Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Searches redirect to gethotresults.com


  • This topic is locked This topic is locked
18 replies to this topic

#1 gphaeg

gphaeg

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 18 September 2012 - 06:11 PM

Searches in Firefox and IE redirect to click.gethotresults.com. I thought I had cleared it with Tdsskiller by following recommendation seen on this site, but it came back. It's driving me nuts! Please help. Here is my log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Greg at 18:33:56 on 2012-09-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.684 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Gmail Notifier\Gmail Notifier.exe
C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - c:\program files\microsoft office 15\root\office15\OCHelper.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Microsoft SPFS Browser Helper: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} - c:\program files\microsoft office 15\root\office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [Gmail Notifier.exe] c:\program files\gmail notifier\Gmail Notifier.exe /startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Daemon for Mouse Suite] c:\program files\lenovo\lenovo mouse suite\ICO.EXE 60
mRun: [Power Manager Power Agenda] c:\progra~1\thinkpad\utilit~1\DPMHost.exe
mRun: [Lenovo Registration] c:\program files\lenovo registration\LenovoReg.exe /boot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\greg\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\greg\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{536DCA78-33EE-447A-B834-5D6CBE25CC08} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\microsoft office 15\root\office15\msosb.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\greg\appdata\roaming\mozilla\firefox\profiles\5rer40jv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://apod.nasa.gov/apod/astropix.html
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\greg\appdata\roaming\mozilla\firefox\profiles\5rer40jv.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\users\greg\appdata\roaming\mozilla\firefox\profiles\5rer40jv.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - cd292861-df48-4bca-b5ae-20b85b722b10
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl2898d22f;MpKsl2898d22f;c:\programdata\microsoft\microsoft antimalware\definition updates\{13c222fa-c285-4d85-b939-cc129e80f190}\MpKsl2898d22f.sys [2012-9-18 29904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-9-13 47640]
R2 OfficeSvc;Microsoft Office Service;c:\program files\microsoft office 15\clientx86\integratedoffice.exe [2012-9-12 1032304]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2011-12-10 70968]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-12-10 2066968]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2012-9-13 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2012-9-13 11520]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-12-10 202408]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-10 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-14 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-10 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-9-12 114144]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2012-7-22 4846168]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-30 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
SUnknown MpKsld4ef206b;MpKsld4ef206b; [x]
.
=============== Created Last 30 ================
.
2012-09-18 22:00:16 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{13c222fa-c285-4d85-b939-cc129e80f190}\offreg.dll
2012-09-18 22:00:16 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{13c222fa-c285-4d85-b939-cc129e80f190}\MpKsl2898d22f.sys
2012-09-18 21:59:13 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{13c222fa-c285-4d85-b939-cc129e80f190}\mpengine.dll
2012-09-18 20:22:21 7022536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-18 20:10:15 -------- d-----w- C:\$RECYCLE.BIN
2012-09-18 20:07:59 -------- d-----w- c:\users\greg\appdata\local\temp
2012-09-18 19:52:47 98816 ----a-w- c:\windows\sed.exe
2012-09-18 19:52:47 518144 ----a-w- c:\windows\SWREG.exe
2012-09-18 19:52:47 256000 ----a-w- c:\windows\PEV.exe
2012-09-18 19:52:47 208896 ----a-w- c:\windows\MBR.exe
2012-09-18 19:35:27 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-18 16:40:36 -------- d-----w- c:\users\greg\appdata\local\WeatherBug
2012-09-18 16:40:35 -------- d-----w- c:\users\greg\appdata\roaming\WeatherBug
2012-09-18 16:32:20 -------- d-----w- c:\program files\AWS
2012-09-18 16:14:36 -------- d-----w- c:\users\greg\appdata\local\CrashDumps
2012-09-18 14:37:34 -------- d-----w- c:\users\greg\appdata\local\Apple Computer
2012-09-18 14:37:15 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-18 14:36:07 -------- d-----w- c:\program files\iPod
2012-09-18 14:36:06 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-18 14:36:06 -------- d-----w- c:\program files\iTunes
2012-09-18 12:21:10 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-09-18 12:21:10 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-09-18 12:21:10 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-09-18 12:21:10 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-09-18 12:21:10 118240 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-09-18 12:21:09 917984 ----a-w- c:\program files\mozilla firefox\firefox.exe
2012-09-18 12:21:09 82400 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2012-09-18 12:21:09 425952 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2012-09-18 12:21:09 258528 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2012-09-18 12:21:09 2288608 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-09-18 12:21:09 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-09-18 12:21:08 114144 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-09-15 15:58:16 -------- d-s---w- c:\users\greg\Google Drive
2012-09-14 19:13:29 -------- d-----w- c:\users\greg\appdata\local\Macromedia
2012-09-14 19:13:12 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 19:13:12 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 16:41:10 -------- d-----w- c:\users\greg\appdata\local\Apple
2012-09-14 16:40:50 -------- d-----w- c:\program files\Bonjour
2012-09-14 15:43:58 -------- d-----w- c:\users\greg\appdata\roaming\Gmail Notifier
2012-09-14 15:43:55 -------- d-----w- c:\program files\Gmail Notifier
2012-09-13 21:10:29 -------- d-----w- c:\users\greg\appdata\local\PDF Writer
2012-09-13 21:09:21 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-09-13 21:08:35 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2012-09-13 21:08:35 103424 ----a-w- c:\windows\system32\bzDCT.dll
2012-09-13 21:08:35 -------- d-----w- c:\users\greg\appdata\roaming\PDF Writer
2012-09-13 21:08:35 -------- d-----w- c:\programdata\PDF Writer
2012-09-13 21:08:35 -------- d-----w- c:\program files\common files\Bullzip
2012-09-13 21:08:34 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2012-09-13 21:08:31 197120 ----a-w- c:\windows\system32\bzpdf.dll
2012-09-13 21:08:27 -------- d-----w- c:\program files\Bullzip
2012-09-13 21:07:31 -------- d-----w- c:\program files\Yontoo
2012-09-13 21:07:29 -------- d-----w- c:\programdata\Tarma Installer
2012-09-13 20:08:29 -------- d-----w- c:\users\greg\appdata\local\Microsoft Help
2012-09-13 19:57:09 -------- d-----w- c:\users\greg\appdata\roaming\FLEXnet
2012-09-13 19:36:32 -------- d-----w- c:\users\greg\appdata\roaming\ControlCenter4
2012-09-13 19:20:09 -------- d-----w- c:\users\greg\appdata\local\Google
2012-09-13 17:54:24 -------- d-----w- c:\users\greg\appdata\local\LogMeIn
2012-09-13 17:54:21 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-09-13 17:54:21 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-09-13 17:54:20 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-09-13 17:54:20 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-09-13 17:54:16 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-09-13 17:54:12 -------- d-----w- c:\programdata\LogMeIn
2012-09-13 17:54:00 -------- d-----w- c:\program files\LogMeIn
2012-09-13 17:45:25 71424 ----a-w- c:\windows\system32\drivers\BrSerIb.sys
2012-09-13 17:45:02 -------- d-----w- C:\Brother
2012-09-13 17:45:01 73728 ------w- c:\windows\system32\BRCrypt.dll
2012-09-13 17:41:36 -------- d-----w- c:\programdata\zeon
2012-09-13 17:40:39 -------- d-----w- c:\users\greg\appdata\local\Adobe
2012-09-13 17:26:32 -------- d-----w- c:\users\greg\appdata\roaming\Nuance
2012-09-13 17:24:46 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-09-13 17:24:45 -------- d-----w- c:\programdata\Nuance
2012-09-13 17:24:45 -------- d-----w- c:\program files\Nuance
2012-09-13 17:18:54 -------- d-----w- c:\programdata\Brother
2012-09-13 16:58:22 -------- d-----r- c:\users\greg\Dropbox
2012-09-13 16:51:50 -------- d-----w- c:\users\greg\appdata\roaming\Dropbox
2012-09-13 16:16:54 -------- d-----w- c:\users\greg\appdata\roaming\DesktopPwrMgr
2012-09-13 16:16:22 -------- d-----w- c:\users\greg\appdata\local\Mozilla
2012-09-13 16:15:29 -------- d-----w- c:\users\greg\appdata\local\VirtualStore
2012-09-13 14:40:21 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-09-13 14:30:28 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-13 14:30:11 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 14:29:51 41984 ----a-w- c:\windows\system32\browcli.dll
2012-09-13 14:29:51 102912 ----a-w- c:\windows\system32\browser.dll
2012-09-12 21:55:09 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{90216e72-e4a6-4cf5-b63c-21e4a107f831}\gapaengine.dll
2012-09-12 21:54:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-12 17:50:31 460424 ----a-w- c:\programdata\microsoft\clicktorun\{9ac08e99-230b-47e8-9721-4577b7f124ea}\integrator.exe
2012-09-12 17:48:52 -------- d-----w- c:\program files\Microsoft Office 15
2012-09-12 17:01:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-12 16:48:53 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2012-09-12 16:48:53 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2012-09-12 16:48:53 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2012-09-12 16:48:53 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
2012-09-12 16:48:53 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-09-12 16:48:52 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-09-12 16:48:52 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2012-09-12 16:48:45 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-09-12 16:48:45 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-09-12 16:48:45 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-09-12 16:47:53 7022536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f229b8f5-f24d-4e70-b013-728457f98eb4}\mpengine.dll
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
==================== Find3M ====================
.
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-07-22 00:55:14 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-07-22 00:55:14 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-07-09 17:42:56 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 17:42:56 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-04 19:45:31 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
============= FINISH: 18:35:11.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 PM

Posted 19 September 2012 - 01:30 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gphaeg

gphaeg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 19 September 2012 - 08:25 AM

Thank you so much for helping. I ran the programs, the reports are below. After running them I checked to see if I was still infected and after a few searches I was again redirected to click.gethotresults.com. Looks like it is still residing somewhere. I have Microsoft Security Essentials running.


# AdwCleaner v2.002 - Logfile created 09/19/2012 at 09:01:49
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Greg - EQUITY3
# Boot Mode : Normal
# Running from : C:\Users\Greg\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\prefs.js

C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2530 octets] - [19/09/2012 08:58:56]
AdwCleaner[R2].txt - [2590 octets] - [19/09/2012 09:01:24]
AdwCleaner[S1].txt - [3077 octets] - [19/09/2012 09:01:49]

########## EOF - C:\AdwCleaner[S1].txt - [3137 octets] ##########



RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Greg [Admin rights]
Mode : Remove -- Date : 09/19/2012 09:07:37

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250312AS ATA Device +++++
--- User ---
[MBR] 34be90a2cced999b8a1fc468d8b4e196
[BSP] 46a805a1e0bc86b8a919e40b9e8516dc : Lenovo tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2459648 | Size: 227272 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 467914752 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



Thanks again for your help.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 PM

Posted 19 September 2012 - 12:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gphaeg

gphaeg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 19 September 2012 - 01:51 PM

Gringo, thanks again. Here are the reports. I tried a bunch of searches after I ran the programs and after about 5 searches I was again redirected. Arrrrrr! (That was for talk like a pirate day.) Here are the reports.

14:00:34.0268 3828 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:00:34.0580 3828 ============================================================
14:00:34.0580 3828 Current date / time: 2012/09/19 14:00:34.0580
14:00:34.0580 3828 SystemInfo:
14:00:34.0580 3828
14:00:34.0580 3828 OS Version: 6.1.7601 ServicePack: 1.0
14:00:34.0580 3828 Product type: Workstation
14:00:34.0580 3828 ComputerName: EQUITY3
14:00:34.0580 3828 UserName: Greg
14:00:34.0580 3828 Windows directory: C:\Windows
14:00:34.0580 3828 System windows directory: C:\Windows
14:00:34.0580 3828 Processor architecture: Intel x86
14:00:34.0580 3828 Number of processors: 2
14:00:34.0580 3828 Page size: 0x1000
14:00:34.0580 3828 Boot type: Normal boot
14:00:34.0580 3828 ============================================================
14:00:36.0218 3828 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:00:36.0265 3828 ============================================================
14:00:36.0265 3828 \Device\Harddisk0\DR0:
14:00:36.0265 3828 MBR partitions:
14:00:36.0265 3828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
14:00:36.0265 3828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x1BBE47F8
14:00:36.0265 3828 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
14:00:36.0265 3828 ============================================================
14:00:36.0312 3828 C: <-> \Device\Harddisk0\DR0\Partition2
14:00:36.0390 3828 Q: <-> \Device\Harddisk0\DR0\Partition3
14:00:36.0390 3828 ============================================================
14:00:36.0390 3828 Initialize success
14:00:36.0390 3828 ============================================================
14:01:02.0488 4068 ============================================================
14:01:02.0488 4068 Scan started
14:01:02.0488 4068 Mode: Manual;
14:01:02.0488 4068 ============================================================
14:01:02.0800 4068 ================ Scan system memory ========================
14:01:02.0800 4068 System memory - ok
14:01:02.0800 4068 ================ Scan services =============================
14:01:02.0925 4068 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:01:02.0941 4068 1394ohci - ok
14:01:02.0956 4068 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:01:02.0956 4068 ACPI - ok
14:01:02.0988 4068 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:01:02.0988 4068 AcpiPmi - ok
14:01:03.0050 4068 [ 98ADC1F2B4EFEE3CFC83CCCEF0190466 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
14:01:03.0066 4068 ADIHdAudAddService - ok
14:01:03.0144 4068 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:01:03.0144 4068 AdobeARMservice - ok
14:01:03.0190 4068 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:01:03.0190 4068 AdobeFlashPlayerUpdateSvc - ok
14:01:03.0222 4068 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:01:03.0237 4068 adp94xx - ok
14:01:03.0253 4068 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:01:03.0268 4068 adpahci - ok
14:01:03.0284 4068 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:01:03.0284 4068 adpu320 - ok
14:01:03.0315 4068 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:01:03.0315 4068 AeLookupSvc - ok
14:01:03.0362 4068 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:01:03.0362 4068 AFD - ok
14:01:03.0378 4068 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:01:03.0378 4068 agp440 - ok
14:01:03.0424 4068 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:01:03.0424 4068 aic78xx - ok
14:01:03.0440 4068 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:01:03.0456 4068 ALG - ok
14:01:03.0471 4068 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:01:03.0471 4068 aliide - ok
14:01:03.0487 4068 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:01:03.0487 4068 amdagp - ok
14:01:03.0487 4068 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:01:03.0487 4068 amdide - ok
14:01:03.0518 4068 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:01:03.0518 4068 AmdK8 - ok
14:01:03.0534 4068 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:01:03.0534 4068 AmdPPM - ok
14:01:03.0565 4068 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:01:03.0565 4068 amdsata - ok
14:01:03.0580 4068 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:01:03.0596 4068 amdsbs - ok
14:01:03.0612 4068 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:01:03.0612 4068 amdxata - ok
14:01:03.0627 4068 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:01:03.0627 4068 AppID - ok
14:01:03.0658 4068 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:01:03.0658 4068 AppIDSvc - ok
14:01:03.0674 4068 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
14:01:03.0674 4068 Appinfo - ok
14:01:03.0721 4068 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:01:03.0721 4068 Apple Mobile Device - ok
14:01:03.0752 4068 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
14:01:03.0752 4068 arc - ok
14:01:03.0783 4068 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:01:03.0783 4068 arcsas - ok
14:01:03.0830 4068 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:03.0830 4068 AsyncMac - ok
14:01:03.0846 4068 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:01:03.0846 4068 atapi - ok
14:01:03.0892 4068 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:01:03.0908 4068 AudioEndpointBuilder - ok
14:01:03.0924 4068 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:01:03.0924 4068 Audiosrv - ok
14:01:03.0939 4068 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:01:03.0939 4068 AxInstSV - ok
14:01:03.0986 4068 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
14:01:03.0986 4068 b06bdrv - ok
14:01:04.0033 4068 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:01:04.0033 4068 b57nd60x - ok
14:01:04.0080 4068 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:01:04.0095 4068 BDESVC - ok
14:01:04.0095 4068 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:01:04.0111 4068 Beep - ok
14:01:04.0142 4068 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:01:04.0158 4068 BFE - ok
14:01:04.0189 4068 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
14:01:04.0204 4068 BITS - ok
14:01:04.0220 4068 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:01:04.0220 4068 blbdrive - ok
14:01:04.0267 4068 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:01:04.0282 4068 Bonjour Service - ok
14:01:04.0298 4068 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:01:04.0298 4068 bowser - ok
14:01:04.0329 4068 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:01:04.0329 4068 BrFiltLo - ok
14:01:04.0345 4068 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:01:04.0360 4068 BrFiltUp - ok
14:01:04.0376 4068 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:01:04.0392 4068 BridgeMP - ok
14:01:04.0407 4068 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:01:04.0407 4068 Browser - ok
14:01:04.0438 4068 [ 9F80879913DC2712FD0C4D734E3F519B ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys
14:01:04.0454 4068 BrSerIb - ok
14:01:04.0470 4068 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:01:04.0485 4068 Brserid - ok
14:01:04.0516 4068 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:04.0516 4068 BrSerWdm - ok
14:01:04.0532 4068 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:04.0532 4068 BrUsbMdm - ok
14:01:04.0548 4068 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:04.0548 4068 BrUsbSer - ok
14:01:04.0579 4068 [ B67512DA42C0C90BF236D5485226C1C7 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys
14:01:04.0579 4068 BrUsbSIb - ok
14:01:04.0610 4068 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:01:04.0610 4068 BTHMODEM - ok
14:01:04.0657 4068 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:01:04.0657 4068 bthserv - ok
14:01:04.0766 4068 catchme - ok
14:01:04.0782 4068 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:01:04.0782 4068 cdfs - ok
14:01:04.0828 4068 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:01:04.0828 4068 cdrom - ok
14:01:04.0860 4068 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:01:04.0860 4068 CertPropSvc - ok
14:01:04.0875 4068 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
14:01:04.0875 4068 circlass - ok
14:01:04.0906 4068 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:01:04.0906 4068 CLFS - ok
14:01:04.0969 4068 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:01:04.0984 4068 clr_optimization_v2.0.50727_32 - ok
14:01:05.0031 4068 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:01:05.0031 4068 clr_optimization_v4.0.30319_32 - ok
14:01:05.0062 4068 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:01:05.0062 4068 CmBatt - ok
14:01:05.0062 4068 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:01:05.0062 4068 cmdide - ok
14:01:05.0109 4068 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
14:01:05.0109 4068 CNG - ok
14:01:05.0140 4068 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:01:05.0140 4068 Compbatt - ok
14:01:05.0156 4068 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:01:05.0156 4068 CompositeBus - ok
14:01:05.0172 4068 COMSysApp - ok
14:01:05.0203 4068 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:01:05.0203 4068 crcdisk - ok
14:01:05.0234 4068 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:01:05.0234 4068 CryptSvc - ok
14:01:05.0312 4068 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:01:05.0328 4068 cvhsvc - ok
14:01:05.0374 4068 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:01:05.0390 4068 DcomLaunch - ok
14:01:05.0406 4068 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:01:05.0406 4068 defragsvc - ok
14:01:05.0437 4068 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:01:05.0437 4068 DfsC - ok
14:01:05.0452 4068 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:01:05.0468 4068 Dhcp - ok
14:01:05.0499 4068 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:01:05.0499 4068 discache - ok
14:01:05.0530 4068 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
14:01:05.0530 4068 Disk - ok
14:01:05.0562 4068 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:01:05.0562 4068 Dnscache - ok
14:01:05.0593 4068 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:01:05.0593 4068 dot3svc - ok
14:01:05.0608 4068 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:01:05.0608 4068 DPS - ok
14:01:05.0640 4068 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:01:05.0640 4068 drmkaud - ok
14:01:05.0671 4068 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:01:05.0686 4068 DXGKrnl - ok
14:01:05.0718 4068 [ 68E0D0569F99EE4E26564EA8FB8187CD ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
14:01:05.0733 4068 e1kexpress - ok
14:01:05.0749 4068 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:01:05.0764 4068 EapHost - ok
14:01:05.0842 4068 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:01:05.0905 4068 ebdrv - ok
14:01:05.0936 4068 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:01:05.0936 4068 EFS - ok
14:01:05.0983 4068 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:01:05.0983 4068 ehRecvr - ok
14:01:05.0998 4068 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:01:05.0998 4068 ehSched - ok
14:01:06.0045 4068 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:01:06.0045 4068 elxstor - ok
14:01:06.0061 4068 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:01:06.0061 4068 ErrDev - ok
14:01:06.0108 4068 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:01:06.0108 4068 EventSystem - ok
14:01:06.0123 4068 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:01:06.0139 4068 exfat - ok
14:01:06.0154 4068 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:01:06.0154 4068 fastfat - ok
14:01:06.0186 4068 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:01:06.0186 4068 Fax - ok
14:01:06.0217 4068 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:01:06.0217 4068 fdc - ok
14:01:06.0232 4068 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:01:06.0232 4068 fdPHost - ok
14:01:06.0232 4068 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:01:06.0248 4068 FDResPub - ok
14:01:06.0264 4068 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:01:06.0264 4068 FileInfo - ok
14:01:06.0279 4068 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:01:06.0279 4068 Filetrace - ok
14:01:06.0295 4068 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:01:06.0295 4068 flpydisk - ok
14:01:06.0326 4068 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:01:06.0326 4068 FltMgr - ok
14:01:06.0373 4068 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
14:01:06.0388 4068 FontCache - ok
14:01:06.0435 4068 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:01:06.0435 4068 FontCache3.0.0.0 - ok
14:01:06.0466 4068 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:01:06.0466 4068 FsDepends - ok
14:01:06.0482 4068 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:01:06.0498 4068 Fs_Rec - ok
14:01:06.0529 4068 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:01:06.0529 4068 fvevol - ok
14:01:06.0560 4068 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:01:06.0560 4068 gagp30kx - ok
14:01:06.0591 4068 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:01:06.0591 4068 GEARAspiWDM - ok
14:01:06.0638 4068 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:01:06.0654 4068 gpsvc - ok
14:01:06.0716 4068 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:01:06.0716 4068 gupdate - ok
14:01:06.0716 4068 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:01:06.0716 4068 gupdatem - ok
14:01:06.0747 4068 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:01:06.0763 4068 gusvc - ok
14:01:06.0778 4068 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:01:06.0794 4068 hcw85cir - ok
14:01:06.0825 4068 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:01:06.0825 4068 HdAudAddService - ok
14:01:06.0856 4068 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:01:06.0856 4068 HDAudBus - ok
14:01:06.0888 4068 [ 88A67C34E37186665E916FD347B50D19 ] HECI C:\Windows\system32\DRIVERS\HECI.sys
14:01:06.0888 4068 HECI - ok
14:01:06.0919 4068 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:01:06.0919 4068 HidBatt - ok
14:01:06.0934 4068 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:01:06.0950 4068 HidBth - ok
14:01:06.0966 4068 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:01:06.0966 4068 HidIr - ok
14:01:06.0997 4068 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
14:01:06.0997 4068 hidserv - ok
14:01:07.0028 4068 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:01:07.0137 4068 HidUsb - ok
14:01:07.0168 4068 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:01:07.0184 4068 hkmsvc - ok
14:01:07.0200 4068 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:01:07.0200 4068 HomeGroupListener - ok
14:01:07.0231 4068 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:01:07.0231 4068 HomeGroupProvider - ok
14:01:07.0262 4068 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:01:07.0262 4068 HpSAMD - ok
14:01:07.0309 4068 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:01:07.0309 4068 HTTP - ok
14:01:07.0324 4068 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:01:07.0324 4068 hwpolicy - ok
14:01:07.0340 4068 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:01:07.0340 4068 i8042prt - ok
14:01:07.0387 4068 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:01:07.0402 4068 iaStorV - ok
14:01:07.0449 4068 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:01:07.0465 4068 idsvc - ok
14:01:07.0621 4068 [ C7FEE838FD0216EE0AD3D765AB4F40F4 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:01:07.0730 4068 igfx - ok
14:01:07.0761 4068 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:01:07.0761 4068 iirsp - ok
14:01:07.0808 4068 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:01:07.0824 4068 IKEEXT - ok
14:01:07.0839 4068 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:01:07.0855 4068 intelide - ok
14:01:07.0870 4068 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:01:07.0870 4068 intelppm - ok
14:01:07.0886 4068 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:01:07.0886 4068 IPBusEnum - ok
14:01:07.0902 4068 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:01:07.0902 4068 IpFilterDriver - ok
14:01:07.0948 4068 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:01:07.0948 4068 iphlpsvc - ok
14:01:07.0964 4068 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:01:07.0964 4068 IPMIDRV - ok
14:01:07.0980 4068 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:01:07.0980 4068 IPNAT - ok
14:01:08.0042 4068 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:01:08.0058 4068 iPod Service - ok
14:01:08.0073 4068 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:01:08.0073 4068 IRENUM - ok
14:01:08.0104 4068 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:01:08.0104 4068 isapnp - ok
14:01:08.0120 4068 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:01:08.0136 4068 iScsiPrt - ok
14:01:08.0167 4068 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:01:08.0167 4068 kbdclass - ok
14:01:08.0182 4068 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:01:08.0214 4068 kbdhid - ok
14:01:08.0245 4068 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:01:08.0245 4068 KeyIso - ok
14:01:08.0276 4068 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:01:08.0276 4068 KSecDD - ok
14:01:08.0292 4068 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:01:08.0292 4068 KSecPkg - ok
14:01:08.0323 4068 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:01:08.0323 4068 KtmRm - ok
14:01:08.0354 4068 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
14:01:08.0354 4068 LanmanServer - ok
14:01:08.0385 4068 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:01:08.0385 4068 LanmanWorkstation - ok
14:01:08.0432 4068 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:01:08.0432 4068 lltdio - ok
14:01:08.0448 4068 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:01:08.0463 4068 lltdsvc - ok
14:01:08.0479 4068 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:01:08.0479 4068 lmhosts - ok
14:01:08.0526 4068 [ 63DAF163D1617DD611BD0AB8E41A43E8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
14:01:08.0541 4068 LMIGuardianSvc - ok
14:01:08.0541 4068 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
14:01:08.0541 4068 LMIInfo - ok
14:01:08.0557 4068 [ 175F50F37EEAA1D4D744BCCCBB7CF68C ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
14:01:08.0557 4068 LMIMaint - ok
14:01:08.0572 4068 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
14:01:08.0572 4068 lmimirr - ok
14:01:08.0604 4068 LMIRfsClientNP - ok
14:01:08.0620 4068 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
14:01:08.0620 4068 LMIRfsDriver - ok
14:01:08.0651 4068 [ 2763A02188FFB04287F5034EC5B6B451 ] LMS C:\Program Files\Intel\AMT\LMS.exe
14:01:08.0651 4068 LMS - ok
14:01:08.0667 4068 [ 432618FA75B61059D2C57D6A7E55147A ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
14:01:08.0667 4068 LogMeIn - ok
14:01:08.0698 4068 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:01:08.0698 4068 LSI_FC - ok
14:01:08.0729 4068 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:01:08.0745 4068 LSI_SAS - ok
14:01:08.0761 4068 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:01:08.0761 4068 LSI_SAS2 - ok
14:01:08.0776 4068 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:01:08.0776 4068 LSI_SCSI - ok
14:01:08.0807 4068 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:01:08.0807 4068 luafv - ok
14:01:08.0839 4068 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:01:08.0854 4068 Mcx2Svc - ok
14:01:08.0854 4068 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
14:01:08.0854 4068 megasas - ok
14:01:08.0885 4068 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:01:08.0885 4068 MegaSR - ok
14:01:08.0901 4068 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:01:08.0901 4068 MMCSS - ok
14:01:08.0917 4068 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:01:08.0917 4068 Modem - ok
14:01:08.0932 4068 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:01:08.0932 4068 monitor - ok
14:01:08.0963 4068 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:01:08.0963 4068 mouclass - ok
14:01:08.0979 4068 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:01:08.0995 4068 mouhid - ok
14:01:09.0010 4068 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:01:09.0010 4068 mountmgr - ok
14:01:09.0073 4068 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:01:09.0073 4068 MozillaMaintenance - ok
14:01:09.0119 4068 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:01:09.0135 4068 MpFilter - ok
14:01:09.0166 4068 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:01:09.0166 4068 mpio - ok
14:01:09.0291 4068 [ A69630D039C38018689190234F866D77 ] MpKsl86d55b44 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13C222FA-C285-4D85-B939-CC129E80F190}\MpKsl86d55b44.sys
14:01:09.0291 4068 MpKsl86d55b44 - ok
14:01:09.0322 4068 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:01:09.0322 4068 mpsdrv - ok
14:01:09.0353 4068 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:01:09.0369 4068 MpsSvc - ok
14:01:09.0385 4068 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:01:09.0400 4068 MRxDAV - ok
14:01:09.0431 4068 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:09.0431 4068 mrxsmb - ok
14:01:09.0447 4068 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:09.0447 4068 mrxsmb10 - ok
14:01:09.0463 4068 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:09.0463 4068 mrxsmb20 - ok
14:01:09.0494 4068 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:01:09.0494 4068 msahci - ok
14:01:09.0525 4068 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:01:09.0525 4068 msdsm - ok
14:01:09.0541 4068 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:01:09.0556 4068 MSDTC - ok
14:01:09.0572 4068 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:01:09.0572 4068 Msfs - ok
14:01:09.0587 4068 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:01:09.0587 4068 mshidkmdf - ok
14:01:09.0603 4068 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:01:09.0603 4068 msisadrv - ok
14:01:09.0650 4068 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:01:09.0650 4068 MSiSCSI - ok
14:01:09.0650 4068 msiserver - ok
14:01:09.0697 4068 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:01:09.0697 4068 MSKSSRV - ok
14:01:09.0743 4068 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:01:09.0743 4068 MsMpSvc - ok
14:01:09.0775 4068 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:09.0775 4068 MSPCLOCK - ok
14:01:09.0790 4068 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:01:09.0790 4068 MSPQM - ok
14:01:09.0821 4068 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:01:09.0821 4068 MsRPC - ok
14:01:09.0868 4068 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:01:09.0868 4068 mssmbios - ok
14:01:09.0868 4068 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:01:09.0868 4068 MSTEE - ok
14:01:09.0884 4068 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:01:09.0899 4068 MTConfig - ok
14:01:09.0915 4068 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
14:01:09.0915 4068 Mup - ok
14:01:09.0946 4068 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
14:01:09.0946 4068 napagent - ok
14:01:09.0977 4068 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:01:09.0977 4068 NativeWifiP - ok
14:01:10.0009 4068 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:01:10.0024 4068 NDIS - ok
14:01:10.0071 4068 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:10.0071 4068 NdisCap - ok
14:01:10.0087 4068 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:10.0087 4068 NdisTapi - ok
14:01:10.0102 4068 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:10.0118 4068 Ndisuio - ok
14:01:10.0133 4068 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:10.0133 4068 NdisWan - ok
14:01:10.0149 4068 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:01:10.0149 4068 NDProxy - ok
14:01:10.0165 4068 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:01:10.0165 4068 NetBIOS - ok
14:01:10.0180 4068 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:01:10.0180 4068 NetBT - ok
14:01:10.0196 4068 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
14:01:10.0196 4068 Netlogon - ok
14:01:10.0227 4068 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
14:01:10.0243 4068 Netman - ok
14:01:10.0258 4068 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
14:01:10.0258 4068 netprofm - ok
14:01:10.0289 4068 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:01:10.0289 4068 NetTcpPortSharing - ok
14:01:10.0321 4068 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:01:10.0321 4068 nfrd960 - ok
14:01:10.0383 4068 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:01:10.0383 4068 NisDrv - ok
14:01:10.0414 4068 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
14:01:10.0430 4068 NisSrv - ok
14:01:10.0461 4068 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:01:10.0477 4068 NlaSvc - ok
14:01:10.0492 4068 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:01:10.0492 4068 Npfs - ok
14:01:10.0508 4068 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
14:01:10.0508 4068 nsi - ok
14:01:10.0539 4068 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:01:10.0539 4068 nsiproxy - ok
14:01:10.0586 4068 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:01:10.0617 4068 Ntfs - ok
14:01:10.0633 4068 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
14:01:10.0633 4068 Null - ok
14:01:10.0664 4068 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:01:10.0664 4068 nvraid - ok
14:01:10.0695 4068 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:01:10.0695 4068 nvstor - ok
14:01:10.0711 4068 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:01:10.0711 4068 nv_agp - ok
14:01:10.0789 4068 [ 3C69FA7E5BE1CF55861A836FDDA79887 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
14:01:10.0804 4068 OfficeSvc - ok
14:01:10.0835 4068 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:01:10.0835 4068 ohci1394 - ok
14:01:10.0882 4068 [ F148101BFA4C8F2D0CD123483A989DC4 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:01:10.0882 4068 ose - ok
14:01:11.0007 4068 [ EB7467C63290F868991FBE15A7C97E5D ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:01:11.0147 4068 osppsvc - ok
14:01:11.0163 4068 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:01:11.0179 4068 p2pimsvc - ok
14:01:11.0194 4068 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
14:01:11.0194 4068 p2psvc - ok
14:01:11.0225 4068 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
14:01:11.0225 4068 Parport - ok
14:01:11.0241 4068 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:01:11.0241 4068 partmgr - ok
14:01:11.0272 4068 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:01:11.0272 4068 Parvdm - ok
14:01:11.0288 4068 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:01:11.0288 4068 PcaSvc - ok
14:01:11.0303 4068 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
14:01:11.0303 4068 pci - ok
14:01:11.0319 4068 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
14:01:11.0319 4068 pciide - ok
14:01:11.0335 4068 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:01:11.0335 4068 pcmcia - ok
14:01:11.0350 4068 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
14:01:11.0366 4068 pcw - ok
14:01:11.0397 4068 [ C1C3BAF078BE5A14384A4BA2D730817D ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
14:01:11.0397 4068 PDFProFiltSrvPP - ok
14:01:11.0444 4068 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:01:11.0459 4068 PEAUTH - ok
14:01:11.0491 4068 [ A72E8B8855F58B1EAE3DEF2BED76FF15 ] pelmouse C:\Windows\system32\DRIVERS\pelmouse.sys
14:01:11.0491 4068 pelmouse - ok
14:01:11.0506 4068 [ AD7A9EB8589578267A2343EEF8A73E37 ] pelusblf C:\Windows\system32\DRIVERS\pelusblf.sys
14:01:11.0506 4068 pelusblf - ok
14:01:11.0615 4068 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
14:01:11.0647 4068 pla - ok
14:01:11.0693 4068 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:01:11.0693 4068 PlugPlay - ok
14:01:11.0709 4068 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:01:11.0725 4068 PNRPAutoReg - ok
14:01:11.0740 4068 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:01:11.0740 4068 PNRPsvc - ok
14:01:11.0771 4068 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:01:11.0771 4068 PolicyAgent - ok
14:01:11.0803 4068 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
14:01:11.0803 4068 Power - ok
14:01:11.0849 4068 [ 5FF2B377498E7AB82D0DB55648B05012 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
14:01:11.0849 4068 Power Manager DBC Service - ok
14:01:11.0881 4068 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:01:11.0896 4068 PptpMiniport - ok
14:01:11.0912 4068 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
14:01:11.0912 4068 Processor - ok
14:01:11.0943 4068 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
14:01:11.0959 4068 ProfSvc - ok
14:01:11.0974 4068 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:01:11.0974 4068 ProtectedStorage - ok
14:01:12.0005 4068 [ 72DE205CD4006DC45B1401859C506679 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
14:01:12.0021 4068 psadd - ok
14:01:12.0052 4068 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:01:12.0052 4068 Psched - ok
14:01:12.0068 4068 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:01:12.0068 4068 PxHelp20 - ok
14:01:12.0115 4068 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:01:12.0161 4068 ql2300 - ok
14:01:12.0193 4068 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:01:12.0193 4068 ql40xx - ok
14:01:12.0224 4068 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
14:01:12.0224 4068 QWAVE - ok
14:01:12.0239 4068 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:01:12.0239 4068 QWAVEdrv - ok
14:01:12.0255 4068 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:01:12.0255 4068 RasAcd - ok
14:01:12.0286 4068 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:12.0302 4068 RasAgileVpn - ok
14:01:12.0317 4068 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
14:01:12.0317 4068 RasAuto - ok
14:01:12.0333 4068 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:12.0333 4068 Rasl2tp - ok
14:01:12.0364 4068 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
14:01:12.0364 4068 RasMan - ok
14:01:12.0380 4068 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:12.0380 4068 RasPppoe - ok
14:01:12.0395 4068 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:01:12.0395 4068 RasSstp - ok
14:01:12.0411 4068 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:01:12.0427 4068 rdbss - ok
14:01:12.0442 4068 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:01:12.0442 4068 rdpbus - ok
14:01:12.0458 4068 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:12.0458 4068 RDPCDD - ok
14:01:12.0489 4068 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:01:12.0489 4068 RDPENCDD - ok
14:01:12.0505 4068 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:01:12.0505 4068 RDPREFMP - ok
14:01:12.0520 4068 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:01:12.0520 4068 RDPWD - ok
14:01:12.0567 4068 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:01:12.0567 4068 rdyboost - ok
14:01:12.0598 4068 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
14:01:12.0598 4068 RemoteAccess - ok
14:01:12.0614 4068 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:01:12.0629 4068 RemoteRegistry - ok
14:01:12.0707 4068 [ D8C44229EB2495E774350529ED9BE08D ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
14:01:12.0739 4068 RoxMediaDB10 - ok
14:01:12.0770 4068 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:01:12.0785 4068 RpcEptMapper - ok
14:01:12.0801 4068 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
14:01:12.0801 4068 RpcLocator - ok
14:01:12.0832 4068 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
14:01:12.0832 4068 RpcSs - ok
14:01:12.0863 4068 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:01:12.0863 4068 rspndr - ok
14:01:12.0879 4068 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
14:01:12.0879 4068 SamSs - ok
14:01:12.0910 4068 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:01:12.0910 4068 sbp2port - ok
14:01:12.0941 4068 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:01:12.0941 4068 SCardSvr - ok
14:01:12.0957 4068 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:01:12.0957 4068 scfilter - ok
14:01:12.0973 4068 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
14:01:12.0988 4068 Schedule - ok
14:01:13.0004 4068 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:01:13.0004 4068 SCPolicySvc - ok
14:01:13.0019 4068 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:01:13.0019 4068 SDRSVC - ok
14:01:13.0051 4068 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:01:13.0051 4068 secdrv - ok
14:01:13.0066 4068 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
14:01:13.0066 4068 seclogon - ok
14:01:13.0082 4068 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
14:01:13.0097 4068 SENS - ok
14:01:13.0129 4068 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:01:13.0129 4068 SensrSvc - ok
14:01:13.0144 4068 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:01:13.0160 4068 Serenum - ok
14:01:13.0160 4068 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:01:13.0160 4068 Serial - ok
14:01:13.0191 4068 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:01:13.0191 4068 sermouse - ok
14:01:13.0222 4068 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
14:01:13.0238 4068 SessionEnv - ok
14:01:13.0253 4068 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:01:13.0253 4068 sffdisk - ok
14:01:13.0269 4068 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:01:13.0269 4068 sffp_mmc - ok
14:01:13.0269 4068 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:01:13.0269 4068 sffp_sd - ok
14:01:13.0285 4068 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:01:13.0285 4068 sfloppy - ok
14:01:13.0331 4068 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
14:01:13.0347 4068 Sftfs - ok
14:01:13.0394 4068 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
14:01:13.0394 4068 sftlist - ok
14:01:13.0409 4068 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:01:13.0425 4068 Sftplay - ok
14:01:13.0441 4068 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:01:13.0441 4068 Sftredir - ok
14:01:13.0472 4068 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
14:01:13.0472 4068 Sftvol - ok
14:01:13.0487 4068 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
14:01:13.0487 4068 sftvsa - ok
14:01:13.0519 4068 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:01:13.0534 4068 SharedAccess - ok
14:01:13.0550 4068 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:01:13.0565 4068 ShellHWDetection - ok
14:01:13.0581 4068 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:01:13.0581 4068 sisagp - ok
14:01:13.0612 4068 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:01:13.0612 4068 SiSRaid2 - ok
14:01:13.0628 4068 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:01:13.0628 4068 SiSRaid4 - ok
14:01:13.0659 4068 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:01:13.0659 4068 Smb - ok
14:01:13.0706 4068 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:01:13.0706 4068 SNMPTRAP - ok
14:01:13.0721 4068 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
14:01:13.0721 4068 spldr - ok
14:01:13.0737 4068 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
14:01:13.0753 4068 Spooler - ok
14:01:13.0815 4068 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
14:01:13.0877 4068 sppsvc - ok
14:01:13.0924 4068 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:01:13.0924 4068 sppuinotify - ok
14:01:13.0955 4068 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:01:13.0955 4068 srv - ok
14:01:13.0971 4068 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:01:13.0987 4068 srv2 - ok
14:01:14.0002 4068 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:01:14.0002 4068 srvnet - ok
14:01:14.0033 4068 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:01:14.0033 4068 SSDPSRV - ok
14:01:14.0033 4068 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:01:14.0049 4068 SstpSvc - ok
14:01:14.0065 4068 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:01:14.0065 4068 stexstor - ok
14:01:14.0096 4068 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
14:01:14.0096 4068 StiSvc - ok
14:01:14.0158 4068 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
14:01:14.0283 4068 stllssvr - ok
14:01:14.0330 4068 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:01:14.0330 4068 swenum - ok
14:01:14.0361 4068 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
14:01:14.0361 4068 swprv - ok
14:01:14.0408 4068 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
14:01:14.0423 4068 SysMain - ok
14:01:14.0439 4068 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:01:14.0439 4068 TabletInputService - ok
14:01:14.0455 4068 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
14:01:14.0455 4068 TapiSrv - ok
14:01:14.0470 4068 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
14:01:14.0470 4068 TBS - ok
14:01:14.0517 4068 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:01:14.0548 4068 Tcpip - ok
14:01:14.0595 4068 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:01:14.0611 4068 TCPIP6 - ok
14:01:14.0642 4068 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:01:14.0642 4068 tcpipreg - ok
14:01:14.0657 4068 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:01:14.0657 4068 TDPIPE - ok
14:01:14.0673 4068 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:01:14.0673 4068 TDTCP - ok
14:01:14.0704 4068 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:01:14.0704 4068 tdx - ok
14:01:14.0704 4068 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:01:14.0704 4068 TermDD - ok
14:01:14.0735 4068 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
14:01:14.0751 4068 TermService - ok
14:01:14.0767 4068 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
14:01:14.0767 4068 Themes - ok
14:01:14.0767 4068 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
14:01:14.0782 4068 THREADORDER - ok
14:01:14.0845 4068 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
14:01:14.0845 4068 TPM - ok
14:01:14.0891 4068 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
14:01:14.0891 4068 TrkWks - ok
14:01:14.0954 4068 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:01:14.0954 4068 TrustedInstaller - ok
14:01:14.0969 4068 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:14.0969 4068 tssecsrv - ok
14:01:14.0985 4068 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:01:14.0985 4068 TsUsbFlt - ok
14:01:15.0016 4068 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:01:15.0016 4068 TsUsbGD - ok
14:01:15.0047 4068 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:01:15.0047 4068 tunnel - ok
14:01:15.0094 4068 [ CAC5D5979850C9AD41A88033013BC806 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
14:01:15.0094 4068 TVTI2C - ok
14:01:15.0110 4068 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:01:15.0125 4068 uagp35 - ok
14:01:15.0141 4068 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:01:15.0141 4068 udfs - ok
14:01:15.0188 4068 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:01:15.0188 4068 UI0Detect - ok
14:01:15.0188 4068 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:01:15.0188 4068 uliagpkx - ok
14:01:15.0219 4068 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:01:15.0219 4068 umbus - ok
14:01:15.0235 4068 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
14:01:15.0235 4068 UmPass - ok
14:01:15.0328 4068 [ D47E82866A6FF02DAE9CEDF127C4BEE0 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
14:01:15.0406 4068 UNS - ok
14:01:15.0437 4068 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
14:01:15.0437 4068 upnphost - ok
14:01:15.0469 4068 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:01:15.0500 4068 USBAAPL - ok
14:01:15.0531 4068 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:15.0562 4068 usbccgp - ok
14:01:15.0593 4068 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:01:15.0593 4068 usbcir - ok
14:01:15.0625 4068 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:01:15.0625 4068 usbehci - ok
14:01:15.0640 4068 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:01:15.0640 4068 usbhub - ok
14:01:15.0656 4068 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:01:15.0656 4068 usbohci - ok
14:01:15.0671 4068 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:01:15.0671 4068 usbprint - ok
14:01:15.0703 4068 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:01:15.0703 4068 usbscan - ok
14:01:15.0734 4068 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:15.0734 4068 USBSTOR - ok
14:01:15.0734 4068 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:01:15.0749 4068 usbuhci - ok
14:01:15.0765 4068 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:01:15.0765 4068 usbvideo - ok
14:01:15.0812 4068 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
14:01:15.0812 4068 UxSms - ok
14:01:15.0827 4068 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
14:01:15.0827 4068 VaultSvc - ok
14:01:15.0843 4068 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:01:15.0843 4068 vdrvroot - ok
14:01:15.0874 4068 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
14:01:15.0874 4068 vds - ok
14:01:15.0905 4068 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:15.0905 4068 vga - ok
14:01:15.0921 4068 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:01:15.0921 4068 VgaSave - ok
14:01:15.0937 4068 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:01:15.0937 4068 vhdmp - ok
14:01:15.0968 4068 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:01:15.0968 4068 viaagp - ok
14:01:15.0983 4068 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:01:15.0983 4068 ViaC7 - ok
14:01:15.0999 4068 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
14:01:15.0999 4068 viaide - ok
14:01:16.0015 4068 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:01:16.0015 4068 volmgr - ok
14:01:16.0030 4068 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:01:16.0046 4068 volmgrx - ok
14:01:16.0046 4068 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:01:16.0046 4068 volsnap - ok
14:01:16.0077 4068 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:01:16.0077 4068 vsmraid - ok
14:01:16.0108 4068 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
14:01:16.0139 4068 VSS - ok
14:01:16.0155 4068 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:01:16.0155 4068 vwifibus - ok
14:01:16.0171 4068 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
14:01:16.0171 4068 W32Time - ok
14:01:16.0186 4068 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:01:16.0186 4068 WacomPen - ok
14:01:16.0202 4068 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:01:16.0202 4068 WANARP - ok
14:01:16.0217 4068 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:01:16.0217 4068 Wanarpv6 - ok
14:01:16.0280 4068 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:01:16.0295 4068 WatAdminSvc - ok
14:01:16.0342 4068 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
14:01:16.0373 4068 wbengine - ok
14:01:16.0389 4068 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:01:16.0389 4068 WbioSrvc - ok
14:01:16.0405 4068 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:01:16.0405 4068 wcncsvc - ok
14:01:16.0420 4068 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:01:16.0420 4068 WcsPlugInService - ok
14:01:16.0451 4068 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
14:01:16.0451 4068 Wd - ok
14:01:16.0467 4068 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:01:16.0483 4068 Wdf01000 - ok
14:01:16.0483 4068 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:01:16.0498 4068 WdiServiceHost - ok
14:01:16.0498 4068 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:01:16.0498 4068 WdiSystemHost - ok
14:01:16.0514 4068 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
14:01:16.0514 4068 WebClient - ok
14:01:16.0529 4068 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:01:16.0529 4068 Wecsvc - ok
14:01:16.0545 4068 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:01:16.0561 4068 wercplsupport - ok
14:01:16.0576 4068 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
14:01:16.0576 4068 WerSvc - ok
14:01:16.0607 4068 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:16.0607 4068 WfpLwf - ok
14:01:16.0623 4068 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:01:16.0623 4068 WIMMount - ok
14:01:16.0670 4068 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:01:16.0685 4068 WinDefend - ok
14:01:16.0701 4068 WinHttpAutoProxySvc - ok
14:01:16.0748 4068 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:01:16.0748 4068 Winmgmt - ok
14:01:16.0795 4068 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
14:01:16.0826 4068 WinRM - ok
14:01:16.0857 4068 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:01:16.0935 4068 WinUsb - ok
14:01:16.0982 4068 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:01:16.0997 4068 Wlansvc - ok
14:01:17.0044 4068 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:01:17.0060 4068 wlcrasvc - ok
14:01:17.0107 4068 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:01:17.0153 4068 wlidsvc - ok
14:01:17.0185 4068 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:01:17.0185 4068 WmiAcpi - ok
14:01:17.0216 4068 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:01:17.0216 4068 wmiApSrv - ok
14:01:17.0278 4068 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:01:17.0309 4068 WMPNetworkSvc - ok
14:01:17.0341 4068 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:01:17.0341 4068 WPCSvc - ok
14:01:17.0356 4068 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:01:17.0356 4068 WPDBusEnum - ok
14:01:17.0387 4068 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:01:17.0387 4068 ws2ifsl - ok
14:01:17.0403 4068 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
14:01:17.0403 4068 wscsvc - ok
14:01:17.0403 4068 WSearch - ok
14:01:17.0465 4068 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:01:17.0497 4068 wuauserv - ok
14:01:17.0512 4068 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:01:17.0512 4068 WudfPf - ok
14:01:17.0528 4068 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:17.0528 4068 WUDFRd - ok
14:01:17.0543 4068 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:01:17.0559 4068 wudfsvc - ok
14:01:17.0559 4068 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:01:17.0575 4068 WwanSvc - ok
14:01:17.0575 4068 ================ Scan global ===============================
14:01:17.0606 4068 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
14:01:17.0637 4068 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
14:01:17.0637 4068 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
14:01:17.0668 4068 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
14:01:17.0699 4068 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
14:01:17.0699 4068 [Global] - ok
14:01:17.0699 4068 ================ Scan MBR ==================================
14:01:17.0715 4068 [ A6864B8EB20C491B2A19E88F13D7F321 ] \Device\Harddisk0\DR0
14:01:17.0902 4068 \Device\Harddisk0\DR0 - ok
14:01:17.0902 4068 ================ Scan VBR ==================================
14:01:17.0902 4068 [ E169B9A1C80DD0A0EC5790BF1519BB99 ] \Device\Harddisk0\DR0\Partition1
14:01:17.0902 4068 \Device\Harddisk0\DR0\Partition1 - ok
14:01:17.0918 4068 [ 94A15CE110FE28CE7FCBEC05717FF2C2 ] \Device\Harddisk0\DR0\Partition2
14:01:17.0918 4068 \Device\Harddisk0\DR0\Partition2 - ok
14:01:17.0965 4068 [ 48DB14811EF8A6B678955539AC694B09 ] \Device\Harddisk0\DR0\Partition3
14:01:17.0965 4068 \Device\Harddisk0\DR0\Partition3 - ok
14:01:17.0965 4068 ============================================================
14:01:17.0965 4068 Scan finished
14:01:17.0965 4068 ============================================================
14:01:17.0980 3560 Detected object count: 0
14:01:17.0980 3560 Actual detected object count: 0
14:03:15.0357 3896 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-19 14:04:00
-----------------------------
14:04:00.698 OS Version: Windows 6.1.7601 Service Pack 1
14:04:00.698 Number of processors: 2 586 0x170A
14:04:00.698 ComputerName: EQUITY3 UserName: Greg
14:04:03.100 Initialize success
14:04:54.328 AVAST engine defs: 12091900
14:06:00.644 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
14:06:00.659 Disk 0 Vendor: ST3250312AS JC66 Size: 238475MB BusType: 11
14:06:00.675 Disk 0 MBR read successfully
14:06:00.691 Disk 0 MBR scan
14:06:00.691 Disk 0 unknown MBR code
14:06:00.706 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
14:06:00.737 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 227272 MB offset 2459648
14:06:00.800 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 467914752
14:06:00.815 Disk 0 scanning sectors +488394752
14:06:00.878 Disk 0 scanning C:\Windows\system32\drivers
14:06:17.414 Service scanning
14:06:32.593 Service MpKsl86d55b44 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{13C222FA-C285-4D85-B939-CC129E80F190}\MpKsl86d55b44.sys **LOCKED** 32
14:06:54.308 Modules scanning
14:07:03.137 Disk 0 trace - called modules:
14:07:03.153
14:07:11.156 AVAST engine scan C:\Windows
14:07:17.396 AVAST engine scan C:\Windows\system32
14:11:17.311 AVAST engine scan C:\Windows\system32\drivers
14:11:35.890 AVAST engine scan C:\Users\Greg
14:19:36.402 AVAST engine scan C:\ProgramData
14:20:59.285 Scan finished successfully
14:38:40.352 Disk 0 MBR has been saved successfully to "C:\Users\Greg\Desktop\MBR.dat"
14:38:40.368 The log file has been saved successfully to "C:\Users\Greg\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 PM

Posted 19 September 2012 - 02:46 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gphaeg

gphaeg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 19 September 2012 - 03:27 PM

It is still redirecting to click.gethotresults.com and also to about.blank. I noticed that I had not turned my Microsoft security essentials back on before doing a search. I hate these damned bugs.

Here is the log


ComboFix 12-09-18.07 - Greg 09/19/2012 15:53:04.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1900.1205 [GMT -4:00]
Running from: c:\users\Greg\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Greg\AppData\Local\Temp\_MEI49082\_ctypes.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\_elementtree.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\_hashlib.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\_socket.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\_ssl.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\pyexpat.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\pysqlite2._sqlite.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\python26.dll
c:\users\Greg\AppData\Local\Temp\_MEI49082\pythoncom26.dll
c:\users\Greg\AppData\Local\Temp\_MEI49082\pywintypes26.dll
c:\users\Greg\AppData\Local\Temp\_MEI49082\select.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\unicodedata.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\win32api.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\win32com.shell.shell.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\win32crypt.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\win32event.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\win32file.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\win32inet.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\win32pdh.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\win32process.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\win32security.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\windows._cacheinvalidation.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\wx._controls_.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\wx._core_.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\wx._gdi_.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\wx._html2.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\wx._misc_.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\wx._windows_.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\wx._wizard.pyd
c:\users\Greg\AppData\Local\Temp\_MEI49082\wxbase293u_net_vc.dll
c:\users\Greg\AppData\Local\Temp\_MEI49082\wxbase293u_vc.dll
c:\users\Greg\AppData\Local\Temp\_MEI49082\wxmsw293u_adv_vc.dll
c:\users\Greg\AppData\Local\Temp\_MEI49082\wxmsw293u_core_vc.dll
c:\users\Greg\AppData\Local\Temp\_MEI49082\wxmsw293u_html_vc.dll
c:\users\Greg\AppData\Local\Temp\_MEI49082\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-19 20:05 . 2012-09-19 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 14:09 . 2012-09-19 14:09 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13C222FA-C285-4D85-B939-CC129E80F190}\MpKsl86d55b44.sys
2012-09-18 21:59 . 2012-08-23 04:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13C222FA-C285-4D85-B939-CC129E80F190}\mpengine.dll
2012-09-18 20:22 . 2012-08-23 04:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-18 19:35 . 2012-09-18 19:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-18 16:32 . 2012-09-18 16:32 -------- d-----w- c:\program files\AWS
2012-09-18 14:37 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-18 14:37 . 2012-09-18 14:37 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-18 14:36 . 2012-09-18 14:36 -------- d-----w- c:\program files\iPod
2012-09-18 14:36 . 2012-09-18 14:37 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-18 14:36 . 2012-09-18 14:37 -------- d-----w- c:\program files\iTunes
2012-09-18 14:36 . 2012-09-18 14:36 -------- d-----w- c:\programdata\Apple Computer
2012-09-14 19:13 . 2012-09-14 19:13 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 19:13 . 2012-09-14 19:13 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 16:41 . 2012-09-14 16:41 -------- d-----w- c:\program files\Apple Software Update
2012-09-14 16:40 . 2012-09-14 16:40 -------- d-----w- c:\program files\Bonjour
2012-09-14 16:40 . 2012-09-18 14:36 -------- d-----w- c:\program files\Common Files\Apple
2012-09-14 16:40 . 2012-09-18 14:31 -------- d-----w- c:\programdata\Apple
2012-09-14 15:43 . 2012-09-14 15:43 -------- d-----w- c:\program files\Gmail Notifier
2012-09-14 07:05 . 2012-09-14 07:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-09-13 21:09 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2012-09-13 21:08 . 2012-09-13 21:08 -------- d-----w- c:\programdata\PDF Writer
2012-09-13 21:08 . 2012-09-13 21:08 -------- d-----w- c:\program files\Common Files\Bullzip
2012-09-13 21:08 . 2008-10-30 20:04 227840 ----a-w- c:\windows\system32\bzFlRdr.dll
2012-09-13 21:08 . 2008-07-09 20:04 103424 ----a-w- c:\windows\system32\bzDCT.dll
2012-09-13 21:08 . 2010-09-27 20:04 135168 ----a-w- c:\windows\system32\bzpdfc.dll
2012-09-13 21:08 . 2012-03-27 20:04 197120 ----a-w- c:\windows\system32\bzpdf.dll
2012-09-13 21:08 . 2012-09-13 21:08 -------- d-----w- c:\program files\Bullzip
2012-09-13 17:54 . 2012-07-05 22:09 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-09-13 17:54 . 2012-07-05 22:09 30624 ----a-w- c:\windows\system32\LMIport.dll
2012-09-13 17:54 . 2012-07-05 22:10 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-09-13 17:54 . 2012-06-08 16:06 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-09-13 17:54 . 2012-07-05 22:09 87456 ----a-w- c:\windows\system32\LMIinit.dll
2012-09-13 17:54 . 2012-09-19 13:02 -------- d-----w- c:\programdata\LogMeIn
2012-09-13 17:54 . 2012-09-13 17:54 -------- d-----w- c:\program files\LogMeIn
2012-09-13 17:45 . 2009-11-03 03:06 71424 ----a-w- c:\windows\system32\drivers\BrSerIb.sys
2012-09-13 17:45 . 2012-09-13 17:45 -------- d-----w- C:\Brother
2012-09-13 17:45 . 2006-07-07 16:40 73728 ------w- c:\windows\system32\BRCrypt.dll
2012-09-13 17:41 . 2012-09-13 17:41 -------- d-----w- c:\programdata\zeon
2012-09-13 17:26 . 2012-09-13 17:26 -------- d-----w- c:\programdata\ScanSoft
2012-09-13 17:24 . 2012-09-13 17:25 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2012-09-13 17:24 . 2012-09-13 17:42 -------- d-----w- c:\program files\Nuance
2012-09-13 17:24 . 2012-09-13 17:41 -------- d-----w- c:\programdata\Nuance
2012-09-13 17:24 . 2012-09-13 17:24 -------- d-----w- c:\programdata\FLEXnet
2012-09-13 17:18 . 2012-09-13 18:52 -------- d-----w- c:\programdata\Brother
2012-09-13 16:11 . 2012-09-18 22:30 -------- d-----w- c:\users\Greg
2012-09-13 14:40 . 2012-09-13 14:40 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-09-13 14:39 . 2012-09-14 07:07 -------- d-----w- c:\programdata\Microsoft Help
2012-09-13 14:30 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-09-13 14:30 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-13 14:29 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-09-13 14:29 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-09-12 21:55 . 2012-09-12 21:55 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90216E72-E4A6-4CF5-B63C-21E4A107F831}\gapaengine.dll
2012-09-12 21:54 . 2012-09-12 21:54 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-12 17:50 . 2012-09-12 17:50 460424 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2012-09-12 17:48 . 2012-09-12 17:48 -------- d-----w- c:\program files\Microsoft Office 15
2012-09-12 17:01 . 2012-09-18 14:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-12 16:59 . 2012-09-12 16:59 -------- d-----w- c:\programdata\McAfee
2012-09-12 16:48 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-09-12 16:48 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-09-12 16:48 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-09-12 16:48 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-09-12 16:48 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-09-12 16:48 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-09-12 16:48 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-09-12 16:48 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-09-12 16:48 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-09-12 16:48 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-09-12 16:47 . 2012-08-28 05:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F229B8F5-F24D-4E70-B013-728457F98EB4}\mpengine.dll
2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 00:55 . 2012-07-22 00:55 773968 ----a-w- c:\windows\system32\msvcr100.dll
2012-07-22 00:55 . 2012-07-22 00:55 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 17:42 . 2012-07-09 17:42 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-09-18 12:21 . 2012-09-18 12:21 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-18_20.10.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-20 21:20 . 2012-09-19 14:10 43974 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-09-19 20:08 49750 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-04-25 12:56 . 2012-09-18 20:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-25 12:56 . 2012-09-19 20:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-25 12:55 . 2012-09-18 20:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-25 12:55 . 2012-09-19 20:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-09-19 20:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-09-18 20:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-14 15:28 . 2012-09-19 13:06 2572 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3620342192-2004998562-2831740143-1001_UserData.bin
+ 2012-09-19 14:08 . 2012-09-19 20:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-18 19:36 . 2012-09-18 20:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-19 14:08 . 2012-09-19 20:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-18 19:36 . 2012-09-18 20:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:05 . 2012-09-19 14:12 626484 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-09-18 19:42 626484 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-09-19 14:12 107502 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2012-09-18 19:42 107502 c:\windows\System32\perfc009.dat
- 2009-07-14 04:47 . 2012-09-18 19:35 436948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:47 . 2012-09-19 14:07 436948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-09-13 19:39 . 2012-09-19 14:07 1489864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3620342192-2004998562-2831740143-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-09-12 17:55 2042504 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-09-12 17:55 2042504 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-09-12 17:55 2042504 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 19:51 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-10 39408]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2011-10-05 1652736]
"Gmail Notifier.exe"="c:\program files\Gmail Notifier\Gmail Notifier.exe" [2011-04-07 2155008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-20 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-20 151064]
"Daemon for Mouse Suite"="c:\program files\Lenovo\Lenovo Mouse Suite\ICO.EXE" [2010-07-28 69632]
"Power Manager Power Agenda"="c:\progra~1\ThinkPad\UTILIT~1\DPMHost.exe" [2010-07-29 75064]
"Lenovo Registration"="c:\program files\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1246544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 MpKsl86d55b44;MpKsl86d55b44;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{13C222FA-C285-4D85-B939-CC129E80F190}\MpKsl86d55b44.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX86\integratedoffice.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 19:13]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 21:36]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-10 21:36]
.
2012-09-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
2012-09-19 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - c:\program files\Microsoft Office 15\root\office15\msosb.dll
FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://apod.nasa.gov/apod/astropix.html
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-91242851.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4468)
c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\windows\system32\conhost.exe
c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2012-09-19 16:15:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-19 20:15
ComboFix2.txt 2012-09-18 20:19
.
Pre-Run: 188,754,419,712 bytes free
Post-Run: 188,929,916,928 bytes free
.
- - End Of File - - 5E4298670A59E12A4B70E5F1BCCF2395

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 PM

Posted 19 September 2012 - 03:57 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gphaeg

gphaeg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 19 September 2012 - 04:16 PM

Gringo, here is the log. I really appreciate your help and just made a $25 donation as a token of that appreciation. By the way, I don't know if this has anything to do with it but I have noticed that a Sun Microsystem update has popped up more than once after I run one of these cleaning programs. I assume it's a coincidence and just the Java update that I have been ignoring, but figured I might as well let you know that's happening.

OTL logfile created on: 9/19/2012 5:04:28 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Greg\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 44.84% Memory free
3.71 Gb Paging File | 2.45 Gb Available in Paging File | 66.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.95 Gb Total Space | 176.00 Gb Free Space | 79.30% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.14 Gb Free Space | 32.19% Space Free | Partition Type: NTFS

Computer Name: EQUITY3 | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Greg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe (Microsoft Corporation)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Gmail Notifier\Gmail Notifier.exe (www.gmailnotifier.com)
PRC - C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
PRC - C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe (Primax Electronics Ltd.)
PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\wx._gdi_.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\wx._misc_.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\pythoncom26.dll ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\win32com.shell.shell.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\win32security.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\win32api.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\_elementtree.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\_ctypes.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\wx._html2.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\_socket.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\win32crypt.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\wx._core_.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\wx._windows_.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\_ssl.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\_hashlib.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\wx._wizard.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\win32file.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\pywintypes26.dll ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\win32inet.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\win32process.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\win32pdh.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\wx._controls_.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\unicodedata.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\pyexpat.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\win32event.pyd ()
MOD - C:\Users\Greg\AppData\Local\temp\_MEI45242\select.pyd ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\grooveintlresource.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL ()
MOD - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Program Files\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe (Microsoft Corporation)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe (Lenovo)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (UNS) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\Users\Greg\AppData\Local\Temp\catchme.sys File not found
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (TPMX Electronics Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (TPMX Electronics Ltd.)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (e1kexpress) -- C:\Windows\System32\drivers\e1k6232.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS501
IE - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://apod.nasa.gov/apod/astropix.html"
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.2
FF - prefs.js..extensions.enabledAddons: LogMeInClient@logmein.com:1.0.0.932
FF - prefs.js..extensions.enabledAddons: openbookmarkintab@piro.sakura.ne.jp:0.1.2011120101
FF - prefs.js..extensions.enabledAddons: openlinkintab@piro.sakura.ne.jp:0.1.2011120101
FF - prefs.js..extensions.enabledAddons: ziokhubgen@ziokhubgen.org:2.5
FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.2.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/18 08:21:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/18 08:21:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/13 12:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions
[2012/09/19 09:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions
[2012/09/13 13:04:11 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\foxmarks@kei.com
[2012/09/13 13:58:09 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\LogMeInClient@logmein.com
[2012/09/18 15:01:02 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\autopager@mozilla.org.xpi
[2012/09/14 12:09:54 | 000,005,909 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\openbookmarkintab@piro.sakura.ne.jp.xpi
[2012/09/14 12:09:54 | 000,023,816 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\openlinkintab@piro.sakura.ne.jp.xpi
[2009/07/13 19:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\ziokhubgen@ziokhubgen.org.xpi
[2012/09/12 13:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/12 13:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/09/12 13:00:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/18 08:21:10 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/18 08:20:51 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/18 08:20:51 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.112\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.112\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.112\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/09/19 16:07:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Power Manager Power Agenda] C:\Program Files\ThinkPad\Utilities\DPMHost.EXE ()
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001..\Run: [Gmail Notifier.exe] C:\Program Files\Gmail Notifier\Gmail Notifier.exe (www.gmailnotifier.com)
O4 - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3620342192-2004998562-2831740143-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{536DCA78-33EE-447A-B834-5D6CBE25CC08}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/19 17:03:29 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2012/09/19 16:14:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/19 16:05:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\temp
[2012/09/19 14:03:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Greg\Desktop\aswMBR.exe
[2012/09/19 09:06:51 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\RK_Quarantine
[2012/09/18 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\gmer
[2012/09/18 18:32:04 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Greg\Desktop\dds.com
[2012/09/18 15:52:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/18 15:52:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/18 15:52:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/18 15:52:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/18 15:52:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/18 15:41:50 | 004,752,754 | R--- | C] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2012/09/18 15:35:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/18 15:21:50 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
[2012/09/18 12:40:36 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\WeatherBug
[2012/09/18 12:40:35 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\WeatherBug
[2012/09/18 12:32:20 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WeatherBug
[2012/09/18 12:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2012/09/18 12:14:36 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\CrashDumps
[2012/09/18 10:37:34 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Apple Computer
[2012/09/18 10:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/18 10:37:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/09/18 10:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/18 10:36:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/18 10:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/09/18 10:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/18 08:46:35 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\Cases
[2012/09/15 11:58:16 | 000,000,000 | --SD | C] -- C:\Users\Greg\Google Drive
[2012/09/15 11:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/09/14 15:13:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Macromedia
[2012/09/14 15:13:12 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/14 15:13:12 | 000,073,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/14 12:42:46 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Apple Computer
[2012/09/14 12:41:10 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Apple
[2012/09/14 12:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/09/14 12:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/09/14 12:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/09/14 12:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/09/14 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Google
[2012/09/14 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Gmail Notifier
[2012/09/14 11:43:56 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Notifier
[2012/09/14 11:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Gmail Notifier
[2012/09/13 17:27:28 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\Inactive Cases
[2012/09/13 17:10:54 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\Personal
[2012/09/13 17:10:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\PDF Writer
[2012/09/13 17:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bullzip
[2012/09/13 17:08:35 | 000,227,840 | ---- | C] (Bullzip) -- C:\Windows\System32\bzFlRdr.dll
[2012/09/13 17:08:35 | 000,103,424 | ---- | C] (Bullzip) -- C:\Windows\System32\bzDCT.dll
[2012/09/13 17:08:35 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\PDF Writer
[2012/09/13 17:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Writer
[2012/09/13 17:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2012/09/13 17:08:34 | 000,135,168 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdfc.dll
[2012/09/13 17:08:31 | 000,197,120 | ---- | C] (Bullzip) -- C:\Windows\System32\bzpdf.dll
[2012/09/13 17:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2012/09/13 16:08:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Microsoft Help
[2012/09/13 15:57:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\FLEXnet
[2012/09/13 15:36:32 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\ControlCenter4
[2012/09/13 15:20:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Google
[2012/09/13 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother
[2012/09/13 13:54:24 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\LogMeIn
[2012/09/13 13:54:21 | 000,030,624 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012/09/13 13:54:20 | 000,083,392 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/09/13 13:54:20 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2012/09/13 13:54:16 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/09/13 13:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/09/13 13:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2012/09/13 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BrFaxRx
[2012/09/13 13:45:25 | 000,071,424 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerIb.sys
[2012/09/13 13:45:02 | 000,000,000 | ---D | C] -- C:\Brother
[2012/09/13 13:45:01 | 000,073,728 | ---- | C] (Brother Industories Ltd. P&S Company) -- C:\Windows\System32\BRCrypt.dll
[2012/09/13 13:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ControlCenter4
[2012/09/13 13:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Browny02
[2012/09/13 13:44:46 | 000,000,000 | ---D | C] -- C:\Program Files\ControlCenter4
[2012/09/13 13:44:44 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrMuSNMP.dll
[2012/09/13 13:44:44 | 000,118,784 | ---- | C] (Brother Industries,LTD.) -- C:\Windows\System32\BrMfNt.dll
[2012/09/13 13:44:43 | 000,225,280 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BrfxD05c.dll
[2012/09/13 13:44:39 | 000,011,520 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSib.sys
[2012/09/13 13:44:35 | 000,103,736 | ---- | C] (Brother Industries Ltd) -- C:\Windows\System32\BRRBTOOL.EXE
[2012/09/13 13:44:34 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BRLMW03A.DLL
[2012/09/13 13:44:34 | 000,025,299 | ---- | C] (Brother Industries, Ltd) -- C:\Windows\System32\BRLM03A.DLL
[2012/09/13 13:44:29 | 000,217,088 | ---- | C] (brother) -- C:\Windows\System32\NSSearch.dll
[2012/09/13 13:44:29 | 000,073,728 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2.dll
[2012/09/13 13:44:29 | 000,005,120 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2L.dll
[2012/09/13 13:44:29 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\BrDctF2S.dll
[2012/09/13 13:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2012/09/13 13:44:23 | 000,180,224 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\System32\BroSNMP.dll
[2012/09/13 13:43:06 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\InstallShield
[2012/09/13 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\zeon
[2012/09/13 13:40:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Adobe
[2012/09/13 13:26:32 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Nuance
[2012/09/13 13:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/09/13 13:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 12
[2012/09/13 13:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ScanSoft Shared
[2012/09/13 13:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/09/13 13:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012/09/13 13:24:45 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\MyWebPages
[2012/09/13 13:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/09/13 13:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Brother
[2012/09/13 13:04:19 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Macromedia
[2012/09/13 13:04:19 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Adobe
[2012/09/13 12:58:22 | 000,000,000 | R--D | C] -- C:\Users\Greg\Dropbox
[2012/09/13 12:56:55 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/09/13 12:51:50 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Dropbox
[2012/09/13 12:16:54 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\DesktopPwrMgr
[2012/09/13 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Mozilla
[2012/09/13 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Mozilla
[2012/09/13 12:16:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Leadertech
[2012/09/13 12:15:59 | 000,000,000 | R--D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/09/13 12:15:59 | 000,000,000 | R--D | C] -- C:\Users\Greg\Searches
[2012/09/13 12:15:59 | 000,000,000 | R--D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/09/13 12:15:59 | 000,000,000 | -H-D | C] -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/09/13 12:15:46 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Identities
[2012/09/13 12:15:43 | 000,000,000 | R--D | C] -- C:\Users\Greg\Contacts
[2012/09/13 12:15:29 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\VirtualStore
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\AppData\Local\Temporary Internet Files
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\Templates
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\Start Menu
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\SendTo
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\Recent
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\PrintHood
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\NetHood
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\Documents\My Videos
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\Documents\My Pictures
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\Documents\My Music
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\My Documents
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\Local Settings
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\AppData\Local\History
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\Cookies
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\Application Data
[2012/09/13 12:11:26 | 000,000,000 | -HSD | C] -- C:\Users\Greg\AppData\Local\Application Data
[2012/09/13 12:11:25 | 000,000,000 | --SD | C] -- C:\Users\Greg\AppData\Roaming\Microsoft
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\Videos
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\Saved Games
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\Pictures
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\Music
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\Links
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\Favorites
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\Downloads
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\Documents
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\Desktop
[2012/09/13 12:11:25 | 000,000,000 | R--D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/09/13 12:11:25 | 000,000,000 | -H-D | C] -- C:\Users\Greg\AppData
[2012/09/13 12:11:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Microsoft
[2012/09/13 12:11:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Media Center Programs
[2012/09/13 10:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/09/13 10:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/09/13 10:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/09/13 10:30:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/09/13 10:30:11 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/13 10:29:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/09/13 03:01:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/13 03:01:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/13 03:01:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/13 03:01:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/13 03:01:22 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/13 03:01:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/13 03:01:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/12 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/12 17:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/09/12 13:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2012/09/12 13:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2012/09/12 13:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/09/12 13:01:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/12 13:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/12 12:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/12 12:49:56 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 12:49:55 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 12:49:55 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 12:49:54 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/09/12 12:49:05 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/09/12 12:48:52 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012/09/12 12:48:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/08/21 13:01:22 | 000,106,928 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll

========== Files - Modified Within 30 Days ==========

[2012/09/19 17:05:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 17:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/19 17:03:32 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2012/09/19 16:58:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/09/19 16:24:37 | 000,027,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 16:24:37 | 000,027,984 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/19 16:23:23 | 000,626,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/19 16:23:23 | 000,107,502 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/19 16:18:38 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/19 16:17:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/19 16:17:16 | 1494,355,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/19 16:07:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/19 15:51:33 | 004,752,754 | R--- | M] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2012/09/19 14:38:40 | 000,000,512 | ---- | M] () -- C:\Users\Greg\Desktop\MBR.dat
[2012/09/19 14:03:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Greg\Desktop\aswMBR.exe
[2012/09/19 09:00:03 | 001,382,912 | ---- | M] () -- C:\Users\Greg\Desktop\RogueKiller.exe
[2012/09/19 08:56:57 | 000,512,737 | ---- | M] () -- C:\Users\Greg\Desktop\adwcleaner.exe
[2012/09/18 18:40:06 | 000,294,216 | ---- | M] () -- C:\Users\Greg\Desktop\gmer.zip
[2012/09/18 18:32:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Greg\Desktop\dds.com
[2012/09/18 18:30:45 | 000,000,000 | ---- | M] () -- C:\Users\Greg\defogger_reenable
[2012/09/18 18:29:32 | 000,050,477 | ---- | M] () -- C:\Users\Greg\Desktop\Defogger.exe
[2012/09/18 15:22:06 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
[2012/09/18 12:32:21 | 000,001,710 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\WeatherBug.lnk
[2012/09/18 12:32:21 | 000,001,686 | ---- | M] () -- C:\Users\Greg\Desktop\WeatherBug.lnk
[2012/09/18 10:37:20 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/18 10:27:18 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/09/15 11:58:18 | 000,001,659 | ---- | M] () -- C:\Users\Greg\Desktop\Google Drive.lnk
[2012/09/14 15:13:12 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/14 15:13:12 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/14 12:42:42 | 000,001,151 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012/09/14 12:26:52 | 000,001,220 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/09/14 12:16:20 | 000,001,422 | ---- | M] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/14 11:54:49 | 000,001,964 | ---- | M] () -- C:\Users\Greg\Desktop\ControlCenter4.lnk
[2012/09/14 11:43:56 | 000,001,096 | ---- | M] () -- C:\Users\Greg\Desktop\Gmail Notifier.lnk
[2012/09/14 09:52:41 | 000,612,807 | ---- | M] () -- C:\Users\Greg\Documents\Postage.pdf
[2012/09/14 09:47:35 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/14 03:24:31 | 000,514,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/13 14:54:18 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012/09/13 14:53:54 | 000,000,246 | ---- | M] () -- C:\Windows\Brpfx04a.ini
[2012/09/13 14:53:54 | 000,000,093 | ---- | M] () -- C:\Windows\brpcfx.ini
[2012/09/13 13:54:14 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/09/13 13:45:56 | 000,000,066 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012/09/13 13:02:57 | 000,003,021 | ---- | M] () -- C:\Users\Greg\Desktop\Microsoft Word 2010.lnk
[2012/09/13 12:58:22 | 000,001,011 | ---- | M] () -- C:\Users\Greg\Desktop\Dropbox.lnk
[2012/09/13 12:57:12 | 000,001,021 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/12 17:54:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/12 13:27:07 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/09/12 13:01:11 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/22 13:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/08/22 13:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/08/21 13:01:22 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll

========== Files Created - No Company Name ==========

[2012/09/19 14:38:40 | 000,000,512 | ---- | C] () -- C:\Users\Greg\Desktop\MBR.dat
[2012/09/19 09:00:02 | 001,382,912 | ---- | C] () -- C:\Users\Greg\Desktop\RogueKiller.exe
[2012/09/19 08:56:49 | 000,512,737 | ---- | C] () -- C:\Users\Greg\Desktop\adwcleaner.exe
[2012/09/18 18:40:04 | 000,294,216 | ---- | C] () -- C:\Users\Greg\Desktop\gmer.zip
[2012/09/18 18:30:45 | 000,000,000 | ---- | C] () -- C:\Users\Greg\defogger_reenable
[2012/09/18 18:29:31 | 000,050,477 | ---- | C] () -- C:\Users\Greg\Desktop\Defogger.exe
[2012/09/18 15:52:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/18 15:52:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/18 15:52:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/18 15:52:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/18 15:52:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/18 12:32:21 | 000,001,710 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\WeatherBug.lnk
[2012/09/18 12:32:21 | 000,001,686 | ---- | C] () -- C:\Users\Greg\Desktop\WeatherBug.lnk
[2012/09/18 10:37:20 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/18 10:27:18 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/09/15 11:58:17 | 000,001,659 | ---- | C] () -- C:\Users\Greg\Desktop\Google Drive.lnk
[2012/09/14 15:13:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/14 12:41:07 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/14 12:26:52 | 000,001,220 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/09/14 12:16:20 | 000,001,422 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/09/14 11:54:49 | 000,001,964 | ---- | C] () -- C:\Users\Greg\Desktop\ControlCenter4.lnk
[2012/09/14 11:43:56 | 000,001,096 | ---- | C] () -- C:\Users\Greg\Desktop\Gmail Notifier.lnk
[2012/09/14 09:52:42 | 000,612,807 | ---- | C] () -- C:\Users\Greg\Documents\Postage.pdf
[2012/09/14 09:47:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/14 09:47:35 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/09/13 14:54:18 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012/09/13 14:53:54 | 000,000,246 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/09/13 14:53:54 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/09/13 13:54:13 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/09/13 13:54:06 | 000,000,969 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/09/13 13:44:44 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/09/13 13:44:43 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/09/13 13:44:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/09/13 13:44:34 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/09/13 13:44:33 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012/09/13 13:02:57 | 000,003,021 | ---- | C] () -- C:\Users\Greg\Desktop\Microsoft Word 2010.lnk
[2012/09/13 12:58:22 | 000,001,011 | ---- | C] () -- C:\Users\Greg\Desktop\Dropbox.lnk
[2012/09/13 12:57:12 | 000,001,021 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/13 12:16:00 | 000,001,428 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/09/13 12:11:26 | 000,000,290 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/09/13 12:11:26 | 000,000,272 | ---- | C] () -- C:\Users\Greg\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/12 17:54:18 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/09/12 13:25:29 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/12 13:01:09 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/12 13:01:06 | 000,001,115 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/11 12:14:40 | 000,000,100 | ---- | C] () -- C:\Windows\System32\SN0ELMON.dat
[2012/05/11 12:14:33 | 000,159,836 | ---- | C] () -- C:\Windows\_isusr32.dll
[2012/05/11 12:14:33 | 000,032,768 | ---- | C] () -- C:\Windows\System32\_isusr2k.dll
[2012/05/11 12:14:27 | 000,000,397 | ---- | C] () -- C:\Windows\System32\SCN2PM.DAT
[2011/12/10 17:23:30 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/12/10 17:01:20 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/12/10 17:01:19 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/12/10 17:01:19 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2011/12/10 17:01:19 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 PM

Posted 19 September 2012 - 06:27 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini  
    FF - prefs.js..extensions.enabledAddons: ziokhubgen@ziokhubgen.org:2.5
    [2012/09/18 15:01:02 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\autopager@mozilla.org.xpi
    [2009/07/13 19:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\ziokhubgen@ziokhubgen.org.xpi
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gphaeg

gphaeg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 20 September 2012 - 07:59 AM

Gringo, it really seems to have fixed it. I can't get a redirect. Also, my cursor is once again moving smoothly. I had noticed that my wireless mouse seemed to be affected when I had firefox open and I was getting the redirect problem.

I use Microsoft Security Essentials as antivirus/anti malware. Is there something better you can recommend?

Here is the log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
Prefs.js: ziokhubgen@ziokhubgen.org:2.5 removed from extensions.enabledAddons
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\autopager@mozilla.org.xpi moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\5rer40jv.default\extensions\ziokhubgen@ziokhubgen.org.xpi moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Greg\Desktop\cmd.bat deleted successfully.
C:\Users\Greg\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Greg
->Java cache emptied: 0 bytes

User: LINDA

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Greg
->Flash cache emptied: 34494 bytes

User: LINDA

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.64.0 log created on 09202012_081109

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 PM

Posted 20 September 2012 - 01:06 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 31
WeatherBug
Yontoo 1.10.02
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gphaeg

gphaeg
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 20 September 2012 - 05:30 PM

A few notes: Yontoo did not exist. I recall deleting this recently. When I searched for it it only came up in the logs we have created cleaning this computer saved on my desktop. My continued thanks for all your help. (This is my office computer and I am not going to be back in the office until Tuesday so I will pick it up then.)

Here are the logs:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.20.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Greg :: EQUITY3 [administrator]

Protection: Enabled

9/20/2012 6:11:30 PM
mbam-log-2012-09-20 (18-11-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208570
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:20:09 PM, on 9/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Gmail Notifier\Gmail Notifier.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Greg\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Microsoft Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Microsoft SPFS Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Daemon for Mouse Suite] C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 60
O4 - HKLM\..\Run: [Power Manager Power Agenda] C:\PROGRA~1\ThinkPad\UTILIT~1\DPMHost.exe
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Gmail Notifier.exe] C:\Program Files\Gmail Notifier\Gmail Notifier.exe /startup
O4 - Startup: Dropbox.lnk = C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 11985 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 PM

Posted 20 September 2012 - 08:52 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files\Lenovo Registration\LenovoReg.exe /boot
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
      O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
      O4 - HKCU\..\Run: [Gmail Notifier.exe] C:\Program Files\Gmail Notifier\Gmail Notifier.exe /startup
      O4 - Startup: Dropbox.lnk = C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:50 PM

Posted 23 September 2012 - 07:05 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users