- | M] () -- C:\Users\Ben\Documents\204.JPG
[2049/12/31 16:00:00 | 000,460,302 | ---- | M] () -- C:\Users\Ben\Documents\206.JPG
[2049/12/31 16:00:00 | 000,449,421 | ---- | M] () -- C:\Users\Ben\Documents\203.JPG
[2012/08/13 23:55:41 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ben\Desktop\OTL.exe
[2012/08/13 23:54:30 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/13 23:47:14 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1532833285-3097925050-780435239-1000UA.job
[2012/08/13 23:47:14 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 23:47:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/13 20:54:13 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 20:54:13 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 18:54:07 | 3219,050,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 23:53:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/12 22:23:09 | 000,031,046 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_02 Aug. 12 22.23.gif
[2012/08/12 22:17:38 | 000,302,147 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_01 Aug. 12 22.17.gif
[2012/08/11 22:17:40 | 000,028,258 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_07 Aug. 11 22.17.gif
[2012/08/11 22:17:35 | 000,001,081 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_06 Aug. 11 22.17.gif
[2012/08/11 22:17:29 | 000,036,287 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_05 Aug. 11 22.17.gif
[2012/08/11 22:17:24 | 000,031,334 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_04 Aug. 11 22.17.gif
[2012/08/11 22:17:14 | 000,042,423 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_03 Aug. 11 22.17.gif
[2012/08/11 22:00:34 | 000,112,115 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_02 Aug. 11 22.00.gif
[2012/08/11 22:00:28 | 000,000,954 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Aug. 11 22.00.gif
[2012/08/11 21:25:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/11 21:15:27 | 004,729,547 | R--- | M] (Swearware) -- C:\Users\Ben\Documents\ComboFix.exe
[2012/08/11 18:36:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1532833285-3097925050-780435239-1000Core.job
[2012/08/09 20:26:18 | 000,000,512 | ---- | M] () -- C:\Users\Ben\Desktop\MBR.dat
[2012/08/09 19:07:46 | 000,002,034 | ---- | M] () -- C:\Users\Ben\Desktop\Google Chrome.lnk
[2012/08/09 19:07:46 | 000,001,996 | ---- | M] () -- C:\Users\Ben\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/09 19:06:49 | 000,000,577 | ---- | M] () -- C:\Users\Ben\Desktop\tdsskiller(1).exe - Shortcut.lnk
[2012/08/09 19:06:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ben\Desktop\aswMBR.exe
[2012/08/09 15:57:51 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ben\Documents\tdsskiller(1).exe
[2012/08/09 15:17:24 | 000,031,120 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_05 Aug. 09 15.17.gif
[2012/08/09 15:17:20 | 000,000,833 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_04 Aug. 09 15.17.gif
[2012/08/09 14:56:44 | 000,076,001 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_03 Aug. 09 14.56.gif
[2012/08/09 14:42:46 | 000,122,093 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_02 Aug. 09 14.42.gif
[2012/08/09 14:42:40 | 000,000,807 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Aug. 09 14.42.gif
[2012/08/09 14:15:52 | 000,000,552 | ---- | M] () -- C:\Users\Ben\Desktop\ComboFix.exe - Shortcut.lnk
[2012/08/09 13:41:15 | 000,881,494 | ---- | M] () -- C:\Users\Ben\Documents\SecurityCheck.exe
[2012/08/09 13:35:20 | 000,205,792 | ---- | M] () -- C:\Users\Ben\Documents\LoadReport.pdf
[2012/08/08 21:58:52 | 000,142,766 | ---- | M] () -- C:\Users\Ben\Documents\T-Mobile_369410608_08_03_12.pdf
[2012/08/08 18:40:51 | 000,181,594 | ---- | M] () -- C:\Users\Ben\Documents\BPMappG_opt.pdf
[2012/08/08 18:40:45 | 000,679,651 | ---- | M] () -- C:\Users\Ben\Documents\Eye_Credible_Tips_no_notes.pdf
[2012/08/08 18:31:27 | 000,050,017 | ---- | M] () -- C:\Users\Ben\Documents\eyecodes1.pdf
[2012/08/08 18:29:04 | 000,041,248 | ---- | M] () -- C:\Users\Ben\Documents\ThreeCs.pdf
[2012/08/08 18:26:06 | 000,038,976 | ---- | M] () -- C:\Users\Ben\Documents\glaucoma2008.pdf
[2012/08/08 18:15:45 | 000,049,803 | ---- | M] () -- C:\Users\Ben\Documents\Dayglaucoma.pdf
[2012/08/08 18:06:12 | 000,256,270 | ---- | M] () -- C:\Users\Ben\Documents\2011_Coding_Update_Q-Arev.pdf
[2012/08/08 17:59:55 | 000,741,345 | ---- | M] () -- C:\Users\Ben\Documents\MedicalRetinaforOD_sCompressed.pdf
[2012/08/08 15:58:45 | 000,286,985 | ---- | M] () -- C:\Users\Ben\Documents\2012LLBBWS-Bracket-TVSchedule.pdf
[2012/08/08 12:59:34 | 000,266,912 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_03 Aug. 08 12.59.gif
[2012/08/08 12:59:29 | 000,266,174 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_02 Aug. 08 12.59.gif
[2012/08/08 12:59:21 | 000,000,855 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Aug. 08 12.59.gif
[2012/08/07 20:21:02 | 000,017,005 | ---- | M] () -- C:\Users\Ben\Documents\aI60rJ665999gJ996Tb5frI979TTl576e0_14132476.pdf
[2012/08/07 20:07:44 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/07 20:07:44 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/07 20:03:39 | 000,020,537 | ---- | M] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_39390540.PDF
[2012/08/07 20:03:25 | 000,017,190 | ---- | M] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_38072092.PDF
[2012/08/07 20:03:05 | 000,017,245 | ---- | M] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_74969488.PDF
[2012/08/07 19:54:31 | 000,020,537 | ---- | M] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_22495520.PDF
[2012/08/07 19:54:19 | 000,020,494 | ---- | M] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_78690104.PDF
[2012/08/07 19:53:25 | 000,017,273 | ---- | M] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_40742068.PDF
[2012/08/07 19:49:25 | 000,002,605 | ---- | M] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_27083332.CSV
[2012/08/07 19:30:28 | 000,496,640 | ---- | M] () -- C:\Users\Ben\Documents\passwordsF3.wps
[2012/08/07 19:30:28 | 000,001,606 | ---- | M] () -- C:\Users\Ben\AppData\Roaming\wklnhst.dat
[2012/08/07 01:00:08 | 000,302,592 | ---- | M] () -- C:\Users\Ben\Documents\e17w4qmj.exe
[2012/08/07 00:42:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Ben\Documents\dds.com
[2012/08/07 00:05:59 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/07 00:04:35 | 018,987,688 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Ben\Documents\SUPERAntiSpyware(1).exe
[2012/08/06 20:14:00 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2012/08/06 20:13:57 | 000,601,408 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[2012/08/06 20:13:49 | 000,125,472 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vididr.sys
[2012/08/06 20:13:48 | 000,083,392 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\vsflt53.sys
[2012/08/06 20:13:46 | 000,169,088 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2012/08/06 20:04:25 | 001,201,246 | ---- | M] () -- C:\Users\Ben\Documents\4779-705057.pdf
[2012/08/06 19:01:14 | 000,115,449 | ---- | M] () -- C:\Users\Ben\Documents\4000 Membership Rewards® Program...pdf
[2012/08/06 12:51:11 | 000,080,384 | ---- | M] () -- C:\Users\Ben\Documents\MBRCheck.exe
[2012/08/06 11:03:02 | 000,004,041 | ---- | M] () -- C:\Users\Ben\Documents\user.conf
[2012/08/06 01:16:27 | 000,044,607 | ---- | M] () -- C:\Users\Ben\Documents\bootkit_remover.zip
[2012/08/06 01:08:56 | 000,312,939 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_02 Aug. 06 01.08.gif
[2012/08/06 01:08:49 | 000,000,807 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Aug. 06 01.08.gif
[2012/08/05 05:58:59 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 22:30:21 | 000,063,158 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_14 Jul. 28 22.30.gif
[2012/07/28 22:29:57 | 000,106,283 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_13 Jul. 28 22.29.gif
[2012/07/28 20:42:01 | 000,042,658 | ---- | M] () -- C:\Users\Ben\Documents\Customer Path No Promo GenericTMobileTermsandCondition.pdf
[2012/07/28 20:38:22 | 000,011,132 | ---- | M] () -- C:\Users\Ben\Documents\T-Mobile_795764.pdf
[2012/07/28 20:09:01 | 000,099,192 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_12 Jul. 28 20.08.gif
[2012/07/28 12:56:07 | 000,042,700 | ---- | M] () -- C:\Users\Ben\Documents\CorporateGroupTermsandConditionMailIn.pdf
[2012/07/28 12:55:45 | 000,105,463 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_11 Jul. 28 12.55.gif
[2012/07/28 12:55:38 | 000,000,808 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_10 Jul. 28 12.55.gif
[2012/07/28 10:28:28 | 000,198,723 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_09 Jul. 28 10.28.gif
[2012/07/28 10:27:04 | 000,124,385 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_08 Jul. 28 10.27.gif
[2012/07/28 10:26:58 | 000,000,807 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_07 Jul. 28 10.26.gif
[2012/07/28 10:26:42 | 000,142,123 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_06 Jul. 28 10.26.gif
[2012/07/28 10:04:36 | 000,194,196 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_05 Jul. 28 10.04.gif
[2012/07/28 10:04:11 | 000,120,370 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_04 Jul. 28 10.04.gif
[2012/07/28 09:53:59 | 000,197,641 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_03 Jul. 28 09.53.gif
[2012/07/28 09:53:53 | 000,000,807 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_02 Jul. 28 09.53.gif
[2012/07/28 09:53:25 | 000,126,672 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_01 Jul. 28 09.53.gif
[2012/07/27 23:23:53 | 000,000,512 | ---- | M] () -- C:\Users\Ben\Documents\MBR.dat
[2012/07/27 11:58:50 | 000,344,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/27 11:56:08 | 000,000,761 | ---- | M] () -- C:\Users\Ben\Documents\hosts.20071028-000452.backup
[2012/07/27 11:54:21 | 000,010,807 | ---- | M] () -- C:\Users\Ben\Documents\hijackthis7.27.2012
[2012/07/27 11:51:44 | 000,002,519 | ---- | M] () -- C:\Users\Ben\Desktop\HiJackThis.lnk
[2012/07/26 23:38:29 | 000,290,412 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_04 Jul. 26 23.38.jpg
[2012/07/26 23:38:25 | 000,000,287 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_03 Jul. 26 23.38.jpg
[2012/07/26 23:21:37 | 000,098,724 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_02 Jul. 26 23.21.jpg
[2012/07/26 23:21:32 | 000,000,287 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_01 Jul. 26 23.21.jpg
[2012/07/26 21:52:07 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/07/26 21:52:07 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/07/26 21:36:57 | 000,142,726 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_09 Jul. 26 21.36.jpg
[2012/07/26 21:28:40 | 000,167,573 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_08 Jul. 26 21.28.jpg
[2012/07/26 21:22:49 | 000,248,703 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_07 Jul. 26 21.22.jpg
[2012/07/26 21:22:13 | 000,129,312 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_06 Jul. 26 21.22.jpg
[2012/07/26 21:21:18 | 000,080,178 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_05 Jul. 26 21.21.jpg
[2012/07/26 21:19:56 | 000,000,288 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_04 Jul. 26 21.19.jpg
[2012/07/26 21:19:03 | 000,000,315 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_03 Jul. 26 21.19.jpg
[2012/07/26 21:17:53 | 000,198,945 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_02 Jul. 26 21.17.jpg
[2012/07/26 21:17:42 | 000,000,287 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_01 Jul. 26 21.17.jpg
[2012/07/26 14:43:41 | 000,211,706 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_02 Jul. 26 14.43.jpg
[2012/07/26 14:43:37 | 000,000,286 | ---- | M] () -- C:\Users\Ben\Documents\ScreenHunter_01 Jul. 26 14.43.jpg
[2012/07/26 13:54:15 | 000,463,080 | ---- | M] (CNET Download.com) -- C:\Users\Ben\Documents\cnet2_PSISetup_exe.exe
[2012/07/25 17:41:14 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Ben\Documents\SpyHunter-Installer(1).exe
[2012/07/25 17:38:27 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\Ben\Documents\SpyHunter-Installer.exe
[2012/07/25 17:10:41 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Ben\Documents\FixTDSS.exe
[2012/07/25 17:07:47 | 002,117,094 | ---- | M] () -- C:\Users\Ben\Documents\tdsskiller(3).zip
[2012/07/25 17:06:15 | 001,954,670 | ---- | M] () -- C:\Users\Ben\Desktop\tdsskiller.zip
[2012/07/25 16:31:18 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/25 16:28:59 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\Ben\Documents\ccsetup321.exe
[2012/07/25 16:11:55 | 000,035,366 | ---- | M] () -- C:\Users\Ben\Documents\log.xml
[2012/07/25 16:10:48 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/07/25 14:58:48 | 000,001,734 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/25 10:19:15 | 007,718,272 | ---- | M] (SurfRight B.V.) -- C:\Users\Ben\Documents\HitmanPro36.exe
[2012/07/25 10:16:42 | 000,980,480 | ---- | M] () -- C:\Users\Ben\Documents\MicrosoftFixit50267.msi
[2012/07/25 10:13:03 | 002,296,491 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/25 10:09:32 | 004,122,616 | ---- | M] (PC Tools) -- C:\Users\Ben\Documents\sdsetup.exe
[2012/07/25 00:20:45 | 000,007,944 | ---- | M] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat
[2012/07/25 00:13:43 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Users\Ben\Documents\NPE.exe
[2012/07/24 23:57:34 | 002,117,108 | ---- | M] () -- C:\Users\Ben\Documents\tdsskiller(2).zip
[2012/07/24 22:36:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ben\Documents\aswMBR.exe
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ben\Documents\TDSSKiller.exe
[2012/07/23 20:36:59 | 009,250,272 | ---- | M] (Vuze Inc.) -- C:\Users\Ben\Documents\Vuze_Installer.exe
[2012/07/20 21:52:43 | 000,124,903 | ---- | M] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Jul. 20 21.52.jpg
[2012/07/17 23:47:12 | 000,017,005 | ---- | M] () -- C:\Users\Ben\Documents\ae599QMy97699fqgb9U97698965896JeJb1_15359151.PDF
[2012/07/17 23:46:16 | 000,017,190 | ---- | M] () -- C:\Users\Ben\Documents\ae599QMy97699fqgb9U97698965896JeJb1_77604992.PDF
[2012/07/17 23:45:49 | 000,007,939 | ---- | M] () -- C:\Users\Ben\Documents\ae599QMy97699fqgb9U97698965896JeJb1_60828232.OFX
[2012/07/17 23:44:08 | 000,017,273 | ---- | M] () -- C:\Users\Ben\Documents\ae59Z9566J7695666db59976769o96rdd8959f_30834580.pdf
[2012/07/15 17:35:17 | 000,145,691 | ---- | M] () -- C:\Users\Ben\Documents\Fall03Update.pdf
[2012/07/15 17:15:13 | 002,580,325 | ---- | M] () -- C:\Users\Ben\Documents\Burn-Support-News-Water-Heaters.pdf
[2012/07/15 17:00:52 | 001,943,359 | ---- | M] () -- C:\Users\Ben\Documents\HouseInspectionSample_Report.pdf
[2012/07/15 10:30:43 | 000,071,001 | ---- | M] () -- C:\Users\Ben\Documents\IPCamendments.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/13 23:58:24 | 000,302,147 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_01 Aug. 12 22.17.gif
[2012/08/13 23:58:24 | 000,042,423 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_03 Aug. 11 22.17.gif
[2012/08/13 23:58:24 | 000,036,287 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_05 Aug. 11 22.17.gif
[2012/08/13 23:58:24 | 000,031,334 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_04 Aug. 11 22.17.gif
[2012/08/13 23:58:24 | 000,031,046 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_02 Aug. 12 22.23.gif
[2012/08/13 23:58:24 | 000,028,258 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_07 Aug. 11 22.17.gif
[2012/08/13 23:58:24 | 000,001,081 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_06 Aug. 11 22.17.gif
[2012/08/11 22:00:34 | 000,112,115 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_02 Aug. 11 22.00.gif
[2012/08/11 22:00:28 | 000,000,954 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Aug. 11 22.00.gif
[2012/08/09 20:26:18 | 000,000,512 | ---- | C] () -- C:\Users\Ben\Desktop\MBR.dat
[2012/08/09 19:06:49 | 000,000,577 | ---- | C] () -- C:\Users\Ben\Desktop\tdsskiller(1).exe - Shortcut.lnk
[2012/08/09 15:17:24 | 000,031,120 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_05 Aug. 09 15.17.gif
[2012/08/09 15:17:20 | 000,000,833 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_04 Aug. 09 15.17.gif
[2012/08/09 14:56:44 | 000,076,001 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_03 Aug. 09 14.56.gif
[2012/08/09 14:42:46 | 000,122,093 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_02 Aug. 09 14.42.gif
[2012/08/09 14:42:40 | 000,000,807 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Aug. 09 14.42.gif
[2012/08/09 14:15:52 | 000,000,552 | ---- | C] () -- C:\Users\Ben\Desktop\ComboFix.exe - Shortcut.lnk
[2012/08/09 13:41:09 | 000,881,494 | ---- | C] () -- C:\Users\Ben\Documents\SecurityCheck.exe
[2012/08/09 13:35:20 | 000,205,792 | ---- | C] () -- C:\Users\Ben\Documents\LoadReport.pdf
[2012/08/08 21:58:51 | 000,142,766 | ---- | C] () -- C:\Users\Ben\Documents\T-Mobile_369410608_08_03_12.pdf
[2012/08/08 18:40:51 | 000,181,594 | ---- | C] () -- C:\Users\Ben\Documents\BPMappG_opt.pdf
[2012/08/08 18:40:45 | 000,679,651 | ---- | C] () -- C:\Users\Ben\Documents\Eye_Credible_Tips_no_notes.pdf
[2012/08/08 18:31:27 | 000,050,017 | ---- | C] () -- C:\Users\Ben\Documents\eyecodes1.pdf
[2012/08/08 18:29:04 | 000,041,248 | ---- | C] () -- C:\Users\Ben\Documents\ThreeCs.pdf
[2012/08/08 18:26:06 | 000,038,976 | ---- | C] () -- C:\Users\Ben\Documents\glaucoma2008.pdf
[2012/08/08 18:15:45 | 000,049,803 | ---- | C] () -- C:\Users\Ben\Documents\Dayglaucoma.pdf
[2012/08/08 18:06:12 | 000,256,270 | ---- | C] () -- C:\Users\Ben\Documents\2011_Coding_Update_Q-Arev.pdf
[2012/08/08 17:59:55 | 000,741,345 | ---- | C] () -- C:\Users\Ben\Documents\MedicalRetinaforOD_sCompressed.pdf
[2012/08/08 15:58:45 | 000,286,985 | ---- | C] () -- C:\Users\Ben\Documents\2012LLBBWS-Bracket-TVSchedule.pdf
[2012/08/08 12:59:34 | 000,266,912 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_03 Aug. 08 12.59.gif
[2012/08/08 12:59:29 | 000,266,174 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_02 Aug. 08 12.59.gif
[2012/08/08 12:59:21 | 000,000,855 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Aug. 08 12.59.gif
[2012/08/07 20:21:02 | 000,017,005 | ---- | C] () -- C:\Users\Ben\Documents\aI60rJ665999gJ996Tb5frI979TTl576e0_14132476.pdf
[2012/08/07 20:03:39 | 000,020,537 | ---- | C] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_39390540.PDF
[2012/08/07 20:03:25 | 000,017,190 | ---- | C] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_38072092.PDF
[2012/08/07 20:03:05 | 000,017,245 | ---- | C] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_74969488.PDF
[2012/08/07 19:54:31 | 000,020,537 | ---- | C] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_22495520.PDF
[2012/08/07 19:54:18 | 000,020,494 | ---- | C] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_78690104.PDF
[2012/08/07 19:53:24 | 000,017,273 | ---- | C] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_40742068.PDF
[2012/08/07 19:49:24 | 000,002,605 | ---- | C] () -- C:\Users\Ben\Documents\aZce9ukJR699769h1q76r6t8I6QJR6762_27083332.CSV
[2012/08/07 01:00:08 | 000,302,592 | ---- | C] () -- C:\Users\Ben\Documents\e17w4qmj.exe
[2012/08/07 00:05:59 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/06 20:14:00 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2012/08/06 20:04:13 | 001,201,246 | ---- | C] () -- C:\Users\Ben\Documents\4779-705057.pdf
[2012/08/06 19:01:13 | 000,115,449 | ---- | C] () -- C:\Users\Ben\Documents\4000 Membership Rewards® Program...pdf
[2012/08/06 12:51:10 | 000,080,384 | ---- | C] () -- C:\Users\Ben\Documents\MBRCheck.exe
[2012/08/06 11:03:02 | 000,004,041 | ---- | C] () -- C:\Users\Ben\Documents\user.conf
[2012/08/06 01:16:26 | 000,044,607 | ---- | C] () -- C:\Users\Ben\Documents\bootkit_remover.zip
[2012/08/06 01:08:56 | 000,312,939 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_02 Aug. 06 01.08.gif
[2012/08/06 01:08:49 | 000,000,807 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Aug. 06 01.08.gif
[2012/07/28 23:59:52 | 000,262,615 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_09 Jul. 01 10.07.jpg
[2012/07/28 23:59:52 | 000,252,479 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_05 Jul. 01 09.57.jpg
[2012/07/28 23:59:52 | 000,211,706 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_02 Jul. 26 14.43.jpg
[2012/07/28 23:59:52 | 000,198,945 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_02 Jul. 26 21.17.jpg
[2012/07/28 23:59:52 | 000,162,630 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_04 Jul. 01 09.56.jpg
[2012/07/28 23:59:52 | 000,156,858 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_07 Jul. 01 10.07.jpg
[2012/07/28 23:59:52 | 000,125,957 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_10 Jul. 01 10.14.jpg
[2012/07/28 23:59:52 | 000,120,696 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_08 Jul. 01 10.07.jpg
[2012/07/28 23:59:52 | 000,080,178 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_05 Jul. 26 21.21.jpg
[2012/07/28 23:59:52 | 000,000,315 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_03 Jul. 26 21.19.jpg
[2012/07/28 23:59:52 | 000,000,288 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_04 Jul. 26 21.19.jpg
[2012/07/28 23:59:52 | 000,000,287 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_01 Jul. 26 21.17.jpg
[2012/07/28 23:59:52 | 000,000,286 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_01 Jul. 26 14.43.jpg
[2012/07/28 23:59:52 | 000,000,285 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_06 Jul. 01 10.06.jpg
[2012/07/28 23:59:32 | 000,290,412 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_04 Jul. 26 23.38.jpg
[2012/07/28 23:59:32 | 000,198,723 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_09 Jul. 28 10.28.gif
[2012/07/28 23:59:32 | 000,197,641 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_03 Jul. 28 09.53.gif
[2012/07/28 23:59:32 | 000,194,196 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_05 Jul. 28 10.04.gif
[2012/07/28 23:59:32 | 000,142,123 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_06 Jul. 28 10.26.gif
[2012/07/28 23:59:32 | 000,126,672 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_01 Jul. 28 09.53.gif
[2012/07/28 23:59:32 | 000,124,385 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_08 Jul. 28 10.27.gif
[2012/07/28 23:59:32 | 000,120,370 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_04 Jul. 28 10.04.gif
[2012/07/28 23:59:32 | 000,099,192 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_12 Jul. 28 20.08.gif
[2012/07/28 23:59:32 | 000,098,724 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_02 Jul. 26 23.21.jpg
[2012/07/28 23:59:32 | 000,000,807 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_07 Jul. 28 10.26.gif
[2012/07/28 23:59:32 | 000,000,807 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_02 Jul. 28 09.53.gif
[2012/07/28 23:59:32 | 000,000,287 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_03 Jul. 26 23.38.jpg
[2012/07/28 23:59:31 | 000,248,703 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_07 Jul. 26 21.22.jpg
[2012/07/28 23:59:31 | 000,167,573 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_08 Jul. 26 21.28.jpg
[2012/07/28 23:59:31 | 000,142,726 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_09 Jul. 26 21.36.jpg
[2012/07/28 23:59:31 | 000,129,312 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_06 Jul. 26 21.22.jpg
[2012/07/28 23:59:31 | 000,000,287 | ---- | C] () -- C:\Users\Ben\Documents\ScreenHunter_01 Jul. 26 23.21.jpg
[2012/07/28 22:30:21 | 000,063,158 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_14 Jul. 28 22.30.gif
[2012/07/28 22:29:57 | 000,106,283 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_13 Jul. 28 22.29.gif
[2012/07/28 20:42:01 | 000,042,658 | ---- | C] () -- C:\Users\Ben\Documents\Customer Path No Promo GenericTMobileTermsandCondition.pdf
[2012/07/28 20:38:22 | 000,011,132 | ---- | C] () -- C:\Users\Ben\Documents\T-Mobile_795764.pdf
[2012/07/28 12:56:07 | 000,042,700 | ---- | C] () -- C:\Users\Ben\Documents\CorporateGroupTermsandConditionMailIn.pdf
[2012/07/28 12:55:45 | 000,105,463 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_11 Jul. 28 12.55.gif
[2012/07/28 12:55:38 | 000,000,808 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_10 Jul. 28 12.55.gif
[2012/07/28 09:26:29 | 3219,050,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/27 11:56:08 | 000,000,761 | ---- | C] () -- C:\Users\Ben\Documents\hosts.20071028-000452.backup
[2012/07/27 11:54:21 | 000,010,807 | ---- | C] () -- C:\Users\Ben\Documents\hijackthis7.27.2012
[2012/07/26 21:00:39 | 000,002,519 | ---- | C] () -- C:\Users\Ben\Desktop\HiJackThis.lnk
[2012/07/25 18:49:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/25 18:49:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/25 18:49:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/25 18:49:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/25 18:49:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/25 17:07:16 | 002,117,094 | ---- | C] () -- C:\Users\Ben\Documents\tdsskiller(3).zip
[2012/07/25 16:11:54 | 000,035,366 | ---- | C] () -- C:\Users\Ben\Documents\log.xml
[2012/07/25 14:58:48 | 000,001,734 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/25 10:16:24 | 000,980,480 | ---- | C] () -- C:\Users\Ben\Documents\MicrosoftFixit50267.msi
[2012/07/25 10:11:00 | 002,296,491 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/07/24 23:57:19 | 002,117,108 | ---- | C] () -- C:\Users\Ben\Documents\tdsskiller(2).zip
[2012/07/24 23:54:07 | 000,000,512 | ---- | C] () -- C:\Users\Ben\Documents\MBR.dat
[2012/07/20 21:52:43 | 000,124,903 | ---- | C] () -- C:\Users\Ben\Desktop\ScreenHunter_01 Jul. 20 21.52.jpg
[2012/07/17 23:47:11 | 000,017,005 | ---- | C] () -- C:\Users\Ben\Documents\ae599QMy97699fqgb9U97698965896JeJb1_15359151.PDF
[2012/07/17 23:46:15 | 000,017,190 | ---- | C] () -- C:\Users\Ben\Documents\ae599QMy97699fqgb9U97698965896JeJb1_77604992.PDF
[2012/07/17 23:45:49 | 000,007,939 | ---- | C] () -- C:\Users\Ben\Documents\ae599QMy97699fqgb9U97698965896JeJb1_60828232.OFX
[2012/07/17 23:44:08 | 000,017,273 | ---- | C] () -- C:\Users\Ben\Documents\ae59Z9566J7695666db59976769o96rdd8959f_30834580.pdf
[2012/07/15 17:35:17 | 000,145,691 | ---- | C] () -- C:\Users\Ben\Documents\Fall03Update.pdf
[2012/07/15 17:15:13 | 002,580,325 | ---- | C] () -- C:\Users\Ben\Documents\Burn-Support-News-Water-Heaters.pdf
[2012/07/15 17:00:52 | 001,943,359 | ---- | C] () -- C:\Users\Ben\Documents\HouseInspectionSample_Report.pdf
[2012/07/15 10:30:43 | 000,071,001 | ---- | C] () -- C:\Users\Ben\Documents\IPCamendments.pdf
[2012/05/14 17:34:04 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/11/01 22:13:12 | 000,000,000 | ---- | C] () -- C:\Users\Ben\AppData\Local\{53BEE2F0-F9FF-4CB1-AB96-45D849A82888}
[2011/09/09 10:59:00 | 000,320,472 | ---- | C] () -- C:\Users\Ben\cordlessphonesOct2008.pdf
[2011/07/04 20:43:49 | 000,085,865 | ---- | C] () -- C:\Users\Ben\2011_Event_Calendar.pdf
[2011/04/26 00:41:48 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/26 00:41:48 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/09/10 12:59:05 | 000,000,371 | ---- | C] () -- C:\Users\Ben\Documents - Shortcut.lnk
[2009/08/28 00:41:53 | 000,000,760 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\setup_ldm.iss
[2008/12/17 22:23:34 | 000,000,336 | ---- | C] () -- C:\Program Files\temp995.bat
[2008/01/23 19:15:59 | 000,000,000 | -H-- | C] () -- C:\Users\Ben\hpothb07.tif
[2008/01/23 19:15:59 | 000,000,000 | -H-- | C] () -- C:\Users\Ben\hpothb07.dat
[2008/01/23 19:12:33 | 000,000,012 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\settings.xml
[2008/01/23 19:12:32 | 000,000,235 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\devices.xml
[2007/12/12 00:45:33 | 000,007,887 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\pcouffin.cat
[2007/12/12 00:45:33 | 000,001,144 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\pcouffin.inf
[2007/09/17 21:27:26 | 000,001,606 | ---- | C] () -- C:\Users\Ben\AppData\Roaming\wklnhst.dat
[2007/09/17 20:25:27 | 000,238,080 | ---- | C] () -- C:\Users\Ben\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/17 01:01:50 | 000,007,944 | ---- | C] () -- C:\Users\Ben\AppData\Local\d3d9caps.dat

========== Files - Unicode (All) ==========
[2011/12/18 13:09:15 | 000,047,616 | ---- | M] ()(C:\Users\Ben\Documents\2012meeting schedule ???????2012??????.doc) -- C:\Users\Ben\Documents\2012meeting schedule 亞特蘭大重陽會2012年聚會時間表.doc
[2011/12/18 13:09:14 | 000,047,616 | ---- | C] ()(C:\Users\Ben\Documents\2012meeting schedule ???????2012??????.doc) -- C:\Users\Ben\Documents\2012meeting schedule 亞特蘭大重陽會2012年聚會時間表.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\Ben\Documents\{F41108CB-F255-4C88-BEE0-433ED749ECC8}_11008847.pdf.EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Ben\Documents\{BFBF76B2-5A75-4F6E-A01C-6DD77BAABA76}_11008845.pdf.EML:OECustomProperty
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:56DA0F9E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 16 August 2012 - 09:44 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Ben\AppData\Roaming\nprhapengine.dll File not found
    O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\Toolbar\WebBrowser: (no name) - {6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} - No CLSID value found.
    O3 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKU\S-1-5-21-1532833285-3097925050-780435239-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O37 - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
    @Alternate Data Stream - 143 bytes -> C:\Users\Ben\Documents\{F41108CB-F255-4C88-BEE0-433ED749ECC8}_11008847.pdf.EML:OECustomProperty
    @Alternate Data Stream - 143 bytes -> C:\Users\Ben\Documents\{BFBF76B2-5A75-4F6E-A01C-6DD77BAABA76}_11008845.pdf.EML:OECustomProperty
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:56DA0F9E
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2    
    IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=JM&apn_dtid=YYYYYYYYUS&apn_uid=97b342ca-0d8a-4261-8bfa-ce66248b6cd2&apn_sauid=78008218-40E5-43FB-B65C-1A8850A76F96
    IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1000\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1606
    IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    IE - HKU\S-1-5-21-1532833285-3097925050-780435239-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-W1&o=100000080&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=JM&apn_dtid=YYYYYYYYUS&apn_uid=97b342ca-0d8a-4261-8bfa-ce66248b6cd2&apn_sauid=78008218-40E5-43FB-B65C-1A8850A76F96
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 leonce

leonce
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 16 August 2012 - 10:33 PM

I went online and the redirect issue is still present.


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1001\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\CONFLICT.1\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1000_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1000_Classes\ComFile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
ADS C:\Users\Ben\Documents\{F41108CB-F255-4C88-BEE0-433ED749ECC8}_11008847.pdf.EML:OECustomProperty deleted successfully.
ADS C:\Users\Ben\Documents\{BFBF76B2-5A75-4F6E-A01C-6DD77BAABA76}_11008845.pdf.EML:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:56DA0F9E deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1000\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.
HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1532833285-3097925050-780435239-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ben\Desktop\cmd.bat deleted successfully.
C:\Users\Ben\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Ben
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Gien

User: Gien.Home

User: Guest

User: Public

User: Shiow
->Java cache emptied: 0 bytes

User: Yi

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Ben
->Flash cache emptied: 6033849 bytes

User: Default

User: Default User

User: Gien
->Flash cache emptied: 810 bytes

User: Gien.Home
->Flash cache emptied: 979 bytes

User: Guest
->Flash cache emptied: 704 bytes

User: Public

User: Shiow
->Flash cache emptied: 39599 bytes

User: Yi
->Flash cache emptied: 1233 bytes

Total Flash Files Cleaned = 6.00 mb


OTL by OldTimer - Version 3.2.57.0 log created on 08162012_225340

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:33 AM

Posted 17 August 2012 - 01:16 PM

in which browser does this happen in?


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 leonce

leonce
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 17 August 2012 - 01:56 PM

The redirecting problem happens in every browser, Firefox, IE, and Chrome. I took some screenshots of the certain sites I get routed to, but I don't know if that helps any.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users