Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing a Google Search Redirect


  • This topic is locked This topic is locked
32 replies to this topic

#1 djmito

djmito

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 13 September 2012 - 06:37 PM

I seem to get redirected to different websites consistently when I search something up. It's not all the time, but most of it. I really need help with this as I have tried MalwareBytes, Search and Destroy, TDSKiller and none have worked. It's so annoying! Please Help! Here are a few of the redirecting links : hXXttp://8.26.70.252/see/display.php?q=chauvet+hurricane+1300&affsub=46938-97510&subid=e10 ; hXXttp://buy-static.norton.com/norton/ps/3up_us_en_navnis360_nort.html?om_sem_cid=hho_sem_sy:us:adm:en:e|kw0000004480|_admp10486_1419249934 ; hXXttp://8.26.70.252/see/display.php?q=jordan+4+bred&affsub=46573-143565-1854-27681&subid=e10. it has more recently been sending me to click.get-amazing.results.com

Edited by nasdaq, 14 September 2012 - 09:41 AM.
Links obfuscated. - Please do not post bad link in topics.


BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 14 September 2012 - 12:10 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days. :)


Hello there, djmito

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

What OS are you using?

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 djmito

djmito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 16 September 2012 - 12:47 AM

I'm using windows 7 Home Premium right now

#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 16 September 2012 - 08:51 AM

Hello there,

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
===================================================

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
DDS log
aswMBR log
TDSSKiller log

Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 djmito

djmito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 16 September 2012 - 10:11 PM

Okay I did what you asked me to. Here is the DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_16
Run by Admin at 21:34:10 on 2012-09-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2007.1138 [GMT -5:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\WLTRYSVC.EXE
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Trend Micro SafeSync\hrfscore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: H - No File
BHO: MRI_DISABLED - No File
BHO: Ask Toolbar BHO - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {CE18769B-C7FA-42D2-860D-17C4662C70AD} - No File
StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TRENDM~1.LNK - C:\Program Files\Trend Micro SafeSync\HrfsClient.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7CA58999-19D6-4500-A01F-69A20BF845A6} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{7CA58999-19D6-4500-A01F-69A20BF845A6}\2375942554633313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7CA58999-19D6-4500-A01F-69A20BF845A6}\3616275677966696 : DhcpNameServer = 8.8.8.8 4.2.2.2
TCP: Interfaces\{7CA58999-19D6-4500-A01F-69A20BF845A6}\56071636E65647 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7CA58999-19D6-4500-A01F-69A20BF845A6}\84F4D454D243330333 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7CA58999-19D6-4500-A01F-69A20BF845A6}\C696E6B6379737 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{7CA58999-19D6-4500-A01F-69A20BF845A6}\E45445745414254343 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E58D879F-0387-487D-9360-F16BC1178899} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {CE18769B-C7FA-42D2-860D-17C4662C70AD} - No File
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rp9rewc6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cf6fa0e&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\AESTSr64.exe [2008-1-6 88576]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-9-13 275912]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA008Ufd.sys --> C:\Windows\system32\DRIVERS\OA008Ufd.sys [?]
R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\system32\DRIVERS\OA008Vid.sys --> C:\Windows\system32\DRIVERS\OA008Vid.sys [?]
R3 OnlineStorageService;OnlineStorageService;C:\Program Files\Trend Micro SafeSync\hrfscore.exe [2012-9-13 7908664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-6 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-12 114144]
S3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;C:\Windows\system32\drivers\ns6_midi.sys --> C:\Windows\system32\drivers\ns6_midi.sys [?]
S3 NUMARK_NS6_USB;Numark NS6 USB driver service;C:\Windows\system32\Drivers\ns6_usb.sys --> C:\Windows\system32\Drivers\ns6_usb.sys [?]
S3 NUMARK_NS6_WDM;Numark NS6 WDM device;C:\Windows\system32\drivers\ns6_wdm.sys --> C:\Windows\system32\drivers\ns6_wdm.sys [?]
S3 NUMARK_NS7_MIDI;Numark NS7 MIDI device;C:\Windows\system32\drivers\ns7_midi.sys --> C:\Windows\system32\drivers\ns7_midi.sys [?]
S3 NUMARK_NS7_USB;Numark NS7 USB driver service;C:\Windows\system32\Drivers\ns7_usb.sys --> C:\Windows\system32\Drivers\ns7_usb.sys [?]
S3 NUMARK_NS7_WDM;Numark NS7 WDM device;C:\Windows\system32\drivers\ns7_wdm.sys --> C:\Windows\system32\drivers\ns7_wdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\system32\Drivers\UsbFltr.sys --> C:\Windows\system32\Drivers\UsbFltr.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-09-15 17:33:23 65536 ----a-r- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{B18C2CFF-4D2D-490E-A8CD-9AA2C4AB9CDE}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
2012-09-15 17:33:23 -------- d-----w- C:\Windows\usb-audio.deNumarkV7
2012-09-15 17:33:23 -------- d-----w- C:\Windows\usb-audio.deNumarkNS6
2012-09-15 06:58:44 -------- d-----w- C:\ProgramData\HitmanPro
2012-09-14 01:35:35 635 ----a-w- C:\Windows\System32\drivers\etc\tmsshf.bin
2012-09-14 01:32:34 -------- d-----w- C:\Users\Admin\AppData\Roaming\Trend Micro
2012-09-14 01:32:34 -------- d-----r- C:\Users\Admin\SafeSync
2012-09-14 01:31:30 -------- d-----w- C:\temp
2012-09-14 01:31:03 -------- d-----w- C:\ProgramData\boost_interprocess
2012-09-14 01:29:48 -------- d-----w- C:\Program Files\Trend Micro SafeSync
2012-09-14 01:16:21 -------- d-----w- C:\Users\Admin\AppData\Local\Trend Micro
2012-09-14 01:14:53 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-09-14 01:14:43 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-09-14 01:14:43 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-09-14 01:14:43 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-09-14 01:08:55 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-09-14 01:06:33 -------- d-----w- C:\Program Files\Trend Micro
2012-09-14 01:04:04 -------- d-----w- C:\ProgramData\Trend Micro
2012-09-13 04:13:03 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-09-13 01:02:35 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-13 01:02:35 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-13 01:02:30 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-13 01:02:30 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-13 01:02:23 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-13 01:02:23 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-13 01:02:22 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 01:20:17 208216 ----a-w- C:\Windows\System32\drivers\26396413.sys
2012-09-10 02:57:37 -------- d-----w- C:\_OTL
2012-09-10 00:55:28 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-09 19:49:29 98816 ----a-w- C:\Windows\sed.exe
2012-09-09 19:49:29 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-09 19:49:29 256000 ----a-w- C:\Windows\PEV.exe
2012-09-09 19:49:29 208896 ----a-w- C:\Windows\MBR.exe
2012-09-08 19:33:15 -------- d-----w- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
2012-09-07 02:23:10 -------- d-----w- C:\Users\Admin\AppData\Local\{18901CFC-3ECC-4929-ADE2-A60F3735514E}
2012-09-05 04:37:29 -------- d-----w- C:\Users\Admin\AppData\Local\{64D62565-C571-4B5D-B524-F940982A90BE}
.
==================== Find3M ====================
.
2012-09-11 04:05:28 1890 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:37:21.04 ===============

Here's the aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-16 21:39:12
-----------------------------
21:39:12.483 OS Version: Windows x64 6.1.7601 Service Pack 1
21:39:12.483 Number of processors: 2 586 0x170A
21:39:12.483 ComputerName: STUDIO1555 UserName: Admin
21:39:15.837 Initialize success
21:39:43.169 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:39:43.169 Disk 0 Vendor: WDC_WD3200BEVT-75ZCT2 11.01A11 Size: 305245MB BusType: 11
21:39:43.200 Disk 0 MBR read successfully
21:39:43.200 Disk 0 MBR scan
21:39:43.200 Disk 0 Windows 7 default MBR code
21:39:43.232 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
21:39:43.263 Disk 0 scanning C:\Windows\system32\drivers
21:39:50.844 Service scanning
21:40:09.393 Modules scanning
21:40:09.393 Disk 0 trace - called modules:
21:40:09.424 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:40:09.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800278d060]
21:40:09.440 3 CLASSPNP.SYS[fffff8800188243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002245060]
21:40:09.471 Scan finished successfully
21:40:16.884 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
21:40:16.884 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"


and here's the TDSKiller .txt:

21:40:37.0872 1312 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:40:38.0496 1312 ============================================================
21:40:38.0496 1312 Current date / time: 2012/09/16 21:40:38.0496
21:40:38.0496 1312 SystemInfo:
21:40:38.0496 1312
21:40:38.0496 1312 OS Version: 6.1.7601 ServicePack: 1.0
21:40:38.0496 1312 Product type: Workstation
21:40:38.0496 1312 ComputerName: STUDIO1555
21:40:38.0496 1312 UserName: Admin
21:40:38.0496 1312 Windows directory: C:\Windows
21:40:38.0496 1312 System windows directory: C:\Windows
21:40:38.0496 1312 Running under WOW64
21:40:38.0496 1312 Processor architecture: Intel x64
21:40:38.0496 1312 Number of processors: 2
21:40:38.0496 1312 Page size: 0x1000
21:40:38.0496 1312 Boot type: Normal boot
21:40:38.0496 1312 ============================================================
21:40:40.0181 1312 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:40:40.0212 1312 ============================================================
21:40:40.0212 1312 \Device\Harddisk0\DR0:
21:40:40.0212 1312 MBR partitions:
21:40:40.0212 1312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
21:40:40.0212 1312 ============================================================
21:40:40.0290 1312 C: <-> \Device\Harddisk0\DR0\Partition1
21:40:40.0384 1312 ============================================================
21:40:40.0384 1312 Initialize success
21:40:40.0384 1312 ============================================================
21:40:43.0098 1948 ============================================================
21:40:43.0098 1948 Scan started
21:40:43.0098 1948 Mode: Manual;
21:40:43.0098 1948 ============================================================
21:40:43.0847 1948 ================ Scan system memory ========================
21:40:43.0847 1948 System memory - ok
21:40:43.0847 1948 ================ Scan services =============================
21:40:44.0190 1948 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:40:44.0190 1948 1394ohci - ok
21:40:44.0237 1948 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:40:44.0252 1948 ACPI - ok
21:40:44.0299 1948 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:40:44.0299 1948 AcpiPmi - ok
21:40:44.0440 1948 [ 14C23516C990DCD6052152CF034DDE40 ] Adobe Version Cue CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
21:40:44.0455 1948 Adobe Version Cue CS3 - ok
21:40:44.0502 1948 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:40:44.0502 1948 adp94xx - ok
21:40:44.0533 1948 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:40:44.0549 1948 adpahci - ok
21:40:44.0564 1948 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:40:44.0564 1948 adpu320 - ok
21:40:44.0611 1948 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:40:44.0611 1948 AeLookupSvc - ok
21:40:44.0720 1948 [ 9CAC9E19D71E4AF99920FCC3ECA0E3F1 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\AESTSr64.exe
21:40:44.0720 1948 AESTFilters - ok
21:40:44.0767 1948 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:40:44.0783 1948 AFD - ok
21:40:44.0830 1948 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:40:44.0830 1948 agp440 - ok
21:40:44.0876 1948 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:40:44.0876 1948 ALG - ok
21:40:44.0908 1948 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:40:44.0908 1948 aliide - ok
21:40:44.0939 1948 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:40:44.0939 1948 amdide - ok
21:40:44.0970 1948 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:40:44.0970 1948 AmdK8 - ok
21:40:45.0001 1948 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:40:45.0001 1948 AmdPPM - ok
21:40:45.0048 1948 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:40:45.0048 1948 amdsata - ok
21:40:45.0079 1948 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:40:45.0079 1948 amdsbs - ok
21:40:45.0095 1948 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:40:45.0095 1948 amdxata - ok
21:40:45.0235 1948 [ 1B7D1F0A0DFADBC797C16364792A7AA5 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
21:40:45.0235 1948 Amsp - ok
21:40:45.0298 1948 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:40:45.0298 1948 AppID - ok
21:40:45.0329 1948 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:40:45.0329 1948 AppIDSvc - ok
21:40:45.0360 1948 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:40:45.0360 1948 Appinfo - ok
21:40:45.0454 1948 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:40:45.0454 1948 Apple Mobile Device - ok
21:40:45.0516 1948 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:40:45.0516 1948 arc - ok
21:40:45.0547 1948 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:40:45.0547 1948 arcsas - ok
21:40:45.0578 1948 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:40:45.0578 1948 AsyncMac - ok
21:40:45.0610 1948 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:40:45.0610 1948 atapi - ok
21:40:45.0688 1948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:40:45.0703 1948 AudioEndpointBuilder - ok
21:40:45.0719 1948 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:40:45.0734 1948 AudioSrv - ok
21:40:45.0766 1948 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:40:45.0766 1948 AxInstSV - ok
21:40:45.0828 1948 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:40:45.0844 1948 b06bdrv - ok
21:40:45.0890 1948 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:40:45.0890 1948 b57nd60a - ok
21:40:45.0937 1948 [ 70A746DCA80368A4155BA9014DC103D9 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
21:40:45.0937 1948 BCM42RLY - ok
21:40:46.0046 1948 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:40:46.0124 1948 BCM43XX - ok
21:40:46.0156 1948 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:40:46.0156 1948 BDESVC - ok
21:40:46.0171 1948 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:40:46.0171 1948 Beep - ok
21:40:46.0249 1948 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:40:46.0265 1948 BFE - ok
21:40:46.0327 1948 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:40:46.0358 1948 BITS - ok
21:40:46.0374 1948 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:40:46.0390 1948 blbdrive - ok
21:40:46.0405 1948 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:40:46.0421 1948 bowser - ok
21:40:46.0436 1948 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:40:46.0436 1948 BrFiltLo - ok
21:40:46.0452 1948 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:40:46.0452 1948 BrFiltUp - ok
21:40:46.0514 1948 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:40:46.0514 1948 BridgeMP - ok
21:40:46.0561 1948 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:40:46.0577 1948 Browser - ok
21:40:46.0592 1948 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:40:46.0608 1948 Brserid - ok
21:40:46.0624 1948 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:40:46.0624 1948 BrSerWdm - ok
21:40:46.0639 1948 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:40:46.0639 1948 BrUsbMdm - ok
21:40:46.0655 1948 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:40:46.0655 1948 BrUsbSer - ok
21:40:46.0670 1948 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:40:46.0670 1948 BTHMODEM - ok
21:40:46.0717 1948 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:40:46.0717 1948 bthserv - ok
21:40:46.0748 1948 catchme - ok
21:40:46.0764 1948 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:40:46.0764 1948 cdfs - ok
21:40:46.0826 1948 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:40:46.0826 1948 cdrom - ok
21:40:46.0889 1948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:40:46.0889 1948 CertPropSvc - ok
21:40:46.0920 1948 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:40:46.0920 1948 circlass - ok
21:40:46.0967 1948 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:40:46.0967 1948 CLFS - ok
21:40:47.0045 1948 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:40:47.0045 1948 clr_optimization_v2.0.50727_32 - ok
21:40:47.0123 1948 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:40:47.0123 1948 clr_optimization_v2.0.50727_64 - ok
21:40:47.0201 1948 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:40:47.0216 1948 clr_optimization_v4.0.30319_32 - ok
21:40:47.0263 1948 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:40:47.0263 1948 clr_optimization_v4.0.30319_64 - ok
21:40:47.0294 1948 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:40:47.0294 1948 CmBatt - ok
21:40:47.0326 1948 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:40:47.0326 1948 cmdide - ok
21:40:47.0372 1948 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:40:47.0388 1948 CNG - ok
21:40:47.0404 1948 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:40:47.0404 1948 Compbatt - ok
21:40:47.0435 1948 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:40:47.0435 1948 CompositeBus - ok
21:40:47.0450 1948 COMSysApp - ok
21:40:47.0482 1948 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:40:47.0482 1948 crcdisk - ok
21:40:47.0528 1948 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:40:47.0544 1948 CryptSvc - ok
21:40:47.0591 1948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:40:47.0591 1948 DcomLaunch - ok
21:40:47.0638 1948 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:40:47.0653 1948 defragsvc - ok
21:40:47.0700 1948 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:40:47.0700 1948 DfsC - ok
21:40:47.0747 1948 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:40:47.0762 1948 Dhcp - ok
21:40:47.0794 1948 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:40:47.0794 1948 discache - ok
21:40:47.0825 1948 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:40:47.0825 1948 Disk - ok
21:40:47.0856 1948 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:40:47.0856 1948 Dnscache - ok
21:40:47.0903 1948 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:40:47.0903 1948 dot3svc - ok
21:40:47.0934 1948 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:40:47.0950 1948 DPS - ok
21:40:47.0981 1948 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:40:47.0981 1948 drmkaud - ok
21:40:48.0028 1948 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:40:48.0074 1948 DXGKrnl - ok
21:40:48.0121 1948 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:40:48.0121 1948 EapHost - ok
21:40:48.0230 1948 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:40:48.0340 1948 ebdrv - ok
21:40:48.0371 1948 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:40:48.0371 1948 EFS - ok
21:40:48.0449 1948 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:40:48.0480 1948 ehRecvr - ok
21:40:48.0511 1948 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:40:48.0527 1948 ehSched - ok
21:40:48.0558 1948 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:40:48.0589 1948 elxstor - ok
21:40:48.0652 1948 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:40:48.0652 1948 ErrDev - ok
21:40:48.0730 1948 esgiguard - ok
21:40:48.0776 1948 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:40:48.0792 1948 EventSystem - ok
21:40:48.0808 1948 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:40:48.0808 1948 exfat - ok
21:40:48.0839 1948 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:40:48.0839 1948 fastfat - ok
21:40:48.0901 1948 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:40:48.0917 1948 Fax - ok
21:40:48.0932 1948 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:40:48.0932 1948 fdc - ok
21:40:48.0948 1948 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:40:48.0964 1948 fdPHost - ok
21:40:48.0979 1948 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:40:48.0979 1948 FDResPub - ok
21:40:48.0995 1948 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:40:48.0995 1948 FileInfo - ok
21:40:49.0010 1948 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:40:49.0010 1948 Filetrace - ok
21:40:49.0088 1948 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:40:49.0104 1948 FLEXnet Licensing Service - ok
21:40:49.0120 1948 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:40:49.0120 1948 flpydisk - ok
21:40:49.0182 1948 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:40:49.0182 1948 FltMgr - ok
21:40:49.0244 1948 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:40:49.0276 1948 FontCache - ok
21:40:49.0354 1948 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:40:49.0354 1948 FontCache3.0.0.0 - ok
21:40:49.0416 1948 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:40:49.0416 1948 FsDepends - ok
21:40:49.0447 1948 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:40:49.0447 1948 Fs_Rec - ok
21:40:49.0494 1948 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:40:49.0494 1948 fvevol - ok
21:40:49.0525 1948 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:40:49.0525 1948 gagp30kx - ok
21:40:49.0588 1948 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:40:49.0588 1948 GEARAspiWDM - ok
21:40:49.0634 1948 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:40:49.0650 1948 gpsvc - ok
21:40:49.0744 1948 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:40:49.0744 1948 gupdate - ok
21:40:49.0775 1948 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:40:49.0775 1948 gupdatem - ok
21:40:49.0822 1948 [ ABDDBCCDF5B03B03FFDE3CE3CB1A4184 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:40:49.0822 1948 gusvc - ok
21:40:49.0853 1948 [ 8895D459BF7A26445ACD8512CBAE1679 ] hcmon C:\Windows\system32\drivers\hcmon.sys
21:40:49.0853 1948 hcmon - ok
21:40:49.0884 1948 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:40:49.0900 1948 hcw85cir - ok
21:40:49.0931 1948 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:40:49.0931 1948 HDAudBus - ok
21:40:49.0946 1948 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:40:49.0962 1948 HidBatt - ok
21:40:49.0978 1948 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:40:49.0978 1948 HidBth - ok
21:40:49.0993 1948 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:40:50.0009 1948 HidIr - ok
21:40:50.0040 1948 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:40:50.0040 1948 hidserv - ok
21:40:50.0071 1948 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:40:50.0071 1948 HidUsb - ok
21:40:50.0102 1948 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:40:50.0118 1948 hkmsvc - ok
21:40:50.0149 1948 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:40:50.0165 1948 HomeGroupListener - ok
21:40:50.0196 1948 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:40:50.0196 1948 HomeGroupProvider - ok
21:40:50.0243 1948 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:40:50.0243 1948 HpSAMD - ok
21:40:50.0321 1948 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:40:50.0336 1948 HTTP - ok
21:40:50.0368 1948 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:40:50.0383 1948 hwpolicy - ok
21:40:50.0430 1948 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:40:50.0430 1948 i8042prt - ok
21:40:50.0477 1948 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:40:50.0477 1948 iaStorV - ok
21:40:50.0555 1948 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:40:50.0570 1948 IDriverT - ok
21:40:50.0617 1948 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:40:50.0648 1948 idsvc - ok
21:40:50.0945 1948 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:40:51.0226 1948 igfx - ok
21:40:51.0288 1948 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:40:51.0288 1948 iirsp - ok
21:40:51.0397 1948 [ 755519F49906B73C1FE9CBBF75E347EA ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
21:40:51.0397 1948 IJPLMSVC - ok
21:40:51.0460 1948 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:40:51.0491 1948 IKEEXT - ok
21:40:51.0522 1948 [ DEA2AB452B4FA773187369C4B6517320 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:40:51.0538 1948 IntcHdmiAddService - ok
21:40:51.0553 1948 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:40:51.0553 1948 intelide - ok
21:40:51.0584 1948 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:40:51.0584 1948 intelppm - ok
21:40:51.0616 1948 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:40:51.0616 1948 IPBusEnum - ok
21:40:51.0647 1948 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:51.0647 1948 IpFilterDriver - ok
21:40:51.0678 1948 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:40:51.0709 1948 iphlpsvc - ok
21:40:51.0725 1948 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:40:51.0740 1948 IPMIDRV - ok
21:40:51.0756 1948 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:40:51.0756 1948 IPNAT - ok
21:40:51.0818 1948 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:40:51.0850 1948 iPod Service - ok
21:40:51.0881 1948 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:40:51.0881 1948 IRENUM - ok
21:40:51.0881 1948 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:40:51.0881 1948 isapnp - ok
21:40:51.0928 1948 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:40:51.0928 1948 iScsiPrt - ok
21:40:51.0974 1948 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
21:40:51.0974 1948 k57nd60a - ok
21:40:52.0021 1948 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:40:52.0021 1948 kbdclass - ok
21:40:52.0068 1948 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:40:52.0068 1948 kbdhid - ok
21:40:52.0084 1948 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:40:52.0084 1948 KeyIso - ok
21:40:52.0115 1948 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:40:52.0115 1948 KSecDD - ok
21:40:52.0130 1948 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:40:52.0146 1948 KSecPkg - ok
21:40:52.0177 1948 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:40:52.0177 1948 ksthunk - ok
21:40:52.0208 1948 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:40:52.0224 1948 KtmRm - ok
21:40:52.0286 1948 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:40:52.0286 1948 LanmanServer - ok
21:40:52.0333 1948 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:40:52.0349 1948 LanmanWorkstation - ok
21:40:52.0380 1948 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:40:52.0380 1948 lltdio - ok
21:40:52.0427 1948 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:40:52.0427 1948 lltdsvc - ok
21:40:52.0442 1948 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:40:52.0442 1948 lmhosts - ok
21:40:52.0489 1948 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:40:52.0489 1948 LSI_FC - ok
21:40:52.0505 1948 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:40:52.0505 1948 LSI_SAS - ok
21:40:52.0520 1948 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:40:52.0520 1948 LSI_SAS2 - ok
21:40:52.0536 1948 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:40:52.0536 1948 LSI_SCSI - ok
21:40:52.0567 1948 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:40:52.0567 1948 luafv - ok
21:40:52.0598 1948 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:40:52.0598 1948 Mcx2Svc - ok
21:40:52.0676 1948 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
21:40:52.0676 1948 MDM - ok
21:40:52.0708 1948 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:40:52.0708 1948 megasas - ok
21:40:52.0739 1948 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:40:52.0739 1948 MegaSR - ok
21:40:52.0786 1948 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:40:52.0786 1948 Microsoft Office Groove Audit Service - ok
21:40:52.0817 1948 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:40:52.0832 1948 MMCSS - ok
21:40:52.0848 1948 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:40:52.0848 1948 Modem - ok
21:40:52.0879 1948 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:40:52.0879 1948 monitor - ok
21:40:52.0910 1948 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:40:52.0910 1948 mouclass - ok
21:40:52.0942 1948 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:40:52.0942 1948 mouhid - ok
21:40:52.0988 1948 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:40:52.0988 1948 mountmgr - ok
21:40:53.0082 1948 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:40:53.0082 1948 MozillaMaintenance - ok
21:40:53.0129 1948 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:40:53.0129 1948 mpio - ok
21:40:53.0144 1948 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:40:53.0144 1948 mpsdrv - ok
21:40:53.0207 1948 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:40:53.0238 1948 MpsSvc - ok
21:40:53.0269 1948 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:40:53.0269 1948 MRxDAV - ok
21:40:53.0300 1948 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:53.0316 1948 mrxsmb - ok
21:40:53.0347 1948 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:53.0347 1948 mrxsmb10 - ok
21:40:53.0363 1948 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:53.0378 1948 mrxsmb20 - ok
21:40:53.0410 1948 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:40:53.0410 1948 msahci - ok
21:40:53.0425 1948 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:40:53.0425 1948 msdsm - ok
21:40:53.0456 1948 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:40:53.0456 1948 MSDTC - ok
21:40:53.0503 1948 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:40:53.0503 1948 Msfs - ok
21:40:53.0519 1948 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:40:53.0519 1948 mshidkmdf - ok
21:40:53.0534 1948 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:40:53.0534 1948 msisadrv - ok
21:40:53.0566 1948 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:40:53.0566 1948 MSiSCSI - ok
21:40:53.0581 1948 msiserver - ok
21:40:53.0612 1948 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:40:53.0612 1948 MSKSSRV - ok
21:40:53.0644 1948 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:53.0644 1948 MSPCLOCK - ok
21:40:53.0659 1948 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:40:53.0659 1948 MSPQM - ok
21:40:53.0706 1948 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:40:53.0706 1948 MsRPC - ok
21:40:53.0737 1948 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:40:53.0737 1948 mssmbios - ok
21:40:53.0768 1948 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:40:53.0768 1948 MSTEE - ok
21:40:53.0800 1948 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:40:53.0800 1948 MTConfig - ok
21:40:53.0831 1948 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:40:53.0831 1948 Mup - ok
21:40:53.0878 1948 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:40:53.0893 1948 napagent - ok
21:40:53.0940 1948 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:40:53.0940 1948 NativeWifiP - ok
21:40:54.0002 1948 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:40:54.0034 1948 NDIS - ok
21:40:54.0080 1948 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:40:54.0080 1948 NdisCap - ok
21:40:54.0112 1948 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:54.0112 1948 NdisTapi - ok
21:40:54.0143 1948 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:54.0158 1948 Ndisuio - ok
21:40:54.0190 1948 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:54.0190 1948 NdisWan - ok
21:40:54.0236 1948 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:40:54.0236 1948 NDProxy - ok
21:40:54.0252 1948 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:40:54.0252 1948 NetBIOS - ok
21:40:54.0299 1948 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:40:54.0299 1948 NetBT - ok
21:40:54.0314 1948 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:40:54.0314 1948 Netlogon - ok
21:40:54.0361 1948 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:40:54.0377 1948 Netman - ok
21:40:54.0408 1948 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:40:54.0424 1948 netprofm - ok
21:40:54.0470 1948 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:40:54.0470 1948 NetTcpPortSharing - ok
21:40:54.0517 1948 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:40:54.0517 1948 nfrd960 - ok
21:40:54.0548 1948 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:40:54.0564 1948 NlaSvc - ok
21:40:54.0595 1948 NMIndexingService - ok
21:40:54.0611 1948 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:40:54.0611 1948 Npfs - ok
21:40:54.0626 1948 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:40:54.0626 1948 nsi - ok
21:40:54.0642 1948 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:40:54.0642 1948 nsiproxy - ok
21:40:54.0720 1948 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:40:54.0767 1948 Ntfs - ok
21:40:54.0782 1948 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:40:54.0782 1948 Null - ok
21:40:54.0845 1948 [ 395CCDD08D088077DAA5B57B35048D86 ] NUMARK_NS6_MIDI C:\Windows\system32\drivers\ns6_midi.sys
21:40:54.0845 1948 NUMARK_NS6_MIDI - ok
21:40:54.0907 1948 [ 4FB9799AC9CB55B11F54F7A5BE499FF0 ] NUMARK_NS6_USB C:\Windows\system32\Drivers\ns6_usb.sys
21:40:54.0907 1948 NUMARK_NS6_USB - ok
21:40:54.0954 1948 [ A1F838F9D15EB50A8D92BD633B1627B1 ] NUMARK_NS6_WDM C:\Windows\system32\drivers\ns6_wdm.sys
21:40:54.0954 1948 NUMARK_NS6_WDM - ok
21:40:55.0001 1948 [ 74484278682470FF21162C450C4A5D41 ] NUMARK_NS7_MIDI C:\Windows\system32\drivers\ns7_midi.sys
21:40:55.0001 1948 NUMARK_NS7_MIDI - ok
21:40:55.0048 1948 [ E9B18E3AA3D2A2BF90E4525E6A744139 ] NUMARK_NS7_USB C:\Windows\system32\Drivers\ns7_usb.sys
21:40:55.0048 1948 NUMARK_NS7_USB - ok
21:40:55.0079 1948 [ DF58E994D8AE8249C959ED32EC293578 ] NUMARK_NS7_WDM C:\Windows\system32\drivers\ns7_wdm.sys
21:40:55.0094 1948 NUMARK_NS7_WDM - ok
21:40:55.0110 1948 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:40:55.0110 1948 nvraid - ok
21:40:55.0141 1948 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:40:55.0141 1948 nvstor - ok
21:40:55.0172 1948 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:40:55.0172 1948 nv_agp - ok
21:40:55.0219 1948 [ 706F5504AF9F28C8641DAB5EDDFDE03B ] OA008Ufd C:\Windows\system32\DRIVERS\OA008Ufd.sys
21:40:55.0219 1948 OA008Ufd - ok
21:40:55.0235 1948 [ 0FA29AEBDF1CCE5865F2429F441DB3D7 ] OA008Vid C:\Windows\system32\DRIVERS\OA008Vid.sys
21:40:55.0250 1948 OA008Vid - ok
21:40:55.0313 1948 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:40:55.0328 1948 odserv - ok
21:40:55.0375 1948 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:40:55.0375 1948 ohci1394 - ok
21:40:55.0672 1948 [ 3BE73D3CACA24068D015E47AE78B08B4 ] OnlineStorageService C:\Program Files\Trend Micro SafeSync\hrfscore.exe
21:40:55.0874 1948 OnlineStorageService - ok
21:40:55.0921 1948 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:40:55.0921 1948 ose - ok
21:40:55.0968 1948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:40:55.0984 1948 p2pimsvc - ok
21:40:56.0015 1948 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:40:56.0046 1948 p2psvc - ok
21:40:56.0077 1948 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:40:56.0077 1948 Parport - ok
21:40:56.0108 1948 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:40:56.0108 1948 partmgr - ok
21:40:56.0124 1948 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:40:56.0124 1948 PcaSvc - ok
21:40:56.0171 1948 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:40:56.0171 1948 pci - ok
21:40:56.0202 1948 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:40:56.0202 1948 pciide - ok
21:40:56.0233 1948 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:40:56.0233 1948 pcmcia - ok
21:40:56.0249 1948 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:40:56.0249 1948 pcw - ok
21:40:56.0296 1948 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:40:56.0311 1948 PEAUTH - ok
21:40:56.0389 1948 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:40:56.0389 1948 PerfHost - ok
21:40:56.0483 1948 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:40:56.0530 1948 pla - ok
21:40:56.0592 1948 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:40:56.0608 1948 PlugPlay - ok
21:40:56.0639 1948 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:40:56.0639 1948 PNRPAutoReg - ok
21:40:56.0670 1948 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:40:56.0670 1948 PNRPsvc - ok
21:40:56.0701 1948 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:40:56.0717 1948 PolicyAgent - ok
21:40:56.0764 1948 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:40:56.0764 1948 Power - ok
21:40:56.0810 1948 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:40:56.0810 1948 PptpMiniport - ok
21:40:56.0842 1948 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:40:56.0842 1948 Processor - ok
21:40:56.0873 1948 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:40:56.0873 1948 ProfSvc - ok
21:40:56.0888 1948 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:40:56.0888 1948 ProtectedStorage - ok
21:40:56.0935 1948 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:40:56.0935 1948 Psched - ok
21:40:56.0998 1948 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:40:57.0044 1948 ql2300 - ok
21:40:57.0076 1948 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:40:57.0076 1948 ql40xx - ok
21:40:57.0091 1948 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:40:57.0107 1948 QWAVE - ok
21:40:57.0122 1948 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:40:57.0122 1948 QWAVEdrv - ok
21:40:57.0138 1948 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:40:57.0138 1948 RasAcd - ok
21:40:57.0185 1948 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:40:57.0185 1948 RasAgileVpn - ok
21:40:57.0200 1948 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:40:57.0216 1948 RasAuto - ok
21:40:57.0263 1948 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:57.0263 1948 Rasl2tp - ok
21:40:57.0310 1948 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:40:57.0325 1948 RasMan - ok
21:40:57.0341 1948 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:57.0341 1948 RasPppoe - ok
21:40:57.0356 1948 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:40:57.0356 1948 RasSstp - ok
21:40:57.0388 1948 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:40:57.0403 1948 rdbss - ok
21:40:57.0419 1948 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:40:57.0419 1948 rdpbus - ok
21:40:57.0434 1948 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:40:57.0434 1948 RDPCDD - ok
21:40:57.0466 1948 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:40:57.0466 1948 RDPENCDD - ok
21:40:57.0497 1948 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:40:57.0497 1948 RDPREFMP - ok
21:40:57.0528 1948 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:40:57.0528 1948 RDPWD - ok
21:40:57.0559 1948 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:40:57.0559 1948 rdyboost - ok
21:40:57.0606 1948 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:40:57.0606 1948 RemoteAccess - ok
21:40:57.0637 1948 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:40:57.0637 1948 RemoteRegistry - ok
21:40:57.0668 1948 [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
21:40:57.0684 1948 rimmptsk - ok
21:40:57.0700 1948 [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
21:40:57.0700 1948 rimsptsk - ok
21:40:57.0731 1948 [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
21:40:57.0731 1948 rismxdp - ok
21:40:57.0746 1948 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:40:57.0746 1948 RpcEptMapper - ok
21:40:57.0778 1948 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:40:57.0778 1948 RpcLocator - ok
21:40:57.0824 1948 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:40:57.0840 1948 RpcSs - ok
21:40:57.0871 1948 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:40:57.0887 1948 rspndr - ok
21:40:57.0902 1948 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:40:57.0902 1948 SamSs - ok
21:40:57.0949 1948 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:40:57.0949 1948 sbp2port - ok
21:40:57.0965 1948 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:40:57.0965 1948 SCardSvr - ok
21:40:58.0012 1948 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:40:58.0012 1948 scfilter - ok
21:40:58.0058 1948 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:40:58.0105 1948 Schedule - ok
21:40:58.0136 1948 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:40:58.0136 1948 SCPolicySvc - ok
21:40:58.0183 1948 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:40:58.0183 1948 sdbus - ok
21:40:58.0214 1948 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:40:58.0230 1948 SDRSVC - ok
21:40:58.0261 1948 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:40:58.0261 1948 secdrv - ok
21:40:58.0292 1948 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:40:58.0292 1948 seclogon - ok
21:40:58.0324 1948 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:40:58.0324 1948 SENS - ok
21:40:58.0339 1948 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:40:58.0355 1948 SensrSvc - ok
21:40:58.0370 1948 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:40:58.0370 1948 Serenum - ok
21:40:58.0402 1948 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:40:58.0417 1948 Serial - ok
21:40:58.0433 1948 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:40:58.0433 1948 sermouse - ok
21:40:58.0464 1948 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:40:58.0480 1948 SessionEnv - ok
21:40:58.0511 1948 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:40:58.0511 1948 sffdisk - ok
21:40:58.0526 1948 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:40:58.0526 1948 sffp_mmc - ok
21:40:58.0542 1948 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:40:58.0542 1948 sffp_sd - ok
21:40:58.0573 1948 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:40:58.0573 1948 sfloppy - ok
21:40:58.0604 1948 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:40:58.0620 1948 SharedAccess - ok
21:40:58.0651 1948 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:40:58.0651 1948 ShellHWDetection - ok
21:40:58.0698 1948 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:40:58.0698 1948 SiSRaid2 - ok
21:40:58.0714 1948 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:40:58.0714 1948 SiSRaid4 - ok
21:40:58.0807 1948 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:40:58.0823 1948 SkypeUpdate - ok
21:40:58.0838 1948 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:40:58.0838 1948 Smb - ok
21:40:58.0885 1948 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:40:58.0885 1948 SNMPTRAP - ok
21:40:58.0901 1948 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:40:58.0901 1948 spldr - ok
21:40:58.0948 1948 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:40:58.0979 1948 Spooler - ok
21:40:59.0088 1948 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:40:59.0197 1948 sppsvc - ok
21:40:59.0228 1948 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:40:59.0228 1948 sppuinotify - ok
21:40:59.0260 1948 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:40:59.0275 1948 srv - ok
21:40:59.0306 1948 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:40:59.0306 1948 srv2 - ok
21:40:59.0338 1948 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:40:59.0338 1948 srvnet - ok
21:40:59.0384 1948 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:40:59.0384 1948 SSDPSRV - ok
21:40:59.0400 1948 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:40:59.0400 1948 SstpSvc - ok
21:40:59.0509 1948 [ 2080477F89F82FBD12436BF9770E29A1 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\STacSV64.exe
21:40:59.0525 1948 STacSV - ok
21:40:59.0556 1948 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:40:59.0556 1948 stexstor - ok
21:40:59.0587 1948 [ 3281204B2E6049100D0FF04270C2AEA5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
21:40:59.0587 1948 STHDA - ok
21:40:59.0681 1948 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:40:59.0696 1948 stisvc - ok
21:40:59.0743 1948 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:40:59.0743 1948 swenum - ok
21:40:59.0790 1948 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:40:59.0806 1948 swprv - ok
21:40:59.0884 1948 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:40:59.0946 1948 SysMain - ok
21:40:59.0993 1948 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:40:59.0993 1948 TabletInputService - ok
21:41:00.0040 1948 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:41:00.0040 1948 TapiSrv - ok
21:41:00.0071 1948 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:41:00.0071 1948 TBS - ok
21:41:00.0164 1948 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:41:00.0227 1948 Tcpip - ok
21:41:00.0305 1948 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:41:00.0320 1948 TCPIP6 - ok
21:41:00.0367 1948 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:41:00.0367 1948 tcpipreg - ok
21:41:00.0398 1948 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:41:00.0398 1948 TDPIPE - ok
21:41:00.0430 1948 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:41:00.0430 1948 TDTCP - ok
21:41:00.0461 1948 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:41:00.0461 1948 tdx - ok
21:41:00.0492 1948 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:41:00.0492 1948 TermDD - ok
21:41:00.0539 1948 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:41:00.0570 1948 TermService - ok
21:41:00.0601 1948 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:41:00.0601 1948 Themes - ok
21:41:00.0632 1948 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:41:00.0632 1948 THREADORDER - ok
21:41:00.0695 1948 [ E386DD8EC68C67CA3E2A3ABDC1DF5C56 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
21:41:00.0695 1948 tmactmon - ok
21:41:00.0742 1948 [ AB011C569487FD65C8944DDF8CBB2572 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
21:41:00.0742 1948 tmcomm - ok
21:41:00.0804 1948 [ 8870A3D7305455B47ADCCD226F8E51BC ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
21:41:00.0804 1948 tmevtmgr - ok
21:41:00.0835 1948 [ 065CB7D9278D778FB9EF62CEAD01433F ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
21:41:00.0835 1948 tmtdi - ok
21:41:00.0851 1948 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:41:00.0866 1948 TrkWks - ok
21:41:00.0913 1948 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:41:00.0913 1948 TrustedInstaller - ok
21:41:00.0944 1948 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:41:00.0944 1948 tssecsrv - ok
21:41:00.0991 1948 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:41:00.0991 1948 TsUsbFlt - ok
21:41:01.0038 1948 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:41:01.0038 1948 tunnel - ok
21:41:01.0069 1948 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:41:01.0069 1948 uagp35 - ok
21:41:01.0116 1948 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:41:01.0132 1948 udfs - ok
21:41:01.0194 1948 [ 954DDA9B8EDA6597B8948BB2C8E674AB ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
21:41:01.0194 1948 ufad-ws60 - ok
21:41:01.0241 1948 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:41:01.0256 1948 UI0Detect - ok
21:41:01.0288 1948 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:41:01.0288 1948 uliagpkx - ok
21:41:01.0334 1948 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:41:01.0334 1948 umbus - ok
21:41:01.0366 1948 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:41:01.0366 1948 UmPass - ok
21:41:01.0397 1948 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:41:01.0412 1948 upnphost - ok
21:41:01.0475 1948 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:41:01.0475 1948 USBAAPL64 - ok
21:41:01.0537 1948 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:41:01.0537 1948 usbaudio - ok
21:41:01.0553 1948 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:41:01.0568 1948 usbccgp - ok
21:41:01.0615 1948 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:41:01.0615 1948 usbcir - ok
21:41:01.0631 1948 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:41:01.0631 1948 usbehci - ok
21:41:01.0662 1948 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
21:41:01.0662 1948 UsbFltr - ok
21:41:01.0693 1948 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:41:01.0693 1948 usbhub - ok
21:41:01.0724 1948 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:41:01.0724 1948 usbohci - ok
21:41:01.0771 1948 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:41:01.0771 1948 usbprint - ok
21:41:01.0787 1948 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:41:01.0787 1948 usbscan - ok
21:41:01.0849 1948 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
21:41:01.0849 1948 usbser - ok
21:41:01.0865 1948 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:41:01.0880 1948 USBSTOR - ok
21:41:01.0880 1948 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:41:01.0896 1948 usbuhci - ok
21:41:01.0912 1948 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:41:01.0912 1948 UxSms - ok
21:41:01.0927 1948 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:41:01.0927 1948 VaultSvc - ok
21:41:01.0974 1948 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:41:01.0974 1948 vdrvroot - ok
21:41:02.0005 1948 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:41:02.0021 1948 vds - ok
21:41:02.0068 1948 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:41:02.0068 1948 vga - ok
21:41:02.0099 1948 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:41:02.0099 1948 VgaSave - ok
21:41:02.0130 1948 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:41:02.0146 1948 vhdmp - ok
21:41:02.0161 1948 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:41:02.0161 1948 viaide - ok
21:41:02.0192 1948 [ 730F8608A3B02F46EB448852FC033F20 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
21:41:02.0192 1948 VMAuthdService - ok
21:41:02.0224 1948 [ 8DF03C05FE2456C8EC1A026D74543A63 ] vmci C:\Windows\system32\drivers\vmci.sys
21:41:02.0224 1948 vmci - ok
21:41:02.0270 1948 [ A3CA226C5A3E026649102AD6E7BD3784 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
21:41:02.0270 1948 vmkbd - ok
21:41:02.0317 1948 [ 3C37A81C995AEE1802C9D8DD9EA0E835 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:41:02.0317 1948 VMnetAdapter - ok
21:41:02.0348 1948 [ D3B25ED3A6796FE3078475D8CFCD6024 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:41:02.0348 1948 VMnetBridge - ok
21:41:02.0348 1948 VMnetDHCP - ok
21:41:02.0380 1948 [ ED4444485BE1DA3CB769041C624F500B ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
21:41:02.0380 1948 VMnetuserif - ok
21:41:02.0395 1948 VMware NAT Service - ok
21:41:02.0411 1948 [ 8FF09DA54EB03DBA277A550055F1356C ] vmx86 C:\Windows\system32\drivers\vmx86.sys
21:41:02.0411 1948 vmx86 - ok
21:41:02.0442 1948 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:41:02.0442 1948 volmgr - ok
21:41:02.0489 1948 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:41:02.0504 1948 volmgrx - ok
21:41:02.0520 1948 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:41:02.0520 1948 volsnap - ok
21:41:02.0567 1948 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:41:02.0567 1948 vsmraid - ok
21:41:02.0629 1948 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:41:02.0676 1948 VSS - ok
21:41:02.0707 1948 [ BB0CEBBCB75F1A2D790F9235EDFE5052 ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
21:41:02.0723 1948 vstor2-ws60 - ok
21:41:02.0723 1948 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:41:02.0723 1948 vwifibus - ok
21:41:02.0754 1948 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:41:02.0754 1948 vwififlt - ok
21:41:02.0801 1948 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:41:02.0801 1948 vwifimp - ok
21:41:02.0848 1948 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:41:02.0863 1948 W32Time - ok
21:41:02.0894 1948 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:41:02.0894 1948 WacomPen - ok
21:41:02.0941 1948 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:41:02.0941 1948 WANARP - ok
21:41:02.0972 1948 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:41:02.0972 1948 Wanarpv6 - ok
21:41:03.0050 1948 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:41:03.0082 1948 WatAdminSvc - ok
21:41:03.0160 1948 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:41:03.0206 1948 wbengine - ok
21:41:03.0269 1948 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:41:03.0284 1948 WbioSrvc - ok
21:41:03.0316 1948 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:41:03.0316 1948 wcncsvc - ok
21:41:03.0347 1948 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:41:03.0347 1948 WcsPlugInService - ok
21:41:03.0378 1948 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:41:03.0394 1948 Wd - ok
21:41:03.0425 1948 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
21:41:03.0425 1948 WDC_SAM - ok
21:41:03.0456 1948 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:41:03.0472 1948 Wdf01000 - ok
21:41:03.0487 1948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:41:03.0487 1948 WdiServiceHost - ok
21:41:03.0487 1948 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:41:03.0503 1948 WdiSystemHost - ok
21:41:03.0534 1948 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:41:03.0550 1948 WebClient - ok
21:41:03.0565 1948 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:41:03.0581 1948 Wecsvc - ok
21:41:03.0596 1948 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:41:03.0596 1948 wercplsupport - ok
21:41:03.0628 1948 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:41:03.0628 1948 WerSvc - ok
21:41:03.0674 1948 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:41:03.0674 1948 WfpLwf - ok
21:41:03.0690 1948 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:41:03.0690 1948 WIMMount - ok
21:41:03.0737 1948 WinDefend - ok
21:41:03.0737 1948 WinHttpAutoProxySvc - ok
21:41:03.0815 1948 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:41:03.0815 1948 Winmgmt - ok
21:41:03.0908 1948 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:41:03.0971 1948 WinRM - ok
21:41:04.0018 1948 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:41:04.0018 1948 WinUsb - ok
21:41:04.0080 1948 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:41:04.0111 1948 Wlansvc - ok
21:41:04.0267 1948 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:41:04.0345 1948 wlidsvc - ok
21:41:04.0361 1948 wltrysvc - ok
21:41:04.0392 1948 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:41:04.0392 1948 WmiAcpi - ok
21:41:04.0423 1948 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:41:04.0439 1948 wmiApSrv - ok
21:41:04.0470 1948 WMPNetworkSvc - ok
21:41:04.0517 1948 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:41:04.0517 1948 WPCSvc - ok
21:41:04.0532 1948 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:41:04.0548 1948 WPDBusEnum - ok
21:41:04.0564 1948 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:41:04.0564 1948 ws2ifsl - ok
21:41:04.0595 1948 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:41:04.0595 1948 wscsvc - ok
21:41:04.0610 1948 WSearch - ok
21:41:04.0704 1948 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:41:04.0782 1948 wuauserv - ok
21:41:04.0798 1948 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:41:04.0798 1948 WudfPf - ok
21:41:04.0844 1948 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:41:04.0844 1948 WUDFRd - ok
21:41:04.0876 1948 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:41:04.0876 1948 wudfsvc - ok
21:41:04.0922 1948 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:41:04.0938 1948 WwanSvc - ok
21:41:04.0969 1948 ================ Scan global ===============================
21:41:05.0000 1948 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:41:05.0047 1948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:41:05.0063 1948 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
21:41:05.0110 1948 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:41:05.0141 1948 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:41:05.0156 1948 [Global] - ok
21:41:05.0156 1948 ================ Scan MBR ==================================
21:41:05.0172 1948 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:41:05.0546 1948 \Device\Harddisk0\DR0 - ok
21:41:05.0546 1948 ================ Scan VBR ==================================
21:41:05.0562 1948 [ 2BFEEDFF24FA21A66D646F5121B56DE2 ] \Device\Harddisk0\DR0\Partition1
21:41:05.0562 1948 \Device\Harddisk0\DR0\Partition1 - ok
21:41:05.0562 1948 ============================================================
21:41:05.0562 1948 Scan finished
21:41:05.0562 1948 ============================================================
21:41:05.0624 4668 Detected object count: 0
21:41:05.0624 4668 Actual detected object count: 0
21:42:08.0344 6084 Deinitialize success

#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 17 September 2012 - 04:29 AM

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 djmito

djmito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 19 September 2012 - 07:01 PM

I ran combofix and this is the COMBOFIX.txt :

ComboFix 12-09-18.07 - Admin 09/19/2012 18:38:15.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2007.715 [GMT -5:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120919182522.375199
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 23:53 . 2012-09-19 23:53 -------- d-----w- c:\users\TITA\AppData\Local\temp
2012-09-19 23:53 . 2012-09-19 23:53 -------- d-----w- c:\users\Jaime\AppData\Local\temp
2012-09-19 23:53 . 2012-09-19 23:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-19 23:53 . 2012-09-19 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 14:10 . 2012-09-19 14:10 -------- d-----w- c:\users\Jaime\AppData\Local\Western Digital
2012-09-17 03:50 . 2012-09-17 03:50 -------- d-----w- c:\users\Admin\AppData\Local\Western_Digital
2012-09-17 03:47 . 2012-09-17 03:47 -------- d-----w- c:\programdata\Western Digital
2012-09-17 03:47 . 2012-09-17 03:47 -------- d-----w- c:\program files\Western Digital
2012-09-17 03:46 . 2012-09-17 03:46 -------- d-----w- c:\program files (x86)\Western Digital
2012-09-17 03:46 . 2012-09-17 03:46 -------- d-----w- c:\program files (x86)\Common Files\Western Digital
2012-09-17 03:45 . 2012-09-17 03:48 -------- d-----w- c:\users\Admin\AppData\Local\Western Digital
2012-09-15 17:33 . 2012-09-15 17:33 65536 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{B18C2CFF-4D2D-490E-A8CD-9AA2C4AB9CDE}\ItchShortcut_3AACE619E70942C5B73003B60EB9E2F1.exe
2012-09-15 17:33 . 2012-09-15 17:33 -------- d-----w- c:\windows\usb-audio.deNumarkV7
2012-09-15 17:33 . 2012-09-15 17:33 -------- d-----w- c:\windows\usb-audio.deNumarkNS6
2012-09-15 06:58 . 2012-09-15 07:00 -------- d-----w- c:\programdata\HitmanPro
2012-09-14 01:35 . 2012-09-14 03:02 635 ----a-w- c:\windows\system32\drivers\etc\tmsshf.bin
2012-09-13 04:13 . 2012-09-13 04:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-13 01:02 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-13 01:02 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-13 01:02 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 01:02 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-13 01:02 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-13 01:02 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-13 01:02 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 01:20 . 2012-09-12 01:20 208216 ----a-w- c:\windows\system32\drivers\26396413.sys
2012-09-10 02:57 . 2012-09-10 02:57 -------- d-----w- C:\_OTL
2012-09-08 19:33 . 2012-09-13 04:04 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 12
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 04:10 . 2010-05-14 01:14 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 18:15 . 2012-08-15 01:13 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 01:13 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 01:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 01:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 01:13 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-18 08:10 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-18 08:10 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-18 08:10 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-18 08:10 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-18 08:10 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-18 08:10 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-18 08:10 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-18 08:10 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-18 08:10 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-18 08:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-18 08:10 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-18 08:10 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-18 08:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-18 08:10 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-18 08:10 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-18 08:10 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-18 08:10 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-18 08:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-18 08:10 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-09_20.13.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-06 23:05 . 2012-09-19 23:27 69776 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-19 23:27 55850 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-15 18:46 . 2012-09-19 14:11 15754 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1933086440-4092732277-2633363603-1007_UserData.bin
+ 2010-02-06 22:08 . 2012-09-19 23:27 34246 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1933086440-4092732277-2633363603-1000_UserData.bin
- 2009-07-14 05:30 . 2012-08-18 08:58 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-09-17 03:48 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2008-05-06 21:06 . 2008-05-06 21:06 14464 c:\windows\system32\DriverStore\FileRepository\wdcsam.inf_amd64_neutral_782a203832146fb2\wdcsam64.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb8023x.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09 19968 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\usb80236.sys
+ 2012-09-13 01:02 . 2012-07-04 20:26 41472 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismpx.sys
+ 2012-09-13 01:02 . 2012-07-04 20:26 35840 c:\windows\system32\DriverStore\FileRepository\netrndis.inf_amd64_neutral_0b46e86f0f566f5a\rndismp6.sys
+ 2008-05-06 21:06 . 2008-05-06 21:06 14464 c:\windows\system32\drivers\wdcsam64.sys
+ 2012-09-14 01:14 . 2011-07-12 11:13 70928 c:\windows\system32\drivers\tmevtmgr.sys
+ 2012-09-14 01:14 . 2011-07-12 11:13 91920 c:\windows\system32\drivers\tmactmon.sys
- 2012-04-03 22:14 . 2012-09-03 01:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-03 22:14 . 2012-09-13 04:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-06 20:55 . 2012-09-03 01:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-09-10 06:31 . 2012-09-13 04:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-13 04:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-03 01:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-09-14 04:17 94544 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-09-13 22:13 . 2012-09-13 22:13 25600 c:\windows\Installer\3377d4.msi
+ 2010-02-06 22:21 . 2012-09-13 04:18 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-06 22:44 . 2012-09-11 04:05 1890 c:\windows\SysWOW64\KGyGaAvL.sys
- 2010-02-11 06:55 . 2012-09-08 05:58 7168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-02-11 06:55 . 2012-09-19 15:44 7168 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-09-08 21:45 . 2012-09-08 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-19 23:25 . 2012-09-19 23:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-19 23:25 . 2012-09-19 23:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-08 21:45 . 2012-09-08 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-21 15:16 . 2012-02-21 15:16 341568 c:\windows\usb-audio.deNumarkV7\CPLNumark_V7.exe
- 2011-09-30 19:56 . 2011-09-30 19:56 341568 c:\windows\usb-audio.deNumarkV7\CPLNumark_V7.exe
+ 2012-02-21 15:15 . 2012-02-21 15:15 341568 c:\windows\usb-audio.deNumarkNS7\CPLNumark_NS7.exe
- 2011-09-30 19:55 . 2011-09-30 19:55 341568 c:\windows\usb-audio.deNumarkNS7\CPLNumark_NS7.exe
- 2011-09-30 19:55 . 2011-09-30 19:55 269376 c:\windows\usb-audio.deNumarkNS6\CPLNumark_NS6.exe
+ 2012-02-21 15:14 . 2012-02-21 15:14 269376 c:\windows\usb-audio.deNumarkNS6\CPLNumark_NS6.exe
+ 2010-03-18 14:15 . 2010-03-18 14:15 770384 c:\windows\SysWOW64\msvcr100.dll
+ 2010-03-18 14:15 . 2010-03-18 14:15 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2010-02-07 02:44 . 2012-09-19 01:19 559292 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-09-18 22:27 638616 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-18 22:27 111826 c:\windows\system32\perfc009.dat
+ 2010-02-06 20:13 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
- 2009-07-14 05:30 . 2012-08-18 08:58 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-17 03:48 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-16 22:52 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-08-18 08:58 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:31 . 2012-09-13 21:21 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2012-08-18 08:58 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2012-09-14 01:14 . 2011-08-02 20:58 105744 c:\windows\system32\drivers\tmtdi.sys
+ 2012-09-14 01:14 . 2011-07-12 11:13 167696 c:\windows\system32\drivers\tmcomm.sys
+ 2009-07-14 05:01 . 2012-09-19 15:44 459656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-08 21:00 459656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-17 03:47 . 2012-09-17 03:47 316832 c:\windows\Installer\{EFC0BA9B-F472-4559-B655-9C47281F9483}\icon.exe
+ 2012-09-11 03:12 . 2012-09-11 03:12 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-09-11 03:12 . 2012-09-11 03:12 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-09-11 03:12 . 2012-09-11 03:12 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-09-11 03:12 . 2012-09-11 03:12 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-09-17 03:46 . 2012-09-17 03:46 312736 c:\windows\Installer\{3E9C9EE1-1964-4519-BF80-652E7F415ECF}\icon.exe
+ 2011-01-14 12:10 . 2011-01-14 12:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2009-07-14 04:45 . 2012-09-14 01:40 7154023 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-08-18 20:34 7154023 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-03-11 04:09 . 2012-09-15 08:05 4709488 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933086440-4092732277-2633363603-1000-12288.dat
+ 2012-08-30 08:06 . 2012-08-30 08:06 5007872 c:\windows\Installer\bf466a.msp
+ 2011-07-21 17:34 . 2011-07-21 17:34 3456000 c:\windows\Installer\685ea2a.msp
+ 2011-01-15 14:46 . 2011-01-15 14:46 2049536 c:\windows\Installer\624d2.msi
+ 2011-12-16 21:29 . 2011-12-16 21:29 7528448 c:\windows\Installer\4dd4fc9.msi
+ 2011-12-16 21:29 . 2011-12-16 21:29 6688768 c:\windows\Installer\4dd4fc3.msi
+ 2012-09-17 03:48 . 2012-09-17 03:48 2827160 c:\windows\Installer\{EC39CC32-E144-42E4-9A59-53C20B408BDE}\icon.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-02-06 22:21 . 2012-09-13 04:18 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2010-02-06 22:21 . 2012-08-18 08:17 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-01-14 12:10 . 2011-01-14 12:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL
+ 2011-01-14 12:10 . 2011-01-14 12:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2009-07-14 02:34 . 2012-09-13 21:21 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-08-18 08:58 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-03-17 03:02 . 2012-09-12 02:42 10687780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933086440-4092732277-2633363603-1007-8192.dat
+ 2011-03-05 07:10 . 2012-09-19 06:52 37724888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933086440-4092732277-2633363603-1000-8192.dat
- 2011-03-05 01:22 . 2012-09-01 02:45 51006032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933086440-4092732277-2633363603-1000-4096.dat
+ 2011-03-05 01:22 . 2012-09-17 06:55 51006032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1933086440-4092732277-2633363603-1000-4096.dat
+ 2011-08-02 20:33 . 2011-08-02 20:33 12228096 c:\windows\Installer\bdbe1b.msi
+ 2012-09-15 17:30 . 2012-09-15 17:30 23102564 c:\windows\Installer\b46e20.msi
+ 2011-12-15 20:31 . 2011-12-15 20:31 16986112 c:\windows\Installer\4dd4fcf.msi
+ 2012-09-15 17:30 . 2012-09-15 17:30 23102564 c:\windows\Downloaded Installations\{43B29736-D83E-4441-8041-A4F1D54B957A}\ITCH.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-07-12 18:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-07-12 18:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-07-12 18:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-07-12 18:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-07-12 18:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-07-12 18:22 1186616 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Trend Micro SafeSync.lnk - c:\program files\Trend Micro SafeSync\HrfsClient.exe [2012-9-13 2083640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2007-05-11 04:46 624248 ----a-w- c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 23:10 35696 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
c:\program files (x86)\Corel\Corel Snapfire\PhotoDownloader.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
c:\program files (x86)\Google\Google Talk\googletalk.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HBLiteSA]
c:\program files (x86)\HBLite\bin\11.0.163.0\HBLiteSA.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files (x86)\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
c:\program files (x86)\Nokia\Nokia Music\NokiaMusic.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files (x86)\QuickTime\QTTask.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegWork]
c:\program files (x86)\RegWork\RegWork.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-06 21:41 149280 ----a-w- c:\program files (x86)\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe [BU]
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 NUMARK_NS6_MIDI;Numark NS6 MIDI device;c:\windows\system32\drivers\ns6_midi.sys [2011-03-30 31296]
R3 NUMARK_NS6_USB;Numark NS6 USB driver service;c:\windows\system32\Drivers\ns6_usb.sys [2011-03-30 416320]
R3 NUMARK_NS6_WDM;Numark NS6 WDM device;c:\windows\system32\drivers\ns6_wdm.sys [2011-03-30 54336]
R3 NUMARK_NS7_MIDI;Numark NS7 MIDI device;c:\windows\system32\drivers\ns7_midi.sys [2010-04-22 31296]
R3 NUMARK_NS7_USB;Numark NS7 USB driver service;c:\windows\system32\Drivers\ns7_usb.sys [2010-04-22 402496]
R3 NUMARK_NS7_WDM;Numark NS7 WDM device;c:\windows\system32\drivers\ns7_wdm.sys [2010-04-22 50240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-13 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 70928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\AESTSr64.exe [2008-11-18 88576]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-10-29 64560]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2011-12-16 246688]
S2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
S2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-07-15 126464]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\DRIVERS\OA008Ufd.sys [2008-06-03 168864]
S3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\DRIVERS\OA008Vid.sys [2008-09-19 308000]
S3 OnlineStorageService;OnlineStorageService;c:\program files\Trend Micro SafeSync\hrfscore.exe [2012-07-12 7908664]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 21:48]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-06 21:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPaired]
@="{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}"
[HKEY_CLASSES_ROOT\CLSID\{A203F945-39E9-4286-AFA2-F3ADFCD5FAAA}]
2012-07-12 18:23 1748280 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoPriority]
@="{6F1BB626-1107-4b82-B322-54C5E64461B8}"
[HKEY_CLASSES_ROOT\CLSID\{6F1BB626-1107-4b82-B322-54C5E64461B8}]
2012-07-12 18:23 1748280 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoProblem]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2B}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2B}]
2012-07-12 18:23 1748280 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2012-07-12 18:23 1748280 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2012-07-12 18:23 1748280 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{66669544-5639-4922-99C8-CE7A86651364}"
[HKEY_CLASSES_ROOT\CLSID\{66669544-5639-4922-99C8-CE7A86651364}]
2012-07-12 18:23 1748280 ----a-w- c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-13 3863040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-06 1304824]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 4244888]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rp9rewc6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cf6fa0e&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CE18769B-C7FA-42D2-860D-17C4662C70AD} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\VMware, Inc.\VMnetLibSaved\VMnetBridge]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-19 18:58:48
ComboFix-quarantined-files.txt 2012-09-19 23:58
ComboFix2.txt 2012-09-09 20:19
.
Pre-Run: 180,570,370,048 bytes free
Post-Run: 180,031,479,808 bytes free
.
- - End Of File - - 383745CE3CA0E238E39D62D3684C72BD

#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 19 September 2012 - 10:18 PM

Does the redirect occur across all your web browsers or just firefox?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 djmito

djmito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 20 September 2012 - 04:25 PM

I was just doing some searches on IE9 and didn't get redirected once. However it is very slow, but it might be because I haven't updated it in Forever! I will continue to use IE9 for a bit and see if I get redirected when I search on google.

#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 20 September 2012 - 09:41 PM

Most likely there is a bad plugin in your Firefox which caused the redirect. Please run OTL as it will provide us the information that we need.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 djmito

djmito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 23 September 2012 - 01:05 AM

I ran the OTL Scan like you asked but only got onw .txt file open. the OTL.txt one:

OTL logfile created on: 9/22/2012 11:19:50 PM - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 44.94% Memory free
3.92 Gb Paging File | 2.35 Gb Available in Paging File | 59.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 166.56 Gb Free Space | 55.88% Space Free | Partition Type: NTFS

Computer Name: STUDIO1555 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trend Micro SafeSync\HrfsClient.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Trend Micro SafeSync\avcodec-54.dll ()
MOD - C:\Program Files\Trend Micro SafeSync\avformat-54.dll ()
MOD - C:\Program Files\Trend Micro SafeSync\avutil-51.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (OnlineStorageService) -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe (Trend Micro Inc.)
SRV:64bit: - (WDFMEService) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe (Western Digital )
SRV:64bit: - (WDRulesService) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe (WDC)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\STacSV64.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4a9ee257dabda42f\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (NUMARK_NS6_USB) -- C:\Windows\SysNative\drivers\ns6_usb.sys (Ploytec GmbH)
DRV:64bit: - (NUMARK_NS6_WDM) -- C:\Windows\SysNative\drivers\ns6_wdm.sys (Numark)
DRV:64bit: - (NUMARK_NS6_MIDI) -- C:\Windows\SysNative\drivers\ns6_midi.sys (Numark)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NUMARK_NS7_USB) -- C:\Windows\SysNative\drivers\ns7_usb.sys (Ploytec GmbH)
DRV:64bit: - (NUMARK_NS7_WDM) -- C:\Windows\SysNative\drivers\ns7_wdm.sys (Numark)
DRV:64bit: - (NUMARK_NS7_MIDI) -- C:\Windows\SysNative\drivers\ns7_midi.sys (Numark)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\drivers\OA008Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\drivers\OA008Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)
DRV:64bit: - (UsbFltr) -- C:\Windows\SysNative\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{06A35440-6FB3-4CDA-A962-99C53D4349A6}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPCK_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={EA72CA68-6AE8-4ACB-A8F3-19D54AED7FED}&mid=3f2853991beb7da740791c21dbf3dc5c-b6be6b39abb0a43281c423d323772923b5ea0c3b&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: sliodfgqld@sliodfgqld.org:1.0
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
FF - prefs.js..extensions.mywebsearch.prevKwdURL: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cf6fa0e&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/09/13 20:31:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/09/13 20:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/09/13 20:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/12 23:12:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/30 23:28:16 | 000,000,000 | ---D | M]

[2010/03/02 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2010/03/02 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/09/11 20:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rp9rewc6.default\extensions
[2012/03/29 17:34:24 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\extensions\sliodfgqld@sliodfgqld.org.xpi
[2012/09/11 20:31:46 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\extensions\testpilot@labs.mozilla.com.xpi
[2011/09/27 21:08:32 | 000,003,739 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\searchplugins\avg-secure-search.xml
[2010/04/09 00:41:34 | 000,010,025 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\searchplugins\mywebsearch.xml
[2012/09/12 23:12:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/08/24 10:18:45 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/15 15:28:57 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2:64bit: - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2010/05/11 23:20:16 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CA58999-19D6-4500-A01F-69A20BF845A6}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E58D879F-0387-487D-9360-F16BC1178899}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/22 10:13:52 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/22 10:13:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 10:13:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 10:13:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 10:13:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 10:13:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 10:13:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 10:13:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 10:13:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 10:13:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 10:13:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 10:12:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 10:12:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 10:12:56 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 10:12:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/22 10:12:54 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/20 16:09:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/17 18:13:28 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/09/16 22:50:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Western_Digital
[2012/09/16 22:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2012/09/16 22:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/09/16 22:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2012/09/16 22:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2012/09/16 22:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Western Digital
[2012/09/16 22:45:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Western Digital
[2012/09/16 18:47:29 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/09/16 18:47:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/09/16 18:21:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012/09/15 12:33:23 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.deNumarkV7
[2012/09/15 12:33:23 | 000,000,000 | ---D | C] -- C:\Windows\usb-audio.deNumarkNS6
[2012/09/15 01:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/09/13 20:32:34 | 000,000,000 | R--D | C] -- C:\Users\Admin\SafeSync
[2012/09/13 20:32:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Trend Micro
[2012/09/13 20:31:30 | 000,000,000 | ---D | C] -- C:\temp
[2012/09/13 20:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/09/13 20:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro SafeSync
[2012/09/13 20:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro SafeSync
[2012/09/13 20:27:19 | 015,562,880 | ---- | C] (Trend Micro Inc. ) -- C:\Users\Admin\Desktop\Trend_Micro_SafeSync_5.1.0.1173.exe
[2012/09/13 20:16:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Trend Micro
[2012/09/13 20:16:07 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security 2012
[2012/09/13 20:14:53 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2012/09/13 20:14:43 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/09/13 20:14:43 | 000,091,920 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2012/09/13 20:14:43 | 000,070,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2012/09/13 20:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/09/13 20:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/09/12 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/09/12 20:02:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 20:02:30 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 20:02:23 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 20:02:22 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/11 20:20:17 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\26396413.sys
[2012/09/09 21:57:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/09 15:19:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/09 14:49:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/09 14:49:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/09 14:49:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/09 14:38:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/09 14:37:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/08 14:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12
[2012/09/06 21:23:10 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{18901CFC-3ECC-4929-ADE2-A60F3735514E}
[2012/09/04 23:37:29 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\{64D62565-C571-4B5D-B524-F940982A90BE}

========== Files - Modified Within 30 Days ==========

[2012/09/22 23:18:03 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/22 23:11:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/22 17:18:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/22 17:02:30 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 17:02:30 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/22 16:47:33 | 1578,258,432 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/22 10:14:03 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/09/19 21:18:24 | 000,029,794 | ---- | M] () -- C:\Users\Admin\Desktop\394436_3200420108099_1573241736_n.jpg
[2012/09/19 18:30:42 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/09/18 23:14:31 | 002,775,380 | ---- | M] () -- C:\Users\Admin\Desktop\DSCN2483.JPG
[2012/09/18 23:12:08 | 000,079,575 | ---- | M] () -- C:\Users\Admin\Desktop\DSCN1655.JPG
[2012/09/18 23:09:48 | 000,032,092 | ---- | M] () -- C:\Users\Admin\Desktop\cats.jpg
[2012/09/18 23:07:22 | 000,266,883 | ---- | M] () -- C:\Users\Admin\Desktop\Video call snapshot 18.png
[2012/09/18 23:07:18 | 000,024,301 | ---- | M] () -- C:\Users\Admin\Desktop\BeFunky_Instant_2 (3).jpg
[2012/09/18 17:27:17 | 000,746,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/18 17:27:17 | 000,638,616 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/18 17:27:17 | 000,111,826 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/17 23:12:35 | 000,031,557 | ---- | M] () -- C:\Users\Admin\Desktop\561691_357365101005102_1985425272_n.jpg
[2012/09/17 20:17:32 | 000,024,931 | ---- | M] () -- C:\Users\Admin\Desktop\hellokittytoys11.jpg
[2012/09/16 22:48:21 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\WD SmartWare.lnk
[2012/09/16 22:47:16 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\WD Security.lnk
[2012/09/16 22:46:37 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk
[2012/09/16 21:40:16 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/09/16 18:47:54 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/09/16 18:47:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/09/16 18:22:11 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\dds.com
[2012/09/16 00:06:18 | 349,117,802 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/15 15:28:57 | 000,000,833 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/15 12:33:24 | 000,001,000 | ---- | M] () -- C:\Users\Admin\Desktop\ITCH.lnk
[2012/09/15 02:16:20 | 000,001,021 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/13 22:02:29 | 000,000,635 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmsshf.bin
[2012/09/13 20:31:03 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Trend Micro SafeSync Files.lnk
[2012/09/13 20:31:03 | 000,001,866 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trend Micro SafeSync.lnk
[2012/09/13 20:29:02 | 015,562,880 | ---- | M] (Trend Micro Inc. ) -- C:\Users\Admin\Desktop\Trend_Micro_SafeSync_5.1.0.1173.exe
[2012/09/13 20:16:23 | 000,001,445 | ---- | M] () -- C:\Users\Admin\Desktop\Trend Micro Titanium Maximum Security 2012.lnk
[2012/09/13 20:08:55 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/09/13 20:08:43 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/09/12 23:24:21 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/12 23:13:12 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/12 23:10:28 | 000,004,369 | ---- | M] () -- C:\Users\Admin\Desktop\Virtual DJ 7.0.5.lnk
[2012/09/11 20:20:18 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\26396413.sys
[2012/09/10 23:05:28 | 000,001,890 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012/09/10 22:12:11 | 000,748,178 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/10 19:34:44 | 000,325,242 | ---- | M] () -- C:\Users\Admin\Documents\cc_20120910_193359 (backup CCLEANER).reg
[2012/09/10 01:03:35 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2012/09/09 12:50:52 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2012/08/24 05:31:32 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/24 05:20:11 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/24 05:18:46 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/24 05:14:45 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/24 05:14:34 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/24 05:13:29 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/08/24 05:11:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/08/24 05:10:14 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/24 05:04:06 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/24 01:51:02 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/24 01:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/24 01:47:36 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/24 01:47:26 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/24 01:44:10 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/24 01:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

========== Files Created - No Company Name ==========

[2012/09/19 21:18:14 | 000,029,794 | ---- | C] () -- C:\Users\Admin\Desktop\394436_3200420108099_1573241736_n.jpg
[2012/09/18 23:13:40 | 002,775,380 | ---- | C] () -- C:\Users\Admin\Desktop\DSCN2483.JPG
[2012/09/18 23:11:55 | 000,079,575 | ---- | C] () -- C:\Users\Admin\Desktop\DSCN1655.JPG
[2012/09/18 23:09:38 | 000,032,092 | ---- | C] () -- C:\Users\Admin\Desktop\cats.jpg
[2012/09/18 23:07:06 | 000,266,883 | ---- | C] () -- C:\Users\Admin\Desktop\Video call snapshot 18.png
[2012/09/18 23:07:06 | 000,024,301 | ---- | C] () -- C:\Users\Admin\Desktop\BeFunky_Instant_2 (3).jpg
[2012/09/17 23:12:22 | 000,031,557 | ---- | C] () -- C:\Users\Admin\Desktop\561691_357365101005102_1985425272_n.jpg
[2012/09/17 20:17:29 | 000,024,931 | ---- | C] () -- C:\Users\Admin\Desktop\hellokittytoys11.jpg
[2012/09/16 22:48:21 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\WD SmartWare.lnk
[2012/09/16 22:47:16 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\WD Security.lnk
[2012/09/16 22:46:37 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\WD Drive Utilities.lnk
[2012/09/16 21:40:16 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/09/16 00:06:18 | 349,117,802 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/15 02:16:20 | 000,001,021 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/13 20:30:13 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Trend Micro SafeSync Files.lnk
[2012/09/13 20:30:13 | 000,001,866 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Trend Micro SafeSync.lnk
[2012/09/13 20:16:07 | 000,001,445 | ---- | C] () -- C:\Users\Admin\Desktop\Trend Micro Titanium Maximum Security 2012.lnk
[2012/09/13 20:08:55 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/09/13 20:08:42 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/12 23:13:10 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/12 23:10:28 | 000,004,369 | ---- | C] () -- C:\Users\Admin\Desktop\Virtual DJ 7.0.5.lnk
[2012/09/10 22:12:54 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/10 19:34:13 | 000,325,242 | ---- | C] () -- C:\Users\Admin\Documents\cc_20120910_193359 (backup CCLEANER).reg
[2012/09/09 14:49:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/09 14:49:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/09 14:49:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/09 14:49:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/09 14:49:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/19 02:24:06 | 000,190,504 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/05 23:15:01 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{D8C63F0F-46AA-43CB-88B6-BFE56E4C91A1}
[2011/06/30 21:55:53 | 000,007,605 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2010/12/05 21:03:44 | 000,233,472 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/10/11 21:02:45 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/05/19 02:17:40 | 000,038,912 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 12:35:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2010/07/08 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\Admin\Documents\Files for FL\z nico\ROLAND SPD-20\n
[2010/02/06 17:48:13 | 000,000,000 | ---D | M] -- C:\Users\Public\WindowsOld\Users\MiT2\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SJNHMCKH\web-static.ea.com\u
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2011/01/21 19:32:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Acoustica
[2010/09/29 21:58:33 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2012/09/15 02:17:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2011/08/19 15:54:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FrostWire
[2011/08/01 12:15:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Image-Line
[2012/07/27 13:33:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mp3tag
[2011/08/25 18:48:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ooVoo Details
[2011/08/04 22:03:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PC Suite
[2011/11/14 23:53:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SynthMaker
[2012/09/15 02:17:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 23 September 2012 - 01:20 AM

It's ok. The Extras log only opens on the first run.

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..extensions.enabledAddons: sliodfgqld@sliodfgqld.org:1.0
    FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2
    FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
    FF - prefs.js..extensions.mywebsearch.prevKwdURL: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q="
    FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cf6fa0e&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
    [2010/03/02 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
    [2010/03/02 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2012/09/11 20:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rp9rewc6.default\extensions
    [2012/03/29 17:34:24 | 000,004,733 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\extensions\sliodfgqld@sliodfgqld.org.xpi
    [2012/09/11 20:31:46 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\extensions\testpilot@labs.mozilla.com.xpi
    [2011/09/27 21:08:32 | 000,003,739 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\searchplugins\avg-secure-search.xml
    [2010/04/09 00:41:34 | 000,010,025 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\searchplugins\mywebsearch.xml
    [2010/08/24 10:18:45 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    
    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
    [CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log as well as a new OTL log by rerunning it after reboot without custom scans script.
===================================================

I need you to make a batch file.

Open a new Notepad session

  • Click the Start button, click Run
  • In the run box type notepad
  • Click OK
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
@Echo on
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

In the notepad

Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename: "flush.bat"
Click Save


You should now have a file on your desktop with an icon like this Posted Image

Double click on flush.bat & allow it to run. A small black screen may briefly flash on and off, that normal.

===================================================

On your next reply please post :
Fix OTL log
Fresh OTL log


Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 djmito

djmito
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 25 September 2012 - 06:37 PM

I ran OTL and here is the .txt that came up, not sure if it's the right one:

All processes killed
========== OTL ==========
Prefs.js: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine
Prefs.js: sliodfgqld@sliodfgqld.org:1.0 removed from extensions.enabledAddons
Prefs.js: testpilot@labs.mozilla.com:1.2.2 removed from extensions.enabledAddons
Prefs.js: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0 removed from extensions.enabledItems
Prefs.js: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:en-US:official&q=" removed from extensions.mywebsearch.prevKwdURL
Prefs.js: "http://search.avg.com/route/?d=4cf6fa0e&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Extensions folder moved successfully.
Folder C:\Users\Admin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org\ not found.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rp9rewc6.default\extensions folder moved successfully.
File C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\extensions\sliodfgqld@sliodfgqld.org.xpi not found.
File C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\extensions\testpilot@labs.mozilla.com.xpi not found.
C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\searchplugins\avg-secure-search.xml moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rp9rewc6.default\searchplugins\mywebsearch.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 117662 bytes
->Temporary Internet Files folder emptied: 117625779 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1124447220 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 5314 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jaime
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 120009321 bytes
->Flash cache emptied: 3057 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TITA
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 76767476 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,372.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.65.1 log created on 09232012_210251

Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\etilqs_761sUUTlT3HSa5MmJq1p moved successfully.
C:\Windows\temp\etilqs_7wlTUt8XKA2HfeBLKgth moved successfully.
C:\Windows\temp\etilqs_7ZcQfbQ1VnlZCjUCfbjm moved successfully.
C:\Windows\temp\etilqs_FERrB0uvE50V5dM2BuZ1 moved successfully.
C:\Windows\temp\etilqs_h8UCAekRwuhf4C0B2VZH moved successfully.
C:\Windows\temp\etilqs_U6d0mBvGTTpV5rcMug2x moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
------------------------------------------------------------------------------------------------------------------

and I couldn't seem to find the "frest log" and I believe what I just posted was the "fix log" please help me with that. I also created and ran the batch file you asked me to create.

#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 25 September 2012 - 09:54 PM

You need to run OTL again. But this time you have to press Run Scan for a fresh log.

Are you still having redirect?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:46 AM

Posted 30 September 2012 - 10:16 AM

Still with us?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users