Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects


  • This topic is locked This topic is locked
29 replies to this topic

#1 Obmute

Obmute

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here and there.
  • Local time:12:57 AM

Posted 12 September 2012 - 02:44 PM

Hi there! I'm helping with my mom's PC and she's now getting sporadic google redirects, when I just tried it, it went to some http://63.209.69.107 search address. I already scanned with malwarebytes and tried to run TDSSkiller with no luck, so coming here for help! Have my DDS logs here for you guys,attach.txt attached. No GMER since I'm on a 64 bit Windows OS. Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Linda at 14:17:52 on 2012-09-12
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.835 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Linda\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ArcadeCandy Games: {ab6bd08c-db6b-4f02-8a22-4bd343e990ff} - C:\Users\Linda\AppData\Local\ArcadeCandy\candyEX.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Linda\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EC0AA913-0180-406E-A146-64790F795966} : DhcpNameServer = 192.168.0.1
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Linda\AppData\Local\ArcadeCandy\candyEX.dll
BHO-X64: ArcadeCandy Games - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://redirect.crossrider.com/search?a=2083&t=5&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=15119
FF - prefs.js: keyword.URL - hxxp://redirect.crossrider.com/search?a=2083&t=3&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-22 381248]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-8-17 24652]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-8-30 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-23 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-8-30 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 113120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-12 14:32:12 -------- d-----w- C:\Users\Linda\AppData\Local\{00B617B7-DE0F-451B-BE7E-3A2C03BA826F}
2012-09-12 02:31:48 -------- d-----w- C:\Users\Linda\AppData\Local\{D3E5B6FE-6A64-4A46-8EF5-4B568DD2E712}
2012-09-11 20:34:51 -------- d-----w- C:\Program Files\Core Temp
2012-09-11 19:52:27 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-11 19:52:26 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-11 19:52:25 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-11 19:52:25 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-11 19:52:24 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-11 19:52:24 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-11 19:52:24 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-11 14:31:36 -------- d-----w- C:\Users\Linda\AppData\Local\{4E27C114-E710-430B-8648-097A50724F97}
2012-09-11 02:31:09 -------- d-----w- C:\Users\Linda\AppData\Local\{7B3481CD-01C7-445B-B456-6DB8378AD24E}
2012-09-10 14:30:57 -------- d-----w- C:\Users\Linda\AppData\Local\{773FC6E1-F3F9-4C15-94CC-095E0A81DEF0}
2012-09-10 02:30:45 -------- d-----w- C:\Users\Linda\AppData\Local\{0F2A013B-4701-4B95-B781-FDD46ED4556D}
2012-09-09 14:30:29 -------- d-----w- C:\Users\Linda\AppData\Local\{BD3A58D5-68E5-482D-B068-B1B18652FC2D}
2012-09-09 02:30:17 -------- d-----w- C:\Users\Linda\AppData\Local\{A7153470-156F-419F-B1E5-41E79694CE20}
2012-09-08 14:30:05 -------- d-----w- C:\Users\Linda\AppData\Local\{5062D58C-473A-4D9D-B2EC-D0E4FDEF957C}
2012-09-08 02:29:53 -------- d-----w- C:\Users\Linda\AppData\Local\{7EDF466D-9695-43E3-B06C-11A5951FCFB0}
2012-09-07 14:29:41 -------- d-----w- C:\Users\Linda\AppData\Local\{4FB4DC77-9934-4B98-A1EF-AA69936E6D46}
2012-09-07 02:29:29 -------- d-----w- C:\Users\Linda\AppData\Local\{24E6CD10-31A4-4905-A0C9-80E39D9D6DA9}
2012-09-06 14:29:15 -------- d-----w- C:\Users\Linda\AppData\Local\{366B8BA1-D36F-48F8-9F7C-851BC75247A5}
2012-09-06 02:29:03 -------- d-----w- C:\Users\Linda\AppData\Local\{930E75B9-BC9D-40E1-9819-C55FCE8E1996}
2012-09-05 14:28:50 -------- d-----w- C:\Users\Linda\AppData\Local\{51FADF36-B822-4F18-B994-0718DB4410E8}
2012-09-05 02:28:38 -------- d-----w- C:\Users\Linda\AppData\Local\{7BE1DB25-F2A5-4FE5-90D9-7F926D490257}
2012-09-04 14:28:13 -------- d-----w- C:\Users\Linda\AppData\Local\{766E6BA3-1A93-4D43-B70D-0D63C1D2BCFB}
2012-09-04 02:28:02 -------- d-----w- C:\Users\Linda\AppData\Local\{FE10BCB9-E584-4C06-944D-C36B9E5639B3}
2012-09-03 14:27:50 -------- d-----w- C:\Users\Linda\AppData\Local\{06711ABE-A680-4A00-97D6-07CD36B3E13E}
2012-09-03 02:27:37 -------- d-----w- C:\Users\Linda\AppData\Local\{5956FA6B-F449-4207-86DF-EA622D7CD021}
2012-09-01 14:11:35 -------- d-----w- C:\Users\Linda\AppData\Local\{E32E7B44-B579-496F-8AE1-BE68066732BD}
2012-09-01 02:11:23 -------- d-----w- C:\Users\Linda\AppData\Local\{6912D9BE-8C3A-4A6A-B72B-1815292E8BC7}
2012-08-31 14:10:58 -------- d-----w- C:\Users\Linda\AppData\Local\{47BC2B79-9F4B-4B54-82AF-CE7EBA59158A}
2012-08-31 02:10:46 -------- d-----w- C:\Users\Linda\AppData\Local\{526C984A-3853-40FF-8B0F-DC72CEBD19D0}
2012-08-30 14:10:34 -------- d-----w- C:\Users\Linda\AppData\Local\{4400F11B-5AED-4532-90E0-8FA8367D11AB}
2012-08-30 02:10:22 -------- d-----w- C:\Users\Linda\AppData\Local\{BFE421B5-5ABD-48CC-A798-4AB0488516F3}
2012-08-29 14:10:10 -------- d-----w- C:\Users\Linda\AppData\Local\{C72FA8C9-7480-4B3C-97E5-E317CAD2E1C4}
2012-08-29 02:09:58 -------- d-----w- C:\Users\Linda\AppData\Local\{FB0A1CDE-29EE-4C91-8B5B-8A575476A620}
2012-08-26 00:52:29 -------- d-----w- C:\Users\Linda\AppData\Local\{69A20511-3EF0-4580-A3DA-5466F5E8F6F4}
2012-08-25 02:42:45 -------- d-----w- C:\Users\Linda\AppData\Local\{85992C44-2DFE-408B-9166-3299D28D72DF}
2012-08-24 14:42:34 -------- d-----w- C:\Users\Linda\AppData\Local\{86405B48-E524-4CF9-9989-64B4573FFFB6}
2012-08-24 02:42:21 -------- d-----w- C:\Users\Linda\AppData\Local\{1045BD87-AD1E-4654-9D5C-91BFE254DA9C}
2012-08-23 14:42:09 -------- d-----w- C:\Users\Linda\AppData\Local\{05D34AF7-BFD8-48BF-84D8-8556D2FCCF55}
2012-08-23 02:41:56 -------- d-----w- C:\Users\Linda\AppData\Local\{D1F3F603-3C8E-40B3-AF03-D8BE88C4251E}
2012-08-22 14:41:45 -------- d-----w- C:\Users\Linda\AppData\Local\{01BD1A82-BF74-4792-B9FD-0099D2A0F9CD}
2012-08-22 02:41:33 -------- d-----w- C:\Users\Linda\AppData\Local\{AF275C52-0940-43B3-BDBB-D538A1282A54}
2012-08-21 14:41:21 -------- d-----w- C:\Users\Linda\AppData\Local\{DEA841A4-199B-473D-9F84-DAF71F00EC15}
2012-08-21 02:41:09 -------- d-----w- C:\Users\Linda\AppData\Local\{A7598347-370D-44E0-B92A-2E8AD57844A4}
2012-08-20 14:40:57 -------- d-----w- C:\Users\Linda\AppData\Local\{9C8FAFB9-4604-428E-8BA9-4D8A9989DC70}
2012-08-20 02:40:45 -------- d-----w- C:\Users\Linda\AppData\Local\{94776B23-BEBF-4DD4-B4BE-A3963EEBB8AC}
2012-08-20 00:03:24 -------- d-----w- C:\Windows\pss
2012-08-19 17:44:01 -------- d-----w- C:\Users\Linda\AppData\Local\Downloaded Installations
2012-08-19 14:40:20 -------- d-----w- C:\Users\Linda\AppData\Local\{77EDC24B-12D9-44B6-ADA9-7618FBAAB9A9}
2012-08-19 02:40:08 -------- d-----w- C:\Users\Linda\AppData\Local\{BAE8F15D-B609-4894-A181-8AE9B2ED85AB}
2012-08-18 22:51:32 708968 ------w- C:\Windows\System32\HPDiscoPM6412.dll
2012-08-18 22:51:03 -------- d-----w- C:\Program Files (x86)\HP
2012-08-18 22:51:01 -------- d-----w- C:\Program Files\HP
2012-08-18 22:50:01 -------- d-----w- C:\Users\Linda\AppData\Local\HP
2012-08-18 14:39:49 -------- d-----w- C:\Users\Linda\AppData\Local\{1774C629-A215-4810-9855-7D2A479E347B}
2012-08-18 14:39:35 -------- d-----w- C:\Users\Linda\AppData\Local\{C12CAB04-D9FE-426E-A0FB-750977D54A07}
2012-08-17 14:38:42 -------- d-----w- C:\Users\Linda\AppData\Local\{EBB75940-6694-4007-BDEB-433E4A8A193D}
2012-08-17 02:38:08 -------- d-----w- C:\Users\Linda\AppData\Local\{4562A42E-3C62-4DB0-A3E4-A6BA48C5061B}
2012-08-16 14:37:41 -------- d-----w- C:\Users\Linda\AppData\Local\{98A08C6C-4BBF-4F80-AC47-87BAB1E2DF90}
2012-08-16 14:37:29 -------- d-----w- C:\Users\Linda\AppData\Local\{F75F785C-F278-460F-96D4-DEE8D18C8EE6}
2012-08-16 02:37:01 -------- d-----w- C:\Users\Linda\AppData\Local\{C9B2FF32-F1F1-4A58-A6D4-5D7C24D52109}
2012-08-16 02:36:49 -------- d-----w- C:\Users\Linda\AppData\Local\{13BE3865-6D3D-4011-90B7-A338F33E214E}
2012-08-16 00:23:59 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2012-08-15 14:36:25 -------- d-----w- C:\Users\Linda\AppData\Local\{F9E305F7-BC2D-44F5-B575-AA5718E3317D}
2012-08-15 14:36:11 -------- d-----w- C:\Users\Linda\AppData\Local\{FD94C537-3B6C-45D1-8A02-D7DEB3ACF3A2}
2012-08-15 02:35:55 -------- d-----w- C:\Users\Linda\AppData\Local\{3E6C68CC-C2B6-4C54-A3E2-1E52A906D689}
2012-08-15 02:35:44 -------- d-----w- C:\Users\Linda\AppData\Local\{D3B54343-EE14-40AF-8191-41CD3223156E}
2012-08-14 14:35:26 -------- d-----w- C:\Users\Linda\AppData\Local\{DA2199E4-45BA-4322-910A-B8B8DFD33F6B}
2012-08-14 14:35:10 -------- d-----w- C:\Users\Linda\AppData\Local\{6CB530E7-854B-43DA-80E8-C061AC1D8785}
2012-08-14 02:34:43 -------- d-----w- C:\Users\Linda\AppData\Local\{38ADC42D-F067-4BEB-8539-57B4DC5C6401}
2012-08-14 02:34:27 -------- d-----w- C:\Users\Linda\AppData\Local\{3B1C22B5-6CC8-4A9E-B618-22933E591C12}
.
==================== Find3M ====================
.
2012-08-14 22:18:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 22:18:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 14:19:53.22 ===============

Attached Files


Edited by Obmute, 12 September 2012 - 02:45 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 13 September 2012 - 12:11 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Obmute

Obmute
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here and there.
  • Local time:12:57 AM

Posted 13 September 2012 - 01:43 AM

Hello Gringo! Thanks for helping me so far with this issue! Below is the ADWcleaner log first then Roguekiller.

# AdwCleaner v2.001 - Logfile created 09/13/2012 at 01:31:20
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Linda - LINDA-PC
# Boot Mode : Normal
# Running from : C:\Users\Linda\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\searchplugins\mywebsearch.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\GamesBar
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Linda\AppData\Local\APN
Folder Deleted : C:\Users\Linda\AppData\Local\Temp\AskSearch

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\prefs.js

C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.surf.date", "5");
Deleted : user_pref("aol_toolbar.surf.lastDate", "27");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "5");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2010");
Deleted : user_pref("aol_toolbar.surf.month", "5");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "0");
Deleted : user_pref("aol_toolbar.surf.total", "5");
Deleted : user_pref("aol_toolbar.surf.week", "5");
Deleted : user_pref("aol_toolbar.surf.year", "5");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Search the web");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=15119");
Deleted : user_pref("extensions.crossriderapp2083.2083.InstallationTime", 1332438422);
Deleted : user_pref("extensions.crossriderapp2083.2083.UserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp2083.2083.active", true);
Deleted : user_pref("extensions.crossriderapp2083.2083.addressbar", "hxxp://redirect.crossrider.com/search?a=2[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.affid", "0");
Deleted : user_pref("extensions.crossriderapp2083.2083.backgroundjs", "\n// Internet Explorer doesn't support [...]
Deleted : user_pref("extensions.crossriderapp2083.2083.backgroundver", 19);
Deleted : user_pref("extensions.crossriderapp2083.2083.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp2083.2083.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp2083.2083.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderNotifier_channels.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderNotifier_channels.value", "%7B%22app0%[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderNotifier_displayed_messages.expiration[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderNotifier_displayed_messages.value", "%[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderNotifier_geolocation.expiration", "Tue[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderNotifier_geolocation.value", "%22US%22[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderNotifier_messages.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderNotifier_messages.value", "%7B%22data%[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderSidebar_showed.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.CrossriderSidebar_showed.value", "true");
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie.InstallationTime.value", "1332438422");
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie._cr_is_sidebar_disabled.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.cookie._cr_is_sidebar_disabled.value", "true");
Deleted : user_pref("extensions.crossriderapp2083.2083.description", "3DSlots2GO");
Deleted : user_pref("extensions.crossriderapp2083.2083.domain", "productmadness.com");
Deleted : user_pref("extensions.crossriderapp2083.2083.emailsig", "");
Deleted : user_pref("extensions.crossriderapp2083.2083.enablesearch", true);
Deleted : user_pref("extensions.crossriderapp2083.2083.exposesites", "");
Deleted : user_pref("extensions.crossriderapp2083.2083.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp2083.2083.group", 0);
Deleted : user_pref("extensions.crossriderapp2083.2083.homepage", "hxxp://redirect.crossrider.com/search?a=208[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.iframe", false);
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_appVer.value", "228");
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_nextCheck.expiration", "Tue Sep 11[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp2083.2083.js", "\n/************* APP CODE STARTS HERE ***********[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp2083.2083.name", "3DSlots2GO");
Deleted : user_pref("extensions.crossriderapp2083.2083.newtab", "");
Deleted : user_pref("extensions.crossriderapp2083.2083.opensearch", "hxxp://redirect.crossrider.com/search?a=2[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_11.code", "$jquery(document).ready(funct[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_11.name", "autocomplete");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_11.ver", 1);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_15.code", "(function(e){function u(c,B){[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_28.ver", 1);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_5.code", "(function©{c.ui=c.ui||{};var[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_5.name", "notifications");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_5.ver", 2);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_6.code", "appAPI.sidebar=function(d){var[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_6.name", "sidebar");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_6.ver", 1);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_7.code", "appAPI.hooks={$:$jquery_171,ho[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_7.name", "hooks");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_7.ver", 1);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchE[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_9.name", "search_engine_hook");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins.plugin_9.ver", 1);
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins_lists.plugins_0", "17,14,16,47");
Deleted : user_pref("extensions.crossriderapp2083.2083.plugins_lists.plugins_1", "17,14,13,16,15,4,1,7,9,11,6,[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.pluginsversion", 32);
Deleted : user_pref("extensions.crossriderapp2083.2083.premium", false);
Deleted : user_pref("extensions.crossriderapp2083.2083.publisher", "Product Madness Inc.");
Deleted : user_pref("extensions.crossriderapp2083.2083.searchstatus", 1);
Deleted : user_pref("extensions.crossriderapp2083.2083.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp2083.2083.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp2083.2083.thankyou", "hxxp://www.productmadness.squarespace.com/3[...]
Deleted : user_pref("extensions.crossriderapp2083.2083.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp2083.2083.ver", 228);
Deleted : user_pref("extensions.crossriderapp2083.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp2083.apps", "2083");
Deleted : user_pref("extensions.crossriderapp2083.bic", "1363b84cffc213bc14ca9fc14b762091");
Deleted : user_pref("extensions.crossriderapp2083.cid", 2083);
Deleted : user_pref("extensions.crossriderapp2083.firstrun", false);
Deleted : user_pref("extensions.crossriderapp2083.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp2083.installationdate", 1332438422);
Deleted : user_pref("extensions.crossriderapp2083.lastcheck", 22456362);
Deleted : user_pref("extensions.crossriderapp2083.lastcheckitem", 22456373);
Deleted : user_pref("extensions.crossriderapp2083.misc.lastBgWorkerTimer", "1343673899909");
Deleted : user_pref("extensions.crossriderapp2083.misc.lastDomWorkerTimer", "1343673899900");
Deleted : user_pref("extensions.crossriderapp2083.modetype", "production");
Deleted : user_pref("extensions.crossriderapp2083.premiumonly", false);
Deleted : user_pref("extensions.enabledAddons", "games@acandy.com:1.24.366,exeakbzkko@exeakbzkko.org:1.0,cross[...]
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "chrome://browser-region/locale/region.properties");

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://www.ask.com/?l=dis&o=15119cr",
Deleted [l.1182] : homepage = "hxxp://www.ask.com/?l=dis&o=15119cr",

*************************

AdwCleaner[S1].txt - [17168 octets] - [13/09/2012 01:31:20]

########## EOF - C:\AdwCleaner[S1].txt - [17229 octets] ##########




RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Linda [Admin rights]
Mode : Remove -- Date : 09/13/2012 01:40:06

Bad processes : 0

Registry Entries : 10
[TASK][SUSP PATH] CandyUpdater.job : C:\Users\Linda\AppData\Local\ArcadeCandy\candyUpdater.exe -> DELETED
[TASK][SUSP PATH] CandyUpdater : C:\Users\Linda\AppData\Local\ArcadeCandy\candyUpdater.exe -> DELETED
[TASK][SUSP PATH] {C050AC00-F2EA-4286-8581-C6FAE754209F} : C:\Users\Linda\Desktop\gmer.exe -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Linda\AppData\Local\{de0a3181-fe80-1612-7cad-63b9c7e8d83f}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

Particular Files / Folders:

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] 5adb927c35325683c6e11d99d7e91444
[BSP] b2718e04f7ba1d092ef80a346dd6b478 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 13 September 2012 - 02:42 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Obmute

Obmute
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here and there.
  • Local time:12:57 AM

Posted 13 September 2012 - 12:02 PM

Hello, I ran combofix and that went fine, until I rebooted and now the computer will not get an internet connection, my computer is still on the internet just fine. I rebooted it a second time just to make sure and even unplugged the modem and router but it just keeps coming up with the yellow triangle and "Unidentified network". Had to copy the combofix log to my flash drive, here's the log, thanks!


ComboFix 12-09-13.01 - Linda 09/13/2012 11:10:10.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2047.1327 [GMT -5:00]
Running from: c:\users\Linda\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Linda\AppData\Local\Temp\7zS1913\HPSLPSVC64.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_COMSysApp
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-08-13 to 2012-09-13 )))))))))))))))))))))))))))))))
.
.
2012-09-13 16:17 . 2012-09-13 16:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-13 16:17 . 2012-09-13 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-11 20:34 . 2012-09-11 20:36 -------- d-----w- c:\program files\Core Temp
2012-09-11 19:52 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 19:52 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 19:52 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 19:52 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 19:52 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:52 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:52 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-19 17:44 . 2012-08-19 17:44 -------- d-----w- c:\users\Linda\AppData\Local\Downloaded Installations
2012-08-18 22:51 . 2011-12-18 23:12 708968 ------w- c:\windows\system32\HPDiscoPM6412.dll
2012-08-18 22:51 . 2012-08-18 22:51 -------- d-----w- c:\program files (x86)\HP
2012-08-18 22:51 . 2012-08-18 22:51 -------- d-----w- c:\program files\HP
2012-08-18 22:50 . 2012-08-18 22:56 -------- d-----w- c:\users\Linda\AppData\Local\HP
2012-08-16 00:23 . 2012-06-27 07:06 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 08:01 . 2010-02-18 03:16 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-14 22:18 . 2012-05-23 19:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 22:18 . 2012-02-26 21:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2012-01-05 06:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-23 01:12 . 2011-03-28 23:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF}]
2012-07-09 20:07 131240 ----a-w- c:\users\Linda\AppData\Local\ArcadeCandy\candyEX.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2012-05-30 4331392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-30 133104]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]
R3 ALSysIO;ALSysIO;c:\users\Linda\AppData\Local\Temp\ALSysIO64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-30 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-16 50176]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-21 1255736]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-09-22 381248]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 22:18]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-30 18:24]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-30 18:24]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926867797-2642614084-3097445242-1000Core.job
- c:\users\Linda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 01:44]
.
2012-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3926867797-2642614084-3097445242-1000UA.job
- c:\users\Linda\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-09 01:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF26366.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://redirect.crossrider.com/search?a=2083&amp;t=5&amp;q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://redirect.crossrider.com/search?a=2083&amp;t=3&amp;q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-3DSlots2GO - c:\program files (x86)\3DSlots2GO\Uninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-13 11:28:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-13 16:28
.
Pre-Run: 104,283,754,496 bytes free
Post-Run: 104,519,286,784 bytes free
.
- - End Of File - - 7192CBD0DBF06AC3B9D6C78E6D1FBF22

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 13 September 2012 - 12:50 PM

I would like you to use system restore to before you ran combofix and see if it comes back



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Obmute

Obmute
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here and there.
  • Local time:12:57 AM

Posted 13 September 2012 - 03:09 PM

Hello, well the latest restore point I had was 9/12 3AM Central time, so I used that and the internet is working again. Not sure if I need to run ADWcleaner or Roguekiller since this was before I installed them, let me know what to do next. Thanks!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 13 September 2012 - 03:38 PM

yes run both of those but not combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Obmute

Obmute
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here and there.
  • Local time:12:57 AM

Posted 13 September 2012 - 03:54 PM

Alrighty, ran those again and here are the logs:


# AdwCleaner v2.001 - Logfile created 09/13/2012 at 15:47:54
# Updated 09/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Linda - LINDA-PC
# Boot Mode : Normal
# Running from : C:\Users\Linda\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [831 octets] - [13/09/2012 15:47:54]

########## EOF - C:\AdwCleaner[S2].txt - [890 octets] ##########


RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Linda [Admin rights]
Mode : Remove -- Date : 09/13/2012 15:52:23

Bad processes : 0

Registry Entries : 9
[TASK][SUSP PATH] CandyUpdater.job : C:\Users\Linda\AppData\Local\ArcadeCandy\candyUpdater.exe -> DELETED
[TASK][SUSP PATH] CandyUpdater : C:\Users\Linda\AppData\Local\ArcadeCandy\candyUpdater.exe -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Linda\AppData\Local\{de0a3181-fe80-1612-7cad-63b9c7e8d83f}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

Particular Files / Folders:

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] 5adb927c35325683c6e11d99d7e91444
[BSP] b2718e04f7ba1d092ef80a346dd6b478 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 13 September 2012 - 04:49 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Obmute

Obmute
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here and there.
  • Local time:12:57 AM

Posted 13 September 2012 - 06:12 PM

Hello, I ran those and TDSSkiller found nothing. Below are the log files:


17:43:10.0478 3656 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
17:43:10.0806 3656 ============================================================
17:43:10.0806 3656 Current date / time: 2012/09/13 17:43:10.0806
17:43:10.0806 3656 SystemInfo:
17:43:10.0806 3656
17:43:10.0807 3656 OS Version: 6.1.7601 ServicePack: 1.0
17:43:10.0807 3656 Product type: Workstation
17:43:10.0807 3656 ComputerName: LINDA-PC
17:43:10.0807 3656 UserName: Linda
17:43:10.0807 3656 Windows directory: C:\Windows
17:43:10.0807 3656 System windows directory: C:\Windows
17:43:10.0807 3656 Running under WOW64
17:43:10.0807 3656 Processor architecture: Intel x64
17:43:10.0807 3656 Number of processors: 2
17:43:10.0807 3656 Page size: 0x1000
17:43:10.0807 3656 Boot type: Normal boot
17:43:10.0807 3656 ============================================================
17:43:11.0751 3656 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:43:11.0759 3656 ============================================================
17:43:11.0759 3656 \Device\Harddisk0\DR0:
17:43:11.0760 3656 MBR partitions:
17:43:11.0760 3656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
17:43:11.0760 3656 ============================================================
17:43:11.0772 3656 C: <-> \Device\Harddisk0\DR0\Partition1
17:43:11.0772 3656 ============================================================
17:43:11.0772 3656 Initialize success
17:43:11.0772 3656 ============================================================
17:43:22.0601 0276 ============================================================
17:43:22.0601 0276 Scan started
17:43:22.0601 0276 Mode: Manual;
17:43:22.0601 0276 ============================================================
17:43:25.0314 0276 ================ Scan system memory ========================
17:43:25.0314 0276 System memory - ok
17:43:25.0315 0276 ================ Scan services =============================
17:43:25.0874 0276 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:43:25.0878 0276 1394ohci - ok
17:43:25.0954 0276 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:43:25.0958 0276 ACPI - ok
17:43:25.0999 0276 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:43:26.0000 0276 AcpiPmi - ok
17:43:26.0213 0276 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
17:43:26.0249 0276 Ad-Aware Service - ok
17:43:26.0343 0276 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:43:26.0345 0276 AdobeARMservice - ok
17:43:26.0465 0276 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:43:26.0482 0276 AdobeFlashPlayerUpdateSvc - ok
17:43:26.0552 0276 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:43:26.0560 0276 adp94xx - ok
17:43:26.0575 0276 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:43:26.0582 0276 adpahci - ok
17:43:26.0623 0276 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:43:26.0626 0276 adpu320 - ok
17:43:26.0656 0276 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:43:26.0666 0276 AeLookupSvc - ok
17:43:26.0749 0276 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:43:26.0767 0276 AFD - ok
17:43:26.0834 0276 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:43:26.0846 0276 agp440 - ok
17:43:26.0884 0276 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:43:26.0886 0276 ALG - ok
17:43:26.0954 0276 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:43:26.0955 0276 aliide - ok
17:43:27.0222 0276 ALSysIO - ok
17:43:27.0289 0276 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:43:27.0302 0276 amdide - ok
17:43:27.0351 0276 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:43:27.0368 0276 AmdK8 - ok
17:43:27.0388 0276 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:43:27.0390 0276 AmdPPM - ok
17:43:27.0445 0276 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:43:27.0448 0276 amdsata - ok
17:43:27.0491 0276 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:43:27.0496 0276 amdsbs - ok
17:43:27.0538 0276 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:43:27.0539 0276 amdxata - ok
17:43:27.0598 0276 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:43:27.0602 0276 AppID - ok
17:43:27.0631 0276 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:43:27.0633 0276 AppIDSvc - ok
17:43:27.0700 0276 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:43:27.0702 0276 Appinfo - ok
17:43:27.0785 0276 [ D503DF3ABA595F551B98B9BAE017A271 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:43:27.0787 0276 Apple Mobile Device - ok
17:43:27.0858 0276 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:43:27.0867 0276 AppMgmt - ok
17:43:27.0917 0276 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:43:27.0919 0276 arc - ok
17:43:27.0942 0276 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:43:27.0944 0276 arcsas - ok
17:43:27.0987 0276 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:43:27.0988 0276 AsyncMac - ok
17:43:28.0049 0276 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:43:28.0049 0276 atapi - ok
17:43:28.0208 0276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:43:28.0243 0276 AudioEndpointBuilder - ok
17:43:28.0266 0276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:43:28.0271 0276 AudioSrv - ok
17:43:28.0342 0276 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:43:28.0344 0276 AxInstSV - ok
17:43:28.0423 0276 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:43:28.0432 0276 b06bdrv - ok
17:43:28.0488 0276 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:43:28.0493 0276 b57nd60a - ok
17:43:28.0542 0276 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:43:28.0545 0276 BDESVC - ok
17:43:28.0579 0276 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:43:28.0580 0276 Beep - ok
17:43:28.0641 0276 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:43:28.0682 0276 BITS - ok
17:43:28.0720 0276 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:43:28.0722 0276 blbdrive - ok
17:43:28.0872 0276 [ EBAD0F51D8D4DADE7660B1851ADDBD07 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:43:28.0897 0276 Bonjour Service - ok
17:43:28.0929 0276 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:43:28.0931 0276 bowser - ok
17:43:28.0959 0276 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:43:28.0971 0276 BrFiltLo - ok
17:43:29.0039 0276 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:43:29.0046 0276 BrFiltUp - ok
17:43:29.0087 0276 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:43:29.0089 0276 BridgeMP - ok
17:43:29.0142 0276 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:43:29.0161 0276 Browser - ok
17:43:29.0191 0276 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:43:29.0197 0276 Brserid - ok
17:43:29.0215 0276 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:43:29.0217 0276 BrSerWdm - ok
17:43:29.0233 0276 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:43:29.0234 0276 BrUsbMdm - ok
17:43:29.0250 0276 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:43:29.0250 0276 BrUsbSer - ok
17:43:29.0266 0276 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:43:29.0268 0276 BTHMODEM - ok
17:43:29.0299 0276 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:43:29.0301 0276 bthserv - ok
17:43:29.0321 0276 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:43:29.0324 0276 cdfs - ok
17:43:29.0383 0276 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:43:29.0391 0276 cdrom - ok
17:43:29.0453 0276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:43:29.0455 0276 CertPropSvc - ok
17:43:29.0491 0276 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:43:29.0493 0276 circlass - ok
17:43:29.0521 0276 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:43:29.0527 0276 CLFS - ok
17:43:29.0586 0276 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:43:29.0589 0276 clr_optimization_v2.0.50727_32 - ok
17:43:29.0645 0276 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:43:29.0660 0276 clr_optimization_v2.0.50727_64 - ok
17:43:29.0788 0276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:43:29.0803 0276 clr_optimization_v4.0.30319_32 - ok
17:43:29.0850 0276 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:43:29.0854 0276 clr_optimization_v4.0.30319_64 - ok
17:43:29.0910 0276 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:43:29.0912 0276 CmBatt - ok
17:43:29.0927 0276 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:43:29.0929 0276 cmdide - ok
17:43:30.0010 0276 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:43:30.0020 0276 CNG - ok
17:43:30.0040 0276 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:43:30.0041 0276 Compbatt - ok
17:43:30.0115 0276 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:43:30.0129 0276 CompositeBus - ok
17:43:30.0156 0276 COMSysApp - ok
17:43:30.0196 0276 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:43:30.0202 0276 crcdisk - ok
17:43:30.0276 0276 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:43:30.0281 0276 CryptSvc - ok
17:43:30.0399 0276 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:43:30.0425 0276 CSC - ok
17:43:30.0454 0276 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:43:30.0480 0276 CscService - ok
17:43:30.0553 0276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:43:30.0564 0276 DcomLaunch - ok
17:43:30.0632 0276 [ CEC7F24E28B40829C0FD2D523E72B5D3 ] DefragFS C:\Windows\system32\drivers\DefragFS.sys
17:43:30.0633 0276 DefragFS - ok
17:43:30.0665 0276 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:43:30.0670 0276 defragsvc - ok
17:43:30.0744 0276 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:43:30.0752 0276 DfsC - ok
17:43:30.0846 0276 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:43:30.0872 0276 Dhcp - ok
17:43:30.0902 0276 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:43:30.0903 0276 discache - ok
17:43:30.0957 0276 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:43:30.0958 0276 Disk - ok
17:43:30.0974 0276 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:43:30.0977 0276 Dnscache - ok
17:43:31.0040 0276 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:43:31.0044 0276 dot3svc - ok
17:43:31.0126 0276 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:43:31.0144 0276 DPS - ok
17:43:31.0190 0276 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:43:31.0192 0276 drmkaud - ok
17:43:31.0401 0276 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:43:31.0408 0276 DXGKrnl - ok
17:43:31.0473 0276 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:43:31.0492 0276 EapHost - ok
17:43:32.0075 0276 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:43:32.0164 0276 ebdrv - ok
17:43:32.0272 0276 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:43:32.0296 0276 EFS - ok
17:43:32.0555 0276 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:43:32.0615 0276 ehRecvr - ok
17:43:32.0641 0276 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:43:32.0644 0276 ehSched - ok
17:43:32.0875 0276 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:43:32.0895 0276 elxstor - ok
17:43:32.0964 0276 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:43:32.0991 0276 ErrDev - ok
17:43:33.0117 0276 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:43:33.0133 0276 EventSystem - ok
17:43:33.0171 0276 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:43:33.0175 0276 exfat - ok
17:43:33.0253 0276 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:43:33.0285 0276 fastfat - ok
17:43:33.0566 0276 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:43:33.0625 0276 Fax - ok
17:43:33.0645 0276 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:43:33.0646 0276 fdc - ok
17:43:33.0701 0276 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:43:33.0702 0276 fdPHost - ok
17:43:33.0715 0276 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:43:33.0717 0276 FDResPub - ok
17:43:33.0740 0276 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:43:33.0741 0276 FileInfo - ok
17:43:33.0752 0276 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:43:33.0754 0276 Filetrace - ok
17:43:33.0767 0276 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:43:33.0769 0276 flpydisk - ok
17:43:33.0932 0276 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:43:33.0959 0276 FltMgr - ok
17:43:34.0033 0276 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:43:34.0074 0276 FontCache - ok
17:43:34.0149 0276 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:43:34.0170 0276 FontCache3.0.0.0 - ok
17:43:34.0209 0276 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:43:34.0211 0276 FsDepends - ok
17:43:34.0276 0276 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:43:34.0277 0276 Fs_Rec - ok
17:43:34.0394 0276 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:43:34.0420 0276 fvevol - ok
17:43:34.0468 0276 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:43:34.0470 0276 gagp30kx - ok
17:43:34.0520 0276 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:43:34.0521 0276 GEARAspiWDM - ok
17:43:34.0794 0276 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:43:34.0853 0276 gpsvc - ok
17:43:34.0998 0276 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:43:35.0017 0276 gupdate - ok
17:43:35.0048 0276 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:43:35.0050 0276 gupdatem - ok
17:43:35.0076 0276 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:43:35.0077 0276 hcw85cir - ok
17:43:35.0250 0276 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:43:35.0308 0276 HdAudAddService - ok
17:43:35.0396 0276 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:43:35.0398 0276 HDAudBus - ok
17:43:35.0420 0276 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:43:35.0421 0276 HidBatt - ok
17:43:35.0440 0276 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:43:35.0443 0276 HidBth - ok
17:43:35.0469 0276 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:43:35.0471 0276 HidIr - ok
17:43:35.0501 0276 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:43:35.0504 0276 hidserv - ok
17:43:35.0599 0276 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:43:35.0600 0276 HidUsb - ok
17:43:35.0677 0276 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:43:35.0706 0276 hkmsvc - ok
17:43:35.0834 0276 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:43:35.0871 0276 HomeGroupListener - ok
17:43:35.0916 0276 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:43:35.0920 0276 HomeGroupProvider - ok
17:43:35.0963 0276 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:43:35.0966 0276 HpSAMD - ok
17:43:36.0091 0276 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Users\Linda\AppData\Local\Temp\7zS1913\hpslpsvc64.dll
17:43:36.0134 0276 HPSLPSVC - ok
17:43:36.0208 0276 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:43:36.0220 0276 HTTP - ok
17:43:36.0294 0276 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:43:36.0295 0276 hwpolicy - ok
17:43:36.0418 0276 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:43:36.0420 0276 i8042prt - ok
17:43:36.0620 0276 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:43:36.0687 0276 iaStorV - ok
17:43:36.0773 0276 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:43:36.0800 0276 idsvc - ok
17:43:36.0841 0276 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:43:36.0870 0276 iirsp - ok
17:43:37.0074 0276 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:43:37.0099 0276 IKEEXT - ok
17:43:37.0182 0276 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:43:37.0183 0276 intelide - ok
17:43:37.0247 0276 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:43:37.0248 0276 intelppm - ok
17:43:37.0370 0276 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:43:37.0395 0276 IPBusEnum - ok
17:43:37.0431 0276 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:43:37.0434 0276 IpFilterDriver - ok
17:43:37.0460 0276 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:43:37.0462 0276 IPMIDRV - ok
17:43:37.0507 0276 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:43:37.0510 0276 IPNAT - ok
17:43:37.0599 0276 [ 83C32C907AE4936D62235E2B4EE2174A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:43:37.0633 0276 iPod Service - ok
17:43:37.0690 0276 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:43:37.0691 0276 IRENUM - ok
17:43:37.0758 0276 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:43:37.0783 0276 isapnp - ok
17:43:37.0820 0276 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:43:37.0825 0276 iScsiPrt - ok
17:43:37.0872 0276 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:43:37.0873 0276 kbdclass - ok
17:43:37.0941 0276 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:43:37.0964 0276 kbdhid - ok
17:43:37.0995 0276 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:43:37.0997 0276 KeyIso - ok
17:43:38.0070 0276 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:43:38.0072 0276 KSecDD - ok
17:43:38.0165 0276 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:43:38.0178 0276 KSecPkg - ok
17:43:38.0233 0276 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:43:38.0239 0276 ksthunk - ok
17:43:38.0347 0276 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:43:38.0375 0276 KtmRm - ok
17:43:38.0471 0276 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:43:38.0488 0276 LanmanServer - ok
17:43:38.0550 0276 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:43:38.0561 0276 LanmanWorkstation - ok
17:43:38.0594 0276 Lbd - ok
17:43:38.0640 0276 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:43:38.0642 0276 lltdio - ok
17:43:38.0696 0276 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:43:38.0703 0276 lltdsvc - ok
17:43:38.0720 0276 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:43:38.0722 0276 lmhosts - ok
17:43:38.0783 0276 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:43:38.0786 0276 LSI_FC - ok
17:43:38.0795 0276 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:43:38.0799 0276 LSI_SAS - ok
17:43:38.0822 0276 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:43:38.0824 0276 LSI_SAS2 - ok
17:43:38.0837 0276 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:43:38.0841 0276 LSI_SCSI - ok
17:43:38.0885 0276 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:43:38.0888 0276 luafv - ok
17:43:38.0981 0276 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:43:38.0986 0276 McComponentHostService - ok
17:43:39.0047 0276 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:43:39.0055 0276 Mcx2Svc - ok
17:43:39.0071 0276 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:43:39.0072 0276 megasas - ok
17:43:39.0103 0276 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:43:39.0108 0276 MegaSR - ok
17:43:39.0137 0276 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:43:39.0140 0276 MMCSS - ok
17:43:39.0169 0276 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:43:39.0171 0276 Modem - ok
17:43:39.0208 0276 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:43:39.0208 0276 monitor - ok
17:43:39.0283 0276 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:43:39.0284 0276 mouclass - ok
17:43:39.0326 0276 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:43:39.0327 0276 mouhid - ok
17:43:39.0386 0276 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:43:39.0397 0276 mountmgr - ok
17:43:39.0480 0276 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:43:39.0491 0276 MozillaMaintenance - ok
17:43:39.0547 0276 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:43:39.0550 0276 mpio - ok
17:43:39.0585 0276 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:43:39.0587 0276 mpsdrv - ok
17:43:39.0659 0276 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:43:39.0672 0276 MRxDAV - ok
17:43:39.0750 0276 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:43:39.0751 0276 mrxsmb - ok
17:43:39.0784 0276 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:43:39.0789 0276 mrxsmb10 - ok
17:43:39.0836 0276 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:43:39.0844 0276 mrxsmb20 - ok
17:43:39.0903 0276 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:43:39.0915 0276 msahci - ok
17:43:39.0943 0276 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:43:39.0946 0276 msdsm - ok
17:43:39.0976 0276 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:43:39.0979 0276 MSDTC - ok
17:43:40.0017 0276 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:43:40.0019 0276 Msfs - ok
17:43:40.0043 0276 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:43:40.0045 0276 mshidkmdf - ok
17:43:40.0125 0276 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:43:40.0126 0276 msisadrv - ok
17:43:40.0189 0276 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:43:40.0193 0276 MSiSCSI - ok
17:43:40.0202 0276 msiserver - ok
17:43:40.0256 0276 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:43:40.0257 0276 MSKSSRV - ok
17:43:40.0283 0276 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:43:40.0285 0276 MSPCLOCK - ok
17:43:40.0292 0276 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:43:40.0293 0276 MSPQM - ok
17:43:40.0378 0276 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:43:40.0396 0276 MsRPC - ok
17:43:40.0470 0276 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:43:40.0471 0276 mssmbios - ok
17:43:40.0523 0276 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:43:40.0525 0276 MSTEE - ok
17:43:40.0542 0276 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:43:40.0544 0276 MTConfig - ok
17:43:40.0562 0276 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:43:40.0563 0276 Mup - ok
17:43:40.0682 0276 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:43:40.0696 0276 napagent - ok
17:43:40.0759 0276 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:43:40.0763 0276 NativeWifiP - ok
17:43:40.0975 0276 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:43:41.0018 0276 NDIS - ok
17:43:41.0064 0276 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:43:41.0079 0276 NdisCap - ok
17:43:41.0119 0276 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:43:41.0120 0276 NdisTapi - ok
17:43:41.0188 0276 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:43:41.0203 0276 Ndisuio - ok
17:43:41.0268 0276 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:43:41.0279 0276 NdisWan - ok
17:43:41.0354 0276 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:43:41.0366 0276 NDProxy - ok
17:43:41.0419 0276 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:43:41.0432 0276 NetBIOS - ok
17:43:41.0524 0276 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:43:41.0530 0276 NetBT - ok
17:43:41.0543 0276 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:43:41.0545 0276 Netlogon - ok
17:43:41.0599 0276 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:43:41.0614 0276 Netman - ok
17:43:41.0660 0276 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:43:41.0674 0276 netprofm - ok
17:43:41.0729 0276 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:43:41.0744 0276 NetTcpPortSharing - ok
17:43:41.0803 0276 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:43:41.0813 0276 nfrd960 - ok
17:43:41.0913 0276 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:43:41.0929 0276 NlaSvc - ok
17:43:41.0941 0276 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:43:41.0943 0276 Npfs - ok
17:43:41.0962 0276 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:43:41.0964 0276 nsi - ok
17:43:41.0977 0276 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:43:41.0978 0276 nsiproxy - ok
17:43:42.0087 0276 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:43:42.0131 0276 Ntfs - ok
17:43:42.0156 0276 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:43:42.0172 0276 Null - ok
17:43:43.0649 0276 [ AA043614B7F65EAF7FA83068286D5981 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:43:43.0739 0276 nvlddmkm - ok
17:43:43.0799 0276 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:43:43.0802 0276 nvraid - ok
17:43:43.0852 0276 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:43:43.0861 0276 nvstor - ok
17:43:44.0059 0276 [ D0A5ADF4CD902C06ACD651D2FB2A85A9 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:43:44.0127 0276 nvsvc - ok
17:43:44.0202 0276 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:43:44.0219 0276 nv_agp - ok
17:43:44.0405 0276 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:43:44.0430 0276 odserv - ok
17:43:44.0515 0276 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:43:44.0524 0276 ohci1394 - ok
17:43:44.0584 0276 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:43:44.0587 0276 ose - ok
17:43:44.0622 0276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:43:44.0637 0276 p2pimsvc - ok
17:43:44.0689 0276 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:43:44.0698 0276 p2psvc - ok
17:43:44.0753 0276 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:43:44.0755 0276 Parport - ok
17:43:44.0812 0276 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:43:44.0814 0276 partmgr - ok
17:43:44.0835 0276 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:43:44.0840 0276 PcaSvc - ok
17:43:44.0857 0276 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:43:44.0860 0276 pci - ok
17:43:44.0931 0276 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:43:44.0940 0276 pciide - ok
17:43:44.0965 0276 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:43:44.0969 0276 pcmcia - ok
17:43:44.0990 0276 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:43:44.0991 0276 pcw - ok
17:43:45.0155 0276 [ D27D401BE27B8EB1E6D0F7C6D500C73E ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
17:43:45.0213 0276 PDAgent - ok
17:43:45.0313 0276 [ 870F51895AC33797FCA8C468330EBD7B ] PDEngine C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
17:43:45.0378 0276 PDEngine - ok
17:43:45.0464 0276 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:43:45.0507 0276 PEAUTH - ok
17:43:45.0583 0276 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:43:45.0620 0276 PeerDistSvc - ok
17:43:45.0696 0276 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:43:45.0699 0276 PerfHost - ok
17:43:45.0993 0276 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:43:46.0037 0276 pla - ok
17:43:46.0170 0276 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:43:46.0194 0276 PlugPlay - ok
17:43:46.0222 0276 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:43:46.0225 0276 PNRPAutoReg - ok
17:43:46.0246 0276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:43:46.0250 0276 PNRPsvc - ok
17:43:46.0396 0276 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:43:46.0419 0276 PolicyAgent - ok
17:43:46.0454 0276 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:43:46.0459 0276 Power - ok
17:43:46.0524 0276 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:43:46.0534 0276 PptpMiniport - ok
17:43:46.0553 0276 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:43:46.0556 0276 Processor - ok
17:43:46.0633 0276 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:43:46.0652 0276 ProfSvc - ok
17:43:46.0666 0276 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:43:46.0667 0276 ProtectedStorage - ok
17:43:46.0737 0276 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:43:46.0740 0276 Psched - ok
17:43:46.0837 0276 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:43:46.0880 0276 ql2300 - ok
17:43:46.0897 0276 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:43:46.0901 0276 ql40xx - ok
17:43:46.0939 0276 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:43:46.0945 0276 QWAVE - ok
17:43:46.0961 0276 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:43:46.0963 0276 QWAVEdrv - ok
17:43:46.0987 0276 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:43:46.0989 0276 RasAcd - ok
17:43:47.0043 0276 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:43:47.0050 0276 RasAgileVpn - ok
17:43:47.0086 0276 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:43:47.0090 0276 RasAuto - ok
17:43:47.0164 0276 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:43:47.0174 0276 Rasl2tp - ok
17:43:47.0196 0276 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:43:47.0205 0276 RasMan - ok
17:43:47.0231 0276 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:43:47.0234 0276 RasPppoe - ok
17:43:47.0276 0276 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:43:47.0279 0276 RasSstp - ok
17:43:47.0374 0276 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:43:47.0391 0276 rdbss - ok
17:43:47.0414 0276 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:43:47.0416 0276 rdpbus - ok
17:43:47.0429 0276 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:43:47.0430 0276 RDPCDD - ok
17:43:47.0540 0276 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:43:47.0562 0276 RDPDR - ok
17:43:47.0576 0276 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:43:47.0577 0276 RDPENCDD - ok
17:43:47.0594 0276 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:43:47.0595 0276 RDPREFMP - ok
17:43:47.0748 0276 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:43:47.0759 0276 RdpVideoMiniport - ok
17:43:47.0843 0276 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:43:47.0855 0276 RDPWD - ok
17:43:47.0951 0276 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:43:47.0956 0276 rdyboost - ok
17:43:48.0009 0276 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:43:48.0013 0276 RemoteAccess - ok
17:43:48.0056 0276 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:43:48.0061 0276 RemoteRegistry - ok
17:43:48.0106 0276 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:43:48.0121 0276 RimUsb - ok
17:43:48.0147 0276 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:43:48.0150 0276 RpcEptMapper - ok
17:43:48.0176 0276 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:43:48.0178 0276 RpcLocator - ok
17:43:48.0295 0276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:43:48.0300 0276 RpcSs - ok
17:43:48.0350 0276 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:43:48.0353 0276 rspndr - ok
17:43:48.0424 0276 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:43:48.0439 0276 s3cap - ok
17:43:48.0465 0276 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:43:48.0466 0276 SamSs - ok
17:43:49.0000 0276 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
17:43:49.0074 0276 SBAMSvc - ok
17:43:49.0146 0276 [ 6E342316E72F4B6FA39C99E06373A1A3 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
17:43:49.0147 0276 sbapifs - ok
17:43:49.0213 0276 [ 19954328DDA3D656F8A879B3A46FFED6 ] SbFw C:\Windows\system32\drivers\SbFw.sys
17:43:49.0215 0276 SbFw - ok
17:43:49.0293 0276 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCL C:\Windows\system32\DRIVERS\sbfwim.sys
17:43:49.0294 0276 SBFWIMCL - ok
17:43:49.0305 0276 [ 513B3BFCD3C465B9820C2D05FA94E630 ] SBFWIMCLMP C:\Windows\system32\DRIVERS\SBFWIM.sys
17:43:49.0307 0276 SBFWIMCLMP - ok
17:43:49.0378 0276 [ B671EEF468D13016B9286F5835A06AE1 ] sbhips C:\Windows\system32\drivers\sbhips.sys
17:43:49.0388 0276 sbhips - ok
17:43:49.0455 0276 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:43:49.0470 0276 sbp2port - ok
17:43:49.0508 0276 [ 9ACEB2A2362FC87A3825963E61BA9076 ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
17:43:49.0509 0276 SBRE - ok
17:43:49.0576 0276 [ EAB54ADCCECA64B2F38CD859FB494895 ] sbwtis C:\Windows\system32\DRIVERS\sbwtis.sys
17:43:49.0583 0276 sbwtis - ok
17:43:49.0609 0276 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:43:49.0614 0276 SCardSvr - ok
17:43:49.0679 0276 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:43:49.0684 0276 scfilter - ok
17:43:49.0859 0276 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:43:49.0887 0276 Schedule - ok
17:43:49.0952 0276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:43:49.0953 0276 SCPolicySvc - ok
17:43:50.0029 0276 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:43:50.0033 0276 SDRSVC - ok
17:43:50.0084 0276 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:43:50.0086 0276 secdrv - ok
17:43:50.0113 0276 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:43:50.0116 0276 seclogon - ok
17:43:50.0141 0276 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:43:50.0154 0276 SENS - ok
17:43:50.0166 0276 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:43:50.0170 0276 SensrSvc - ok
17:43:50.0216 0276 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:43:50.0217 0276 Serenum - ok
17:43:50.0254 0276 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:43:50.0267 0276 Serial - ok
17:43:50.0290 0276 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:43:50.0291 0276 sermouse - ok
17:43:50.0373 0276 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:43:50.0376 0276 SessionEnv - ok
17:43:50.0429 0276 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:43:50.0444 0276 sffdisk - ok
17:43:50.0459 0276 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:43:50.0460 0276 sffp_mmc - ok
17:43:50.0473 0276 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:43:50.0475 0276 sffp_sd - ok
17:43:50.0498 0276 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:43:50.0500 0276 sfloppy - ok
17:43:50.0529 0276 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:43:50.0537 0276 ShellHWDetection - ok
17:43:50.0572 0276 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:43:50.0574 0276 SiSRaid2 - ok
17:43:50.0588 0276 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:43:50.0590 0276 SiSRaid4 - ok
17:43:50.0632 0276 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:43:50.0635 0276 Smb - ok
17:43:50.0696 0276 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:43:50.0704 0276 SNMPTRAP - ok
17:43:50.0726 0276 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:43:50.0727 0276 spldr - ok
17:43:50.0917 0276 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:43:50.0934 0276 Spooler - ok
17:43:51.0077 0276 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:43:51.0164 0276 sppsvc - ok
17:43:51.0204 0276 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:43:51.0214 0276 sppuinotify - ok
17:43:51.0255 0276 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:43:51.0262 0276 srv - ok
17:43:51.0288 0276 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:43:51.0294 0276 srv2 - ok
17:43:51.0311 0276 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:43:51.0314 0276 srvnet - ok
17:43:51.0355 0276 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:43:51.0360 0276 SSDPSRV - ok
17:43:51.0378 0276 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:43:51.0381 0276 SstpSvc - ok
17:43:51.0437 0276 Steam Client Service - ok
17:43:51.0516 0276 [ 29777DF4AFF373151806AD85DB16E7E9 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:43:51.0524 0276 Stereo Service - ok
17:43:51.0554 0276 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:43:51.0556 0276 stexstor - ok
17:43:51.0718 0276 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:43:51.0744 0276 stisvc - ok
17:43:51.0762 0276 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:43:51.0763 0276 storflt - ok
17:43:51.0828 0276 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:43:51.0842 0276 storvsc - ok
17:43:51.0897 0276 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:43:51.0897 0276 swenum - ok
17:43:52.0002 0276 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:43:52.0046 0276 swprv - ok
17:43:52.0085 0276 Synth3dVsc - ok
17:43:52.0458 0276 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:43:52.0518 0276 SysMain - ok
17:43:52.0586 0276 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:43:52.0606 0276 TabletInputService - ok
17:43:52.0688 0276 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:43:52.0722 0276 TapiSrv - ok
17:43:52.0753 0276 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:43:52.0758 0276 TBS - ok
17:43:52.0828 0276 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:43:52.0886 0276 Tcpip - ok
17:43:52.0994 0276 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:43:53.0012 0276 TCPIP6 - ok
17:43:53.0091 0276 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:43:53.0093 0276 tcpipreg - ok
17:43:53.0124 0276 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:43:53.0125 0276 TDPIPE - ok
17:43:53.0154 0276 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:43:53.0156 0276 TDTCP - ok
17:43:53.0239 0276 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:43:53.0242 0276 tdx - ok
17:43:53.0259 0276 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:43:53.0261 0276 TermDD - ok
17:43:53.0353 0276 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:43:53.0369 0276 TermService - ok
17:43:53.0418 0276 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:43:53.0439 0276 Themes - ok
17:43:53.0456 0276 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:43:53.0458 0276 THREADORDER - ok
17:43:53.0489 0276 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:43:53.0500 0276 TrkWks - ok
17:43:53.0583 0276 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:43:53.0596 0276 TrustedInstaller - ok
17:43:53.0678 0276 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:43:53.0692 0276 tssecsrv - ok
17:43:53.0764 0276 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:43:53.0766 0276 TsUsbFlt - ok
17:43:53.0775 0276 tsusbhub - ok
17:43:53.0847 0276 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:43:53.0862 0276 tunnel - ok
17:43:53.0902 0276 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:43:53.0905 0276 uagp35 - ok
17:43:53.0973 0276 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:43:53.0979 0276 udfs - ok
17:43:54.0033 0276 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:43:54.0038 0276 UI0Detect - ok
17:43:54.0089 0276 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:43:54.0102 0276 uliagpkx - ok
17:43:54.0172 0276 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:43:54.0179 0276 umbus - ok
17:43:54.0202 0276 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:43:54.0203 0276 UmPass - ok
17:43:54.0278 0276 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:43:54.0290 0276 UmRdpService - ok
17:43:54.0317 0276 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:43:54.0325 0276 upnphost - ok
17:43:54.0374 0276 [ 5CF1EAD086176DD3348E920A40BED03D ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:43:54.0375 0276 USBAAPL64 - ok
17:43:54.0396 0276 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:43:54.0398 0276 usbccgp - ok
17:43:54.0457 0276 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:43:54.0473 0276 usbcir - ok
17:43:54.0489 0276 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:43:54.0491 0276 usbehci - ok
17:43:54.0551 0276 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:43:54.0557 0276 usbhub - ok
17:43:54.0587 0276 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:43:54.0602 0276 usbohci - ok
17:43:54.0652 0276 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:43:54.0659 0276 usbprint - ok
17:43:54.0712 0276 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:43:54.0713 0276 usbscan - ok
17:43:54.0746 0276 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:43:54.0749 0276 USBSTOR - ok
17:43:54.0784 0276 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:43:54.0797 0276 usbuhci - ok
17:43:54.0832 0276 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:43:54.0836 0276 UxSms - ok
17:43:54.0854 0276 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:43:54.0856 0276 VaultSvc - ok
17:43:54.0902 0276 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:43:54.0903 0276 vdrvroot - ok
17:43:55.0025 0276 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:43:55.0036 0276 vds - ok
17:43:55.0068 0276 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:43:55.0070 0276 vga - ok
17:43:55.0097 0276 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:43:55.0098 0276 VgaSave - ok
17:43:55.0125 0276 VGPU - ok
17:43:55.0191 0276 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:43:55.0197 0276 vhdmp - ok
17:43:55.0255 0276 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:43:55.0266 0276 viaide - ok
17:43:55.0283 0276 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:43:55.0286 0276 vmbus - ok
17:43:55.0308 0276 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:43:55.0310 0276 VMBusHID - ok
17:43:55.0328 0276 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:43:55.0329 0276 volmgr - ok
17:43:55.0431 0276 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:43:55.0447 0276 volmgrx - ok
17:43:55.0465 0276 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:43:55.0470 0276 volsnap - ok
17:43:55.0530 0276 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:43:55.0534 0276 vsmraid - ok
17:43:56.0026 0276 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:43:56.0098 0276 VSS - ok
17:43:56.0117 0276 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:43:56.0119 0276 vwifibus - ok
17:43:56.0152 0276 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:43:56.0168 0276 W32Time - ok
17:43:56.0199 0276 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:43:56.0201 0276 WacomPen - ok
17:43:56.0302 0276 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:43:56.0304 0276 WANARP - ok
17:43:56.0328 0276 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:43:56.0329 0276 Wanarpv6 - ok
17:43:56.0447 0276 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:43:56.0482 0276 WatAdminSvc - ok
17:43:56.0820 0276 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:43:56.0878 0276 wbengine - ok
17:43:56.0916 0276 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:43:56.0932 0276 WbioSrvc - ok
17:43:57.0061 0276 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:43:57.0086 0276 wcncsvc - ok
17:43:57.0118 0276 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:43:57.0134 0276 WcsPlugInService - ok
17:43:57.0174 0276 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:43:57.0176 0276 Wd - ok
17:43:57.0220 0276 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:43:57.0245 0276 Wdf01000 - ok
17:43:57.0292 0276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:43:57.0320 0276 WdiServiceHost - ok
17:43:57.0351 0276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:43:57.0355 0276 WdiSystemHost - ok
17:43:57.0495 0276 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:43:57.0513 0276 WebClient - ok
17:43:57.0642 0276 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:43:57.0701 0276 Wecsvc - ok
17:43:57.0752 0276 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:43:57.0759 0276 wercplsupport - ok
17:43:57.0826 0276 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:43:57.0832 0276 WerSvc - ok
17:43:57.0908 0276 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:43:57.0919 0276 WfpLwf - ok
17:43:57.0941 0276 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:43:57.0943 0276 WIMMount - ok
17:43:57.0958 0276 WinHttpAutoProxySvc - ok
17:43:58.0027 0276 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:43:58.0032 0276 Winmgmt - ok
17:43:58.0199 0276 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:43:58.0257 0276 WinRM - ok
17:43:58.0395 0276 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:43:58.0406 0276 WinUsb - ok
17:43:58.0465 0276 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:43:58.0507 0276 Wlansvc - ok
17:43:58.0866 0276 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:43:58.0918 0276 wlidsvc - ok
17:43:58.0995 0276 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:43:58.0997 0276 WmiAcpi - ok
17:43:59.0085 0276 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:43:59.0094 0276 wmiApSrv - ok
17:43:59.0139 0276 WMPNetworkSvc - ok
17:43:59.0192 0276 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:43:59.0197 0276 WPCSvc - ok
17:43:59.0268 0276 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:43:59.0275 0276 WPDBusEnum - ok
17:43:59.0312 0276 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:43:59.0313 0276 ws2ifsl - ok
17:43:59.0333 0276 WSearch - ok
17:43:59.0638 0276 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:43:59.0725 0276 wuauserv - ok
17:43:59.0765 0276 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:43:59.0779 0276 WudfPf - ok
17:43:59.0854 0276 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:43:59.0872 0276 WUDFRd - ok
17:43:59.0933 0276 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:43:59.0938 0276 wudfsvc - ok
17:43:59.0992 0276 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:44:00.0000 0276 WwanSvc - ok
17:44:00.0153 0276 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
17:44:00.0173 0276 yukonw7 - ok
17:44:00.0180 0276 ================ Scan global ===============================
17:44:00.0248 0276 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:44:00.0357 0276 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:44:00.0409 0276 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:44:00.0454 0276 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:44:00.0472 0276 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:44:00.0482 0276 [Global] - ok
17:44:00.0483 0276 ================ Scan MBR ==================================
17:44:00.0513 0276 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:44:01.0171 0276 \Device\Harddisk0\DR0 - ok
17:44:01.0179 0276 ================ Scan VBR ==================================
17:44:01.0197 0276 [ 901E2A2463222F24AD255095B8367B1D ] \Device\Harddisk0\DR0\Partition1
17:44:01.0208 0276 \Device\Harddisk0\DR0\Partition1 - ok
17:44:01.0208 0276 ============================================================
17:44:01.0209 0276 Scan finished
17:44:01.0209 0276 ============================================================
17:44:01.0241 2656 Detected object count: 0
17:44:01.0241 2656 Actual detected object count: 0
17:44:50.0819 0576 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-13 17:46:46
-----------------------------
17:46:46.908 OS Version: Windows x64 6.1.7601 Service Pack 1
17:46:46.909 Number of processors: 2 586 0x605
17:46:46.910 ComputerName: LINDA-PC UserName: Linda
17:46:47.386 Initialize success
17:48:41.411 AVAST engine defs: 12091301
17:50:57.469 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
17:50:57.475 Disk 0 Vendor: ST3160815AS 3.AAC Size: 152627MB BusType: 3
17:50:57.530 Disk 0 MBR read successfully
17:50:57.534 Disk 0 MBR scan
17:50:57.553 Disk 0 Windows 7 default MBR code
17:50:57.573 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63
17:50:57.672 Disk 0 scanning C:\Windows\system32\drivers
17:51:15.529 Service scanning
17:51:40.147 Service TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe **HIDDEN**
17:51:46.144 Modules scanning
17:51:46.155 Disk 0 trace - called modules:
17:51:46.162
17:51:46.970 AVAST engine scan C:\Windows
17:51:52.408 AVAST engine scan C:\Windows\system32
17:55:31.514 AVAST engine scan C:\Windows\system32\drivers
17:55:47.329 AVAST engine scan C:\Users\Linda
18:02:31.910 AVAST engine scan C:\ProgramData
18:03:18.451 Scan finished successfully
18:10:07.699 Disk 0 MBR has been saved successfully to "C:\Users\Linda\Desktop\MBR.dat"
18:10:07.711 The log file has been saved successfully to "C:\Users\Linda\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 14 September 2012 - 01:19 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Obmute

Obmute
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here and there.
  • Local time:12:57 AM

Posted 14 September 2012 - 12:23 PM

Alrighty, ran OTL and here's the text from OTL.txt, thanks!


OTL logfile created on: 9/14/2012 12:10:30 PM - Run 1
OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Linda\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.74% Memory free
4.00 Gb Paging File | 2.39 Gb Available in Paging File | 59.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 97.27 Gb Free Space | 65.27% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LINDA-PC | User Name: Linda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Linda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll ()
MOD - C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll ()
MOD - C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\Program Files (x86)\AIM\nssckbi.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV:64bit: - (PDEngine) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (Raxco Software, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (HPSLPSVC) -- C:\Users\Linda\AppData\Local\Temp\7zS1913\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (GFI Software)
DRV:64bit: - (sbwtis) -- C:\Windows\SysNative\drivers\sbwtis.sys (GFI Software)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (GFI Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (DefragFS) -- C:\Windows\SysNative\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120628134352771&tb_oid=28-06-2012&tb_mrud=28-06-2012
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 9D 10 43 28 64 CD 01 [binary data]
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=IE8SRC&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aimright-chromesbox-en-us&tb_uuid=20120628134352771&tb_oid=28-06-2012&tb_mrud=28-06-2012
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS364
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\..\SearchScopes\{92004E2D-4A0C-4EE4-BB77-CAA11F216E0E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYUVUS&apn_uid=a7d6cdc9-9691-41b1-ab6e-7c4daf658ee3&apn_sauid=790081D5-EE90-4751-8135-1DCE4BA33954
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://redirect.crossrider.com/search?a=2083&amp;t=5&amp;q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..keyword.URL: "http://redirect.crossrider.com/search?a=2083&amp;t=3&amp;q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Linda\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/31 12:56:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/13 18:16:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\games@acandy.com: C:\Users\Linda\AppData\Local\ArcadeCandy\games@acandy.com [2012/07/07 21:18:34 | 000,000,000 | ---D | M]

[2009/08/19 11:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions
[2012/09/05 11:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions
[2012/06/28 08:43:54 | 000,000,000 | ---D | M] (AOL Messaging Toolbar) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2012/08/24 10:40:52 | 000,000,000 | ---D | M] ("3DSlots2GO") -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com
[2009/08/19 17:52:31 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\DefaultManager@Microsoft
[2012/09/05 11:12:24 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/08/19 16:32:44 | 000,004,734 | ---- | M] () (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\exeakbzkko@exeakbzkko.org.xpi
[2012/02/26 10:36:56 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2010/06/24 10:03:14 | 000,001,490 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\searchplugins\AOL Search.xml
[2009/11/03 15:49:42 | 000,002,171 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\searchplugins\bing.xml
[2012/07/30 13:30:01 | 000,002,343 | ---- | M] () -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\searchplugins\search-the-web.xml
[2012/03/27 18:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/07 21:18:34 | 000,000,000 | ---D | M] (ArcadeCandy Games) -- C:\USERS\LINDA\APPDATA\LOCAL\ARCADECANDY\GAMES@ACANDY.COM
[2012/08/31 12:56:19 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/26 16:12:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/06/24 10:03:14 | 000,001,490 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\AOL Search.xml
[2012/07/06 20:29:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/06 20:29:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Linda\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Abacast Firefox Plugin (Enabled) = C:\Users\Linda\AppData\Roaming\Mozilla\plugins\npAbacast.dll
CHR - plugin: Abacast v2.1b3 (Enabled) = C:\Users\Linda\AppData\Roaming\Mozilla\plugins\NPAbacheck.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/01/08 14:28:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ArcadeCandy Games) - {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Linda\AppData\Local\ArcadeCandy\candyEX.dll (ArcadeCandy LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC0AA913-0180-406E-A146-64790F795966}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 12:09:10 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.exe
[2012/09/14 03:07:20 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{47CB7EA2-8F96-41A9-ABE9-9B7A22A527AA}
[2012/09/13 18:15:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/13 17:45:48 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Linda\Desktop\aswMBR.exe
[2012/09/13 17:42:36 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Linda\Desktop\tdsskiller.exe
[2012/09/13 15:12:47 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/13 15:12:45 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/13 15:12:43 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/13 15:12:43 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/13 15:06:53 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{224594A2-4EAD-470C-B38C-B45050BFDF49}
[2012/09/13 11:28:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/13 11:08:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/13 11:07:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/13 09:32:49 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{A55F4A35-2E5B-4593-870A-336B0307F6F0}
[2012/09/13 01:38:27 | 000,000,000 | ---D | C] -- C:\Users\Linda\Desktop\RK_Quarantine
[2012/09/12 21:32:24 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{86202204-7D31-4E9A-AADD-CD95BF1FC02F}
[2012/09/12 09:32:12 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{00B617B7-DE0F-451B-BE7E-3A2C03BA826F}
[2012/09/11 21:31:48 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{D3E5B6FE-6A64-4A46-8EF5-4B568DD2E712}
[2012/09/11 15:34:51 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012/09/11 09:31:36 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{4E27C114-E710-430B-8648-097A50724F97}
[2012/09/10 21:31:09 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{7B3481CD-01C7-445B-B456-6DB8378AD24E}
[2012/09/10 09:30:57 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{773FC6E1-F3F9-4C15-94CC-095E0A81DEF0}
[2012/09/09 21:30:45 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{0F2A013B-4701-4B95-B781-FDD46ED4556D}
[2012/09/09 09:30:29 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{BD3A58D5-68E5-482D-B068-B1B18652FC2D}
[2012/09/08 21:30:17 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{A7153470-156F-419F-B1E5-41E79694CE20}
[2012/09/08 09:30:05 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{5062D58C-473A-4D9D-B2EC-D0E4FDEF957C}
[2012/09/07 21:29:53 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{7EDF466D-9695-43E3-B06C-11A5951FCFB0}
[2012/09/07 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{4FB4DC77-9934-4B98-A1EF-AA69936E6D46}
[2012/09/06 21:29:29 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{24E6CD10-31A4-4905-A0C9-80E39D9D6DA9}
[2012/09/06 09:29:15 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{366B8BA1-D36F-48F8-9F7C-851BC75247A5}
[2012/09/05 21:29:03 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{930E75B9-BC9D-40E1-9819-C55FCE8E1996}
[2012/09/05 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{51FADF36-B822-4F18-B994-0718DB4410E8}
[2012/09/04 21:28:38 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{7BE1DB25-F2A5-4FE5-90D9-7F926D490257}
[2012/09/04 09:28:13 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{766E6BA3-1A93-4D43-B70D-0D63C1D2BCFB}
[2012/09/03 21:28:02 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{FE10BCB9-E584-4C06-944D-C36B9E5639B3}
[2012/09/03 09:27:50 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{06711ABE-A680-4A00-97D6-07CD36B3E13E}
[2012/09/02 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{5956FA6B-F449-4207-86DF-EA622D7CD021}
[2012/09/01 09:11:35 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{E32E7B44-B579-496F-8AE1-BE68066732BD}
[2012/08/31 21:11:23 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{6912D9BE-8C3A-4A6A-B72B-1815292E8BC7}
[2012/08/31 09:10:58 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{47BC2B79-9F4B-4B54-82AF-CE7EBA59158A}
[2012/08/30 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{526C984A-3853-40FF-8B0F-DC72CEBD19D0}
[2012/08/30 09:10:34 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{4400F11B-5AED-4532-90E0-8FA8367D11AB}
[2012/08/29 21:10:22 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{BFE421B5-5ABD-48CC-A798-4AB0488516F3}
[2012/08/29 09:10:10 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{C72FA8C9-7480-4B3C-97E5-E317CAD2E1C4}
[2012/08/28 21:09:58 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{FB0A1CDE-29EE-4C91-8B5B-8A575476A620}
[2012/08/25 19:52:29 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{69A20511-3EF0-4580-A3DA-5466F5E8F6F4}
[2012/08/24 21:42:45 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{85992C44-2DFE-408B-9166-3299D28D72DF}
[2012/08/24 09:42:34 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{86405B48-E524-4CF9-9989-64B4573FFFB6}
[2012/08/23 21:42:21 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{1045BD87-AD1E-4654-9D5C-91BFE254DA9C}
[2012/08/23 09:42:09 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{05D34AF7-BFD8-48BF-84D8-8556D2FCCF55}
[2012/08/22 21:41:56 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{D1F3F603-3C8E-40B3-AF03-D8BE88C4251E}
[2012/08/22 09:41:45 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{01BD1A82-BF74-4792-B9FD-0099D2A0F9CD}
[2012/08/21 21:41:33 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{AF275C52-0940-43B3-BDBB-D538A1282A54}
[2012/08/21 09:41:21 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{DEA841A4-199B-473D-9F84-DAF71F00EC15}
[2012/08/20 21:41:09 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{A7598347-370D-44E0-B92A-2E8AD57844A4}
[2012/08/20 09:40:57 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{9C8FAFB9-4604-428E-8BA9-4D8A9989DC70}
[2012/08/19 21:40:45 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{94776B23-BEBF-4DD4-B4BE-A3963EEBB8AC}
[2012/08/19 19:03:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/19 12:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/08/19 12:44:01 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\Downloaded Installations
[2012/08/19 09:40:20 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{77EDC24B-12D9-44B6-ADA9-7618FBAAB9A9}
[2012/08/18 21:40:08 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{BAE8F15D-B609-4894-A181-8AE9B2ED85AB}
[2012/08/18 17:51:32 | 000,708,968 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM6412.dll
[2012/08/18 17:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/08/18 17:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/08/18 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/08/18 17:50:01 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\HP
[2012/08/18 09:39:49 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{1774C629-A215-4810-9855-7D2A479E347B}
[2012/08/18 09:39:35 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{C12CAB04-D9FE-426E-A0FB-750977D54A07}
[2012/08/17 09:38:42 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{EBB75940-6694-4007-BDEB-433E4A8A193D}
[2012/08/16 21:38:08 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{4562A42E-3C62-4DB0-A3E4-A6BA48C5061B}
[2012/08/16 09:37:41 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{98A08C6C-4BBF-4F80-AC47-87BAB1E2DF90}
[2012/08/16 09:37:29 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{F75F785C-F278-460F-96D4-DEE8D18C8EE6}
[2012/08/15 21:37:01 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{C9B2FF32-F1F1-4A58-A6D4-5D7C24D52109}
[2012/08/15 21:36:49 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Local\{13BE3865-6D3D-4011-90B7-A338F33E214E}
[2012/08/15 19:24:25 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 19:24:21 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 19:24:21 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 19:24:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 19:24:19 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 19:24:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 19:24:19 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/15 19:24:17 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 19:24:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 19:24:17 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 19:23:58 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/15 19:23:58 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 19:23:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 19:23:57 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 19:23:57 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 19:23:56 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 19:23:56 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 19:23:50 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

========== Files - Modified Within 30 Days ==========

[2012/09/14 12:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/14 12:08:57 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Desktop\OTL.exe
[2012/09/14 11:54:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3926867797-2642614084-3097445242-1000UA.job
[2012/09/14 11:49:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/14 05:54:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3926867797-2642614084-3097445242-1000Core.job
[2012/09/14 01:49:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/13 18:22:00 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 18:22:00 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 18:14:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/13 18:14:18 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/13 18:10:07 | 000,000,512 | ---- | M] () -- C:\Users\Linda\Desktop\MBR.dat
[2012/09/13 17:45:28 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Linda\Desktop\aswMBR.exe
[2012/09/13 17:41:42 | 000,736,642 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/13 17:41:42 | 000,631,208 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/13 17:41:42 | 000,109,326 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/13 17:40:37 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Linda\Desktop\tdsskiller.exe
[2012/09/13 15:50:48 | 001,378,816 | ---- | M] () -- C:\Users\Linda\Desktop\RogueKiller.exe
[2012/09/13 15:43:09 | 000,512,399 | ---- | M] () -- C:\Users\Linda\Desktop\adwcleaner.exe
[2012/09/04 05:57:19 | 000,002,415 | ---- | M] () -- C:\Users\Linda\Desktop\Google Chrome.lnk
[2012/09/02 12:00:01 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/08/31 12:56:28 | 000,002,048 | ---- | M] () -- C:\Users\Linda\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/22 13:12:40 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/08/22 13:12:33 | 000,288,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/08/18 18:15:32 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/18 17:51:31 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 4620 series.lnk
[2012/08/18 17:51:31 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 4620 series.lnk
[2012/08/18 17:50:49 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/08/16 03:28:56 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/16 03:04:39 | 000,000,118 | ---- | M] () -- C:\Windows\SysNative\MRT.INI

========== Files Created - No Company Name ==========

[2012/09/13 18:10:07 | 000,000,512 | ---- | C] () -- C:\Users\Linda\Desktop\MBR.dat
[2012/09/13 15:51:00 | 001,378,816 | ---- | C] () -- C:\Users\Linda\Desktop\RogueKiller.exe
[2012/09/13 15:43:30 | 000,512,399 | ---- | C] () -- C:\Users\Linda\Desktop\adwcleaner.exe
[2012/09/13 11:08:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/19 12:45:21 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/08/18 17:51:31 | 000,002,194 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 4620 series.lnk
[2012/08/18 17:51:31 | 000,001,173 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 4620 series.lnk
[2012/08/18 17:50:49 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/01/05 23:21:57 | 000,010,264 | -HS- | C] () -- C:\Users\Linda\AppData\Local\r42id4g21l
[2012/01/05 23:21:57 | 000,010,264 | -HS- | C] () -- C:\ProgramData\r42id4g21l
[2011/10/02 12:00:11 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/02 12:00:11 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/09/30 20:59:59 | 000,000,000 | ---- | C] () -- C:\Users\Linda\AppData\Local\{63DE7540-D9C1-47DB-87EF-0CE5B343CFEE}
[2011/09/22 12:29:58 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/07/25 02:51:12 | 000,000,000 | ---- | C] () -- C:\Users\Linda\AppData\Local\{53DC9F6A-85B6-47E5-AB73-3BB93B150345}
[2011/04/23 20:21:19 | 000,010,022 | -HS- | C] () -- C:\ProgramData\828h7p051q38067h7b2q1y6py

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:1AE68282
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FCB70953
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4BB26BE9

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 14 September 2012 - 05:12 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    @Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:1AE68282
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FCB70953
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4BB26BE9    
    [2012/01/05 23:21:57 | 000,010,264 | -HS- | C] () -- C:\Users\Linda\AppData\Local\r42id4g21l
    [2012/01/05 23:21:57 | 000,010,264 | -HS- | C] () -- C:\ProgramData\r42id4g21l
    [2011/09/30 20:59:59 | 000,000,000 | ---- | C] () -- C:\Users\Linda\AppData\Local\{63DE7540-D9C1-47DB-87EF-0CE5B343CFEE}
    [2011/07/25 02:51:12 | 000,000,000 | ---- | C] () -- C:\Users\Linda\AppData\Local\{53DC9F6A-85B6-47E5-AB73-3BB93B150345}
    [2011/04/23 20:21:19 | 000,010,022 | -HS- | C] () -- C:\ProgramData\828h7p051q38067h7b2q1y6py
    IE - HKU\S-1-5-21-3926867797-2642614084-3097445242-1000\..\SearchScopes\{92004E2D-4A0C-4EE4-BB77-CAA11F216E0E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=PSI&o=15116&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=L6&apn_dtid=YYYYYYUVUS&apn_uid=a7d6cdc9-9691-41b1-ab6e-7c4daf658ee3&apn_sauid=790081D5-EE90-4751-8135-1DCE4BA33954
    FF - prefs.js..keyword.URL: "http://redirect.crossrider.com/search?a=2083&amp;t=3&amp;q="
    [2012/08/24 10:40:52 | 000,000,000 | ---D | M] ("3DSlots2GO") -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Obmute

Obmute
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Here and there.
  • Local time:12:57 AM

Posted 14 September 2012 - 05:47 PM

Hey there, well I ran the fix and that went fine, still seem to be getting redirects though :(. Here's the log file for you Gringo, thanks!:


========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
ADS C:\ProgramData\TEMP:1AE68282 deleted successfully.
ADS C:\ProgramData\TEMP:FCB70953 deleted successfully.
ADS C:\ProgramData\TEMP:4BB26BE9 deleted successfully.
C:\Users\Linda\AppData\Local\r42id4g21l moved successfully.
C:\ProgramData\r42id4g21l moved successfully.
C:\Users\Linda\AppData\Local\{63DE7540-D9C1-47DB-87EF-0CE5B343CFEE} moved successfully.
C:\Users\Linda\AppData\Local\{53DC9F6A-85B6-47E5-AB73-3BB93B150345} moved successfully.
C:\ProgramData\828h7p051q38067h7b2q1y6py moved successfully.
Registry key HKEY_USERS\S-1-5-21-3926867797-2642614084-3097445242-1000\Software\Microsoft\Internet Explorer\SearchScopes\{92004E2D-4A0C-4EE4-BB77-CAA11F216E0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92004E2D-4A0C-4EE4-BB77-CAA11F216E0E}\ not found.
Prefs.js: "http://redirect.crossrider.com/search?a=2083&amp;t=3&amp;q=" removed from keyword.URL
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com\skin folder moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com\locale\en-US folder moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com\locale folder moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com\defaults\preferences folder moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com\defaults folder moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com\chrome\content folder moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com\chrome folder moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\on6f3cqs.default\extensions\crossriderapp2083@crossrider.com folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Linda\Desktop\cmd.bat deleted successfully.
C:\Users\Linda\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Linda
->Java cache emptied: 13580 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Linda
->Flash cache emptied: 59872 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.61.4 log created on 09142012_174032




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users