Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown redirect--about to give up


  • This topic is locked This topic is locked
27 replies to this topic

#1 Kaz181

Kaz181

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 29 November 2012 - 01:03 PM

Hello,
On occasion, when I do a google search, click on a result, I get taken to some random sales/marketing site. I don't know how long this has been on my machine, but I've been trying for 3 days to get rid of it...AVAST, Spybot, TDDSKiller, Adaware, MBAM. I'm at my wits end and about to reformat this laptop. Any help would be appreciated. DDS Log below...Thanks for any help....



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37
Run by Brad at 12:55:56 on 2012-11-29
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1542 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\PrinterShare\paConsole.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [PrinterShare] c:\program files\printershare\paConsole.exe -minimized
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\brad\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventp~1.lnk - c:\windows\installer\{601be80d-247b-4084-94c7-7a54369db7a2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 10.1.10.1
TCP: Interfaces\{3F216079-13F3-4DE2-A9E5-450FD28BC3B3} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{692698FE-9EA3-4E3F-9B28-4CCB0E356C2D} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DHCPNameServer = 192.168.0.1
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\brad\appdata\roaming\mozilla\firefox\profiles\snjil2j6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?hl=en&tab=wc&gsessionid=DQRVq3ZiGNUXJ9uOVMbbTw
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\brad\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\c2mp\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-10 16:34; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-06-25 10:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-28 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-16 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-16 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-12-16 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-7 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 jjtAutoLaunch;jjtAutoLaunch;c:\program files\sound devices\usbpre\services\jjtAutoLaunch.exe [2009-5-14 114688]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-14 399432]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-14 676936]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-11-14 1153368]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-14 22856]
R3 OA004Ufd;Creative Camera OA004 Upper Filter Driver;c:\windows\system32\drivers\OA004Ufd.sys [2008-6-3 144672]
R3 OA004Vid;Creative Camera OA004 Function Driver;c:\windows\system32\drivers\OA004Vid.sys [2008-7-17 269760]
R3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB20 [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 HtcUsbMdmV32;HTC Proprietary USB Driver;c:\windows\system32\drivers\HtcUsbMdmV32.sys [2011-7-13 105984]
S3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\drivers\HtcVComV32.sys [2011-7-13 105984]
S3 I2C_Filt;Upper filter for I2C communications;c:\windows\system32\drivers\I2C_Filt.sys [2009-5-14 14110]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2009-8-14 28672]
S3 Low_Filt;Lower filter for PIC communications;c:\windows\system32\drivers\Low_Filt.sys [2009-5-14 16222]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-9-24 13312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-8-19 19968]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2007-2-26 32720]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-11-29 17:22:46 -------- d-----w- c:\users\brad\appdata\local\temp
2012-11-29 17:15:43 -------- d-----w- C:\$RECYCLE.BIN
2012-11-27 14:28:08 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1414a51b-4773-4fe6-965d-cfcc8cb3f333}\mpengine.dll
2012-11-26 14:55:57 6812136 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll
2012-11-16 16:36:23 98816 ----a-w- c:\windows\sed.exe
2012-11-16 16:36:23 256000 ----a-w- c:\windows\PEV.exe
2012-11-16 16:36:23 208896 ----a-w- c:\windows\MBR.exe
2012-11-16 14:34:50 -------- d-----w- c:\users\brad\appdata\local\{D17A9C1C-4BDD-462C-921F-93E4318CE747}
2012-11-14 19:52:08 -------- d-----w- c:\users\brad\appdata\roaming\Malwarebytes
2012-11-14 19:51:55 -------- d-----w- c:\programdata\Malwarebytes
2012-11-14 19:51:53 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 19:51:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-14 19:44:35 -------- d-----w- c:\users\brad\appdata\roaming\LavasoftStatistics
2012-11-14 19:41:08 -------- d-----w- c:\users\brad\appdata\roaming\Ad-Aware Antivirus
2012-11-14 17:40:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-14 17:40:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-14 15:12:45 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2012-11-14 15:04:56 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 15:04:26 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 14:54:31 -------- d-----w- c:\users\brad\appdata\local\{63659E29-650B-4A31-A1D7-8FF193FB217D}
2012-11-13 19:11:57 -------- d-----w- c:\users\brad\appdata\local\{252C79C6-3575-4876-997F-73386E250FA4}
2012-11-10 21:29:03 -------- d-----w- c:\users\brad\appdata\local\{0330295E-8D54-4C93-A81E-E0CD6AD93091}
2012-11-09 17:28:43 -------- d-----w- c:\users\brad\appdata\local\{4DCC4C55-AA39-48E7-B931-BCEF492C0084}
2012-11-07 22:27:11 -------- d-----w- c:\users\brad\appdata\local\{1E34D0E8-47DD-48C3-8174-13F9C548B581}
2012-11-06 20:10:44 -------- d-----w- c:\users\brad\appdata\local\{6F879204-D1C1-4BC4-918B-EACFE05C9BA0}
.
==================== Find3M ====================
.
2012-10-30 23:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51:07 41224 ----a-w- c:\windows\avastSS.scr
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-09 13:59:54 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 13:59:54 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-24 20:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 20:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 12:56:51.32 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 30 November 2012 - 07:16 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 02 December 2012 - 11:50 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Kaz181

Kaz181
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 03 December 2012 - 11:42 AM

Sorry for the delay...reports coming shortly...thanks for the help.

#5 Kaz181

Kaz181
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 03 December 2012 - 12:26 PM

Logs are below, starting with Security Checker....after running Security Checker, Adwrecleaner and roguekiller, a quick Google search and click on results directed me to a Feedsmixer page and then a livesearchnow page ..


Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 37
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Mozilla Thunderbird 16.0.2 Thunderbird out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

Adwcleaner log


# AdwCleaner v2.011 - Logfile created 12/03/2012 at 11:58:12
# Updated 02/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Brad - BRAD-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Brad\Desktop\Desktop\adwcleaner.exe
# Option [DelAete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\snjil2j6.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1106 octets] - [29/11/2012 11:00:38]
AdwCleaner[S1].txt - [363 octets] - [29/11/2012 10:48:34]
AdwCleaner[S2].txt - [1266 octets] - [29/11/2012 11:38:22]
AdwCleaner[S3].txt - [1194 octets] - [03/12/2012 11:58:12]

########## EOF - C:\AdwCleaner[S3].txt - [1254 octets] ##########

RogueKiller log...



RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Brad [Admin rights]
Mode : Scan -- Date : 12/03/2012 12:07:00

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 ATA Device +++++
--- User ---
[MBR] 6e8fa847bb97525c5e29a2c7f3a50bf5
[BSP] d70ba7ca57d24e7090480f3d24fce7fb : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294097 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 602312704 | Size: 11144 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12032012_02d1207.txt >>
RKreport[1]_S_12032012_02d1207.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 03 December 2012 - 12:44 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Kaz181

Kaz181
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 03 December 2012 - 02:01 PM

ComboFix log is below, no problems running it. Google search results still randomly redirect to livesearchnow etc.



ComboFix 12-12-02.01 - Brad 12/03/2012 13:31:19.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3002.1869 [GMT -5:00]
Running from: c:\users\Brad\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Brad\AppData\Local\Temp\_MEI18242\_ctypes.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\_elementtree.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\_hashlib.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\_socket.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\_ssl.pyd
c:\users\Brad\AppData\Local\temp\_MEI18242\pyexpat.pyd
c:\users\Brad\AppData\Local\temp\_MEI18242\pysqlite2._sqlite.pyd
c:\users\Brad\AppData\Local\temp\_MEI18242\python26.dll
c:\users\Brad\AppData\Local\Temp\_MEI18242\pythoncom26.dll
c:\users\Brad\AppData\Local\Temp\_MEI18242\PyWinTypes26.dll
c:\users\Brad\AppData\Local\Temp\_MEI18242\select.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\unicodedata.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\win32api.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\win32com.shell.shell.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\win32crypt.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\win32event.pyd
c:\users\Brad\AppData\Local\temp\_MEI18242\win32file.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\win32inet.pyd
c:\users\Brad\AppData\Local\temp\_MEI18242\win32pdh.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\win32process.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\win32profile.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\win32security.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\win32ts.pyd
c:\users\Brad\AppData\Local\temp\_MEI18242\windows._cacheinvalidation.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\wx._controls_.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\wx._core_.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\wx._gdi_.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\wx._html2.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\wx._misc_.pyd
c:\users\Brad\AppData\Local\temp\_MEI18242\wx._windows_.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\wx._wizard.pyd
c:\users\Brad\AppData\Local\Temp\_MEI18242\wxbase293u_net_vc.dll
c:\users\Brad\AppData\Local\Temp\_MEI18242\wxbase293u_vc.dll
c:\users\Brad\AppData\Local\temp\_MEI18242\wxmsw293u_adv_vc.dll
c:\users\Brad\AppData\Local\Temp\_MEI18242\wxmsw293u_core_vc.dll
c:\users\Brad\AppData\Local\Temp\_MEI18242\wxmsw293u_html_vc.dll
c:\users\Brad\AppData\Local\Temp\_MEI18242\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 18:41 . 2012-12-03 18:46 -------- d-----w- c:\users\Brad\AppData\Local\temp
2012-12-03 18:41 . 2012-12-03 18:41 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2012-12-03 18:41 . 2012-12-03 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-27 14:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1414A51B-4773-4FE6-965D-CFCC8CB3F333}\mpengine.dll
2012-11-14 19:52 . 2012-11-14 19:52 -------- d-----w- c:\users\Brad\AppData\Roaming\Malwarebytes
2012-11-14 19:51 . 2012-11-14 19:51 -------- d-----w- c:\programdata\Malwarebytes
2012-11-14 19:51 . 2012-11-14 19:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-11-14 19:51 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 19:44 . 2012-11-14 19:44 -------- d-----w- c:\users\Brad\AppData\Roaming\LavasoftStatistics
2012-11-14 19:41 . 2012-11-14 19:41 -------- d-----w- c:\users\Brad\AppData\Roaming\Ad-Aware Antivirus
2012-11-14 17:40 . 2012-11-27 14:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-14 17:40 . 2012-11-14 18:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-14 15:12 . 2012-11-14 15:12 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2012-11-14 15:04 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 15:04 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 23:51 . 2011-06-28 13:59 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2009-12-16 17:53 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2009-12-16 17:53 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2009-12-16 17:53 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2009-12-16 17:53 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51 . 2009-12-16 17:53 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2010-07-02 18:45 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2009-12-16 17:53 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-09 13:59 . 2012-07-11 17:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 13:59 . 2012-07-11 17:18 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-24 20:32 . 2012-08-31 13:25 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 20:32 . 2010-05-26 16:54 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-10 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-31 15:14 . 2012-10-31 15:14 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 21:58 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"PrinterShare"="c:\program files\PrinterShare\paConsole.exe" [2011-09-08 1124352]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder 2010.lnk - c:\windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-6-16 341328]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-7-25 1155472]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-11-8 3986944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi3"=DMENDRV.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 13:59]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 15:01]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 15:01]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-83134582-2109526634-1254696658-1000Core.job
- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 17:45]
.
2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-83134582-2109526634-1254696658-1000UA.job
- c:\users\Brad\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 17:45]
.
2012-11-15 c:\windows\Tasks\HPCeeScheduleForBrad.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.19.226
FF - ProfilePath - c:\users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\snjil2j6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/calendar/render?hl=en&tab=wc&gsessionid=DQRVq3ZiGNUXJ9uOVMbbTw
FF - ExtSQL: 2012-11-10 16:34; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2009-06-25 10:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 13:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2796)
c:\program files\FileZilla FTP Client\fzshellext.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\SMINST\BLService.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-12-03 13:51:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-03 18:51
ComboFix2.txt 2012-12-03 18:18
ComboFix3.txt 2012-11-29 17:22
ComboFix4.txt 2012-11-16 17:02
.
Pre-Run: 199,420,116,992 bytes free
Post-Run: 199,269,240,832 bytes free
.
- - End Of File - - 30FAEB00037BE8126ADD41E9B50E5531

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 03 December 2012 - 06:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Kaz181

Kaz181
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 04 December 2012 - 09:43 AM

TDSSKiller log


09:39:07.0380 2480 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:39:08.0145 2480 ============================================================
09:39:08.0145 2480 Current date / time: 2012/12/04 09:39:08.0145
09:39:08.0145 2480 SystemInfo:
09:39:08.0145 2480
09:39:08.0160 2480 OS Version: 6.0.6002 ServicePack: 2.0
09:39:08.0160 2480 Product type: Workstation
09:39:08.0160 2480 ComputerName: BRAD-LAPTOP
09:39:08.0160 2480 UserName: Brad
09:39:08.0160 2480 Windows directory: C:\Windows
09:39:08.0160 2480 System windows directory: C:\Windows
09:39:08.0160 2480 Processor architecture: Intel x86
09:39:08.0160 2480 Number of processors: 2
09:39:08.0160 2480 Page size: 0x1000
09:39:08.0160 2480 Boot type: Normal boot
09:39:08.0160 2480 ============================================================
09:39:12.0076 2480 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:39:12.0076 2480 ============================================================
09:39:12.0076 2480 \Device\Harddisk0\DR0:
09:39:12.0076 2480 MBR partitions:
09:39:12.0076 2480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23E68FC1
09:39:12.0076 2480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23E69000, BlocksNum 0x15C4000
09:39:12.0076 2480 ============================================================
09:39:12.0092 2480 C: <-> \Device\Harddisk0\DR0\Partition1
09:39:14.0385 2480 D: <-> \Device\Harddisk0\DR0\Partition2
09:39:14.0385 2480 ============================================================
09:39:14.0385 2480 Initialize success
09:39:14.0385 2480 ============================================================
09:39:19.0034 6128 ============================================================
09:39:19.0034 6128 Scan started
09:39:19.0034 6128 Mode: Manual;
09:39:19.0034 6128 ============================================================
09:39:30.0110 6128 ================ Scan system memory ========================
09:39:30.0110 6128 System memory - ok
09:39:30.0110 6128 ================ Scan services =============================
09:39:30.0671 6128 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:39:30.0687 6128 ACPI - ok
09:39:31.0030 6128 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:39:31.0046 6128 AdobeARMservice - ok
09:39:31.0248 6128 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:39:31.0248 6128 AdobeFlashPlayerUpdateSvc - ok
09:39:31.0326 6128 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:39:31.0342 6128 adp94xx - ok
09:39:31.0654 6128 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:39:31.0654 6128 adpahci - ok
09:39:31.0763 6128 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:39:31.0763 6128 adpu160m - ok
09:39:31.0857 6128 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:39:31.0857 6128 adpu320 - ok
09:39:31.0982 6128 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:39:31.0982 6128 AeLookupSvc - ok
09:39:32.0200 6128 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:39:32.0200 6128 AFD - ok
09:39:32.0340 6128 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:39:32.0340 6128 agp440 - ok
09:39:32.0387 6128 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:39:32.0387 6128 aic78xx - ok
09:39:32.0403 6128 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:39:32.0418 6128 ALG - ok
09:39:32.0450 6128 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys
09:39:32.0450 6128 aliide - ok
09:39:32.0559 6128 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:39:32.0590 6128 amdagp - ok
09:39:32.0590 6128 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys
09:39:32.0590 6128 amdide - ok
09:39:32.0793 6128 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:39:32.0793 6128 AmdK7 - ok
09:39:32.0840 6128 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:39:32.0840 6128 AmdK8 - ok
09:39:32.0902 6128 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:39:32.0902 6128 Appinfo - ok
09:39:33.0245 6128 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:39:33.0245 6128 Apple Mobile Device - ok
09:39:33.0448 6128 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
09:39:33.0448 6128 arc - ok
09:39:33.0510 6128 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:39:33.0526 6128 arcsas - ok
09:39:33.0666 6128 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
09:39:33.0666 6128 aswFsBlk - ok
09:39:33.0994 6128 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
09:39:33.0994 6128 aswMonFlt - ok
09:39:34.0368 6128 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
09:39:34.0368 6128 aswRdr - ok
09:39:34.0524 6128 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
09:39:34.0540 6128 aswSnx - ok
09:39:34.0556 6128 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
09:39:34.0571 6128 aswSP - ok
09:39:34.0634 6128 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
09:39:34.0634 6128 aswTdi - ok
09:39:34.0680 6128 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:39:34.0680 6128 AsyncMac - ok
09:39:34.0836 6128 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
09:39:34.0836 6128 atapi - ok
09:39:35.0055 6128 [ C8BB2E935A5D195692140E795EA9AC14 ] athr C:\Windows\system32\DRIVERS\athr.sys
09:39:35.0102 6128 athr - ok
09:39:35.0211 6128 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:39:35.0226 6128 AudioEndpointBuilder - ok
09:39:35.0382 6128 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:39:35.0398 6128 Audiosrv - ok
09:39:35.0601 6128 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
09:39:35.0601 6128 avast! Antivirus - ok
09:39:35.0772 6128 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:39:35.0772 6128 Beep - ok
09:39:35.0975 6128 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:39:35.0975 6128 BFE - ok
09:39:36.0147 6128 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
09:39:36.0194 6128 BITS - ok
09:39:36.0272 6128 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
09:39:36.0272 6128 blbdrive - ok
09:39:36.0615 6128 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:39:36.0615 6128 Bonjour Service - ok
09:39:36.0662 6128 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:39:36.0662 6128 bowser - ok
09:39:36.0833 6128 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:39:36.0849 6128 BrFiltLo - ok
09:39:36.0880 6128 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:39:36.0880 6128 BrFiltUp - ok
09:39:36.0896 6128 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:39:36.0896 6128 Browser - ok
09:39:36.0974 6128 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:39:36.0989 6128 Brserid - ok
09:39:37.0020 6128 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:39:37.0020 6128 BrSerWdm - ok
09:39:37.0052 6128 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:39:37.0052 6128 BrUsbMdm - ok
09:39:37.0067 6128 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:39:37.0067 6128 BrUsbSer - ok
09:39:37.0161 6128 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:39:37.0161 6128 BTHMODEM - ok
09:39:37.0192 6128 catchme - ok
09:39:37.0208 6128 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:39:37.0208 6128 cdfs - ok
09:39:37.0317 6128 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:39:37.0332 6128 cdrom - ok
09:39:37.0473 6128 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:39:37.0488 6128 CertPropSvc - ok
09:39:37.0629 6128 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
09:39:37.0629 6128 circlass - ok
09:39:37.0691 6128 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:39:37.0691 6128 CLFS - ok
09:39:37.0816 6128 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:39:37.0816 6128 clr_optimization_v2.0.50727_32 - ok
09:39:37.0972 6128 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:39:38.0300 6128 clr_optimization_v4.0.30319_32 - ok
09:39:38.0393 6128 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:39:38.0393 6128 CmBatt - ok
09:39:38.0471 6128 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:39:38.0471 6128 cmdide - ok
09:39:38.0596 6128 [ DDA0CB141150FEF87419926790CD26C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
09:39:38.0596 6128 CnxtHdAudService - ok
09:39:38.0846 6128 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
09:39:38.0846 6128 Com4QLBEx - ok
09:39:38.0892 6128 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:39:38.0892 6128 Compbatt - ok
09:39:38.0908 6128 COMSysApp - ok
09:39:38.0908 6128 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:39:38.0908 6128 crcdisk - ok
09:39:38.0939 6128 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:39:38.0939 6128 Crusoe - ok
09:39:39.0111 6128 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:39:39.0111 6128 CryptSvc - ok
09:39:39.0360 6128 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:39:39.0392 6128 DcomLaunch - ok
09:39:39.0516 6128 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:39:39.0516 6128 DfsC - ok
09:39:39.0891 6128 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:39:40.0047 6128 DFSR - ok
09:39:40.0608 6128 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:39:40.0686 6128 Dhcp - ok
09:39:40.0920 6128 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:39:40.0967 6128 disk - ok
09:39:41.0217 6128 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:39:41.0217 6128 Dnscache - ok
09:39:41.0388 6128 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:39:41.0435 6128 dot3svc - ok
09:39:41.0622 6128 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
09:39:44.0352 6128 Dot4 - ok
09:39:44.0384 6128 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:39:44.0384 6128 Dot4Print - ok
09:39:44.0555 6128 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
09:39:44.0555 6128 dot4usb - ok
09:39:44.0571 6128 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:39:44.0586 6128 DPS - ok
09:39:44.0758 6128 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:39:44.0758 6128 drmkaud - ok
09:39:44.0805 6128 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:39:44.0820 6128 DXGKrnl - ok
09:39:44.0867 6128 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:39:44.0992 6128 E1G60 - ok
09:39:45.0101 6128 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:39:45.0101 6128 EapHost - ok
09:39:45.0242 6128 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:39:45.0242 6128 Ecache - ok
09:39:45.0382 6128 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:39:45.0382 6128 ehRecvr - ok
09:39:45.0460 6128 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
09:39:45.0460 6128 ehSched - ok
09:39:45.0522 6128 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
09:39:45.0522 6128 ehstart - ok
09:39:45.0741 6128 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:39:45.0741 6128 elxstor - ok
09:39:45.0834 6128 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:39:45.0850 6128 EMDMgmt - ok
09:39:46.0006 6128 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:39:46.0115 6128 ErrDev - ok
09:39:46.0162 6128 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:39:46.0162 6128 EventSystem - ok
09:39:46.0458 6128 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:39:46.0474 6128 exfat - ok
09:39:46.0630 6128 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:39:46.0646 6128 fastfat - ok
09:39:46.0817 6128 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:39:46.0817 6128 fdc - ok
09:39:46.0895 6128 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:39:46.0895 6128 fdPHost - ok
09:39:46.0926 6128 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:39:46.0926 6128 FDResPub - ok
09:39:46.0989 6128 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:39:46.0989 6128 FileInfo - ok
09:39:47.0051 6128 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:39:47.0051 6128 Filetrace - ok
09:39:47.0098 6128 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:39:47.0098 6128 flpydisk - ok
09:39:47.0192 6128 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:39:47.0192 6128 FltMgr - ok
09:39:47.0394 6128 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
09:39:47.0457 6128 FontCache - ok
09:39:47.0644 6128 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:39:47.0644 6128 FontCache3.0.0.0 - ok
09:39:47.0862 6128 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:39:47.0862 6128 fssfltr - ok
09:39:48.0237 6128 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:39:48.0284 6128 fsssvc - ok
09:39:48.0377 6128 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:39:48.0377 6128 Fs_Rec - ok
09:39:48.0455 6128 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:39:48.0471 6128 gagp30kx - ok
09:39:48.0767 6128 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe
09:39:48.0767 6128 GamesAppService - ok
09:39:49.0547 6128 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:39:49.0547 6128 GEARAspiWDM - ok
09:39:49.0610 6128 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:39:49.0641 6128 gpsvc - ok
09:39:49.0922 6128 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:39:49.0922 6128 gupdate - ok
09:39:49.0937 6128 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:39:49.0937 6128 gupdatem - ok
09:39:49.0984 6128 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:39:50.0000 6128 HdAudAddService - ok
09:39:50.0062 6128 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:39:50.0093 6128 HDAudBus - ok
09:39:50.0171 6128 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:39:50.0171 6128 HidBth - ok
09:39:50.0265 6128 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:39:50.0265 6128 HidIr - ok
09:39:50.0327 6128 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
09:39:50.0327 6128 hidserv - ok
09:39:50.0390 6128 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:39:51.0918 6128 HidUsb - ok
09:39:52.0059 6128 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:39:52.0059 6128 hkmsvc - ok
09:39:52.0324 6128 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
09:39:52.0324 6128 HP Health Check Service - ok
09:39:52.0371 6128 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:39:52.0371 6128 HpCISSs - ok
09:39:52.0636 6128 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
09:39:52.0636 6128 hpqcxs08 - ok
09:39:52.0667 6128 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
09:39:52.0667 6128 hpqddsvc - ok
09:39:52.0839 6128 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
09:39:52.0839 6128 HpqKbFiltr - ok
09:39:52.0901 6128 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
09:39:52.0901 6128 hpqwmiex - ok
09:39:52.0948 6128 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:39:52.0979 6128 HSF_DPV - ok
09:39:53.0010 6128 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:39:53.0010 6128 HSXHWAZL - ok
09:39:54.0446 6128 [ 89E2296561FCE84AC9F34EE7243D78AC ] HtcUsbMdmV32 C:\Windows\system32\DRIVERS\HtcUsbMdmV32.sys
09:39:55.0413 6128 HtcUsbMdmV32 - ok
09:39:55.0553 6128 [ 89E2296561FCE84AC9F34EE7243D78AC ] HtcVCom32 C:\Windows\system32\DRIVERS\HtcVComV32.sys
09:39:56.0754 6128 HtcVCom32 - ok
09:39:57.0285 6128 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:39:57.0363 6128 HTTP - ok
09:39:57.0690 6128 [ 2DDF274C4986EC50672D43ADA27E7DB6 ] I2C_Filt C:\Windows\system32\drivers\I2C_Filt.sys
09:39:57.0690 6128 I2C_Filt - ok
09:39:57.0722 6128 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:39:57.0722 6128 i2omp - ok
09:39:57.0784 6128 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:39:57.0784 6128 i8042prt - ok
09:39:57.0831 6128 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:39:57.0831 6128 iaStorV - ok
09:39:57.0924 6128 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:39:57.0940 6128 IDriverT - ok
09:39:58.0080 6128 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:39:58.0439 6128 idsvc - ok
09:39:58.0829 6128 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:39:59.0032 6128 igfx - ok
09:39:59.0063 6128 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:39:59.0063 6128 iirsp - ok
09:39:59.0094 6128 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:39:59.0110 6128 IKEEXT - ok
09:39:59.0531 6128 [ C7E7E43CBD34D3B0A0156B51B917DFCC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
09:39:59.0531 6128 IntcHdmiAddService - ok
09:39:59.0578 6128 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys
09:39:59.0578 6128 intelide - ok
09:39:59.0625 6128 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:39:59.0625 6128 intelppm - ok
09:39:59.0656 6128 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:39:59.0656 6128 IPBusEnum - ok
09:39:59.0672 6128 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:39:59.0672 6128 IpFilterDriver - ok
09:39:59.0703 6128 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:39:59.0718 6128 iphlpsvc - ok
09:39:59.0718 6128 IpInIp - ok
09:39:59.0750 6128 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:39:59.0750 6128 IPMIDRV - ok
09:39:59.0781 6128 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:39:59.0781 6128 IPNAT - ok
09:39:59.0843 6128 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:39:59.0843 6128 iPod Service - ok
09:39:59.0906 6128 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:39:59.0906 6128 IRENUM - ok
09:39:59.0952 6128 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:40:00.0062 6128 isapnp - ok
09:40:00.0140 6128 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:40:00.0140 6128 iScsiPrt - ok
09:40:00.0155 6128 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:40:00.0155 6128 iteatapi - ok
09:40:00.0171 6128 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:40:00.0171 6128 iteraid - ok
09:40:00.0218 6128 ivusb - ok
09:40:00.0280 6128 [ 8F4FD2B76501F9C1A42F666E4DC9A4C4 ] jjtAutoLaunch C:\Program Files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
09:40:00.0280 6128 jjtAutoLaunch - ok
09:40:00.0296 6128 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:40:00.0296 6128 kbdclass - ok
09:40:00.0311 6128 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:40:00.0311 6128 kbdhid - ok
09:40:00.0342 6128 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:40:00.0342 6128 KeyIso - ok
09:40:00.0389 6128 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:40:00.0405 6128 KSecDD - ok
09:40:00.0483 6128 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:40:00.0483 6128 KtmRm - ok
09:40:00.0561 6128 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
09:40:00.0576 6128 LanmanServer - ok
09:40:00.0608 6128 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:40:00.0608 6128 LanmanWorkstation - ok
09:40:00.0686 6128 [ 34D6730E198A5B0FCE0790A6B4769EF2 ] libusb0 C:\Windows\system32\drivers\libusb0.sys
09:40:00.0686 6128 libusb0 - ok
09:40:00.0732 6128 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:40:00.0732 6128 LightScribeService - ok
09:40:00.0748 6128 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:40:00.0764 6128 lltdio - ok
09:40:00.0795 6128 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:40:00.0810 6128 lltdsvc - ok
09:40:00.0826 6128 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:40:00.0826 6128 lmhosts - ok
09:40:00.0842 6128 [ A45DDE16A4D4B7E3DEA05D9ADCA9BD3C ] Low_Filt C:\Windows\system32\drivers\Low_Filt.sys
09:40:00.0842 6128 Low_Filt - ok
09:40:00.0888 6128 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:40:00.0888 6128 LSI_FC - ok
09:40:00.0888 6128 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:40:00.0888 6128 LSI_SAS - ok
09:40:00.0904 6128 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:40:00.0904 6128 LSI_SCSI - ok
09:40:00.0920 6128 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:40:00.0920 6128 luafv - ok
09:40:00.0951 6128 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:40:00.0951 6128 MBAMProtector - ok
09:40:01.0029 6128 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:40:01.0044 6128 MBAMScheduler - ok
09:40:01.0061 6128 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:40:01.0123 6128 MBAMService - ok
09:40:01.0155 6128 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:40:01.0170 6128 Mcx2Svc - ok
09:40:01.0217 6128 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:40:01.0217 6128 mdmxsdk - ok
09:40:01.0248 6128 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
09:40:01.0248 6128 megasas - ok
09:40:01.0389 6128 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
09:40:01.0389 6128 MegaSR - ok
09:40:01.0451 6128 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:40:01.0451 6128 MMCSS - ok
09:40:01.0482 6128 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:40:01.0482 6128 Modem - ok
09:40:01.0513 6128 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:40:01.0529 6128 monitor - ok
09:40:01.0545 6128 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:40:01.0545 6128 mouclass - ok
09:40:01.0576 6128 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:40:01.0576 6128 mouhid - ok
09:40:01.0638 6128 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:40:01.0638 6128 MountMgr - ok
09:40:01.0903 6128 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:40:02.0154 6128 MozillaMaintenance - ok
09:40:02.0263 6128 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
09:40:02.0263 6128 mpio - ok
09:40:02.0294 6128 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:40:02.0310 6128 mpsdrv - ok
09:40:02.0482 6128 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:40:02.0482 6128 MpsSvc - ok
09:40:02.0575 6128 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:40:02.0575 6128 Mraid35x - ok
09:40:03.0293 6128 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:40:03.0293 6128 MRxDAV - ok
09:40:03.0340 6128 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:40:03.0340 6128 mrxsmb - ok
09:40:03.0449 6128 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:40:03.0464 6128 mrxsmb10 - ok
09:40:03.0511 6128 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:40:03.0511 6128 mrxsmb20 - ok
09:40:03.0714 6128 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
09:40:03.0714 6128 msahci - ok
09:40:03.0808 6128 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:40:03.0823 6128 msdsm - ok
09:40:03.0854 6128 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:40:03.0870 6128 MSDTC - ok
09:40:03.0901 6128 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:40:03.0901 6128 Msfs - ok
09:40:04.0010 6128 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:40:04.0026 6128 msisadrv - ok
09:40:04.0135 6128 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:40:04.0135 6128 MSiSCSI - ok
09:40:04.0151 6128 msiserver - ok
09:40:04.0229 6128 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:40:04.0229 6128 MSKSSRV - ok
09:40:04.0244 6128 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:40:04.0244 6128 MSPCLOCK - ok
09:40:04.0338 6128 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:40:04.0338 6128 MSPQM - ok
09:40:04.0478 6128 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:40:04.0494 6128 MsRPC - ok
09:40:04.0525 6128 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:40:04.0525 6128 mssmbios - ok
09:40:04.0681 6128 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:40:04.0681 6128 MSTEE - ok
09:40:04.0822 6128 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:40:04.0822 6128 Mup - ok
09:40:04.0868 6128 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:40:04.0868 6128 napagent - ok
09:40:04.0978 6128 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:40:04.0993 6128 NativeWifiP - ok
09:40:05.0228 6128 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:40:05.0244 6128 NDIS - ok
09:40:05.0291 6128 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:40:05.0291 6128 NdisTapi - ok
09:40:05.0353 6128 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:40:05.0353 6128 Ndisuio - ok
09:40:05.0462 6128 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:40:05.0462 6128 NdisWan - ok
09:40:05.0587 6128 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:40:05.0587 6128 NDProxy - ok
09:40:05.0681 6128 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:40:05.0681 6128 Net Driver HPZ12 - ok
09:40:05.0712 6128 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:40:05.0712 6128 NetBIOS - ok
09:40:05.0868 6128 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:40:05.0883 6128 netbt - ok
09:40:05.0883 6128 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:40:05.0899 6128 Netlogon - ok
09:40:05.0977 6128 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:40:05.0977 6128 Netman - ok
09:40:06.0242 6128 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:40:06.0258 6128 netprofm - ok
09:40:06.0289 6128 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:40:06.0289 6128 NetTcpPortSharing - ok
09:40:07.0802 6128 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
09:40:09.0409 6128 NETw3v32 - ok
09:40:09.0440 6128 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:40:09.0440 6128 nfrd960 - ok
09:40:09.0518 6128 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:40:09.0534 6128 NlaSvc - ok
09:40:09.0627 6128 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:40:09.0627 6128 Npfs - ok
09:40:09.0643 6128 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:40:09.0643 6128 nsi - ok
09:40:09.0674 6128 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:40:09.0690 6128 nsiproxy - ok
09:40:09.0799 6128 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:40:09.0830 6128 Ntfs - ok
09:40:09.0846 6128 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:40:09.0846 6128 ntrigdigi - ok
09:40:09.0861 6128 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:40:09.0861 6128 Null - ok
09:40:09.0893 6128 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:40:09.0893 6128 nvraid - ok
09:40:09.0955 6128 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:40:09.0971 6128 nvstor - ok
09:40:10.0033 6128 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:40:10.0049 6128 nv_agp - ok
09:40:10.0049 6128 NwlnkFlt - ok
09:40:10.0064 6128 NwlnkFwd - ok
09:40:10.0236 6128 [ A015DD2BA6009C8BDD00A6C431302D06 ] OA004Ufd C:\Windows\system32\DRIVERS\OA004Ufd.sys
09:40:10.0236 6128 OA004Ufd - ok
09:40:10.0267 6128 [ 12A4366FF51BEFBDF018F654FF8B22B8 ] OA004Vid C:\Windows\system32\DRIVERS\OA004Vid.sys
09:40:10.0283 6128 OA004Vid - ok
09:40:10.0797 6128 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:40:11.0141 6128 odserv - ok
09:40:12.0108 6128 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
09:40:12.0108 6128 ohci1394 - ok
09:40:12.0217 6128 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:40:12.0217 6128 ose - ok
09:40:12.0404 6128 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:40:12.0435 6128 p2pimsvc - ok
09:40:12.0451 6128 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:40:12.0451 6128 p2psvc - ok
09:40:12.0576 6128 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
09:40:12.0591 6128 Parport - ok
09:40:12.0857 6128 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:40:12.0857 6128 partmgr - ok
09:40:12.0888 6128 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:40:12.0888 6128 Parvdm - ok
09:40:12.0997 6128 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:40:12.0997 6128 PcaSvc - ok
09:40:13.0059 6128 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:40:13.0059 6128 pci - ok
09:40:13.0262 6128 [ 1D8B3D8DF8EB7FCF2F0AC02F9F947802 ] pciide C:\Windows\system32\drivers\pciide.sys
09:40:13.0262 6128 pciide - ok
09:40:13.0309 6128 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:40:14.0105 6128 pcmcia - ok
09:40:14.0729 6128 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:40:14.0822 6128 PEAUTH - ok
09:40:14.0931 6128 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:40:14.0978 6128 pla - ok
09:40:15.0072 6128 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:40:15.0072 6128 PlugPlay - ok
09:40:15.0384 6128 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:40:15.0384 6128 Pml Driver HPZ12 - ok
09:40:15.0618 6128 [ 28460E94FFDF40BB28EFDB3D97E959E8 ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
09:40:15.0618 6128 pneteth - ok
09:40:15.0680 6128 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:40:15.0680 6128 PNRPAutoReg - ok
09:40:15.0711 6128 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:40:15.0727 6128 PNRPsvc - ok
09:40:15.0774 6128 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:40:15.0805 6128 PolicyAgent - ok
09:40:15.0914 6128 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:40:16.0008 6128 PptpMiniport - ok
09:40:16.0335 6128 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
09:40:16.0367 6128 Processor - ok
09:40:16.0445 6128 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:40:16.0460 6128 ProfSvc - ok
09:40:16.0491 6128 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:40:16.0491 6128 ProtectedStorage - ok
09:40:16.0538 6128 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:40:16.0538 6128 PSched - ok
09:40:17.0599 6128 [ 2631FC0676CC310B2E85FDE46B1560D9 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:40:17.0599 6128 QBCFMonitorService - ok
09:40:17.0677 6128 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:40:17.0677 6128 QBFCService - ok
09:40:17.0927 6128 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:40:17.0958 6128 ql2300 - ok
09:40:18.0098 6128 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:40:18.0098 6128 ql40xx - ok
09:40:18.0176 6128 QuickBooksDB20 - ok
09:40:18.0223 6128 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:40:18.0301 6128 QWAVE - ok
09:40:18.0426 6128 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:40:18.0441 6128 QWAVEdrv - ok
09:40:18.0597 6128 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:40:18.0597 6128 RasAcd - ok
09:40:18.0707 6128 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:40:18.0707 6128 RasAuto - ok
09:40:18.0738 6128 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:40:18.0738 6128 Rasl2tp - ok
09:40:18.0816 6128 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:40:18.0831 6128 RasMan - ok
09:40:18.0878 6128 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:40:18.0878 6128 RasPppoe - ok
09:40:18.0972 6128 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:40:18.0972 6128 RasSstp - ok
09:40:19.0019 6128 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:40:19.0034 6128 rdbss - ok
09:40:19.0175 6128 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:40:19.0175 6128 RDPCDD - ok
09:40:19.0643 6128 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:40:19.0643 6128 rdpdr - ok
09:40:19.0799 6128 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:40:19.0799 6128 RDPENCDD - ok
09:40:22.0310 6128 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:40:22.0310 6128 RDPWD - ok
09:40:22.0482 6128 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
09:40:22.0482 6128 Recovery Service for Windows - ok
09:40:22.0638 6128 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:40:22.0653 6128 RemoteAccess - ok
09:40:22.0778 6128 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:40:22.0778 6128 RemoteRegistry - ok
09:40:22.0997 6128 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
09:40:23.0075 6128 RichVideo - ok
09:40:23.0153 6128 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:40:23.0153 6128 RpcLocator - ok
09:40:23.0231 6128 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:40:23.0231 6128 RpcSs - ok
09:40:23.0293 6128 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:40:23.0293 6128 rspndr - ok
09:40:23.0543 6128 [ 53892CBD9735A80712EE9439268344B4 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
09:40:23.0543 6128 RTL8169 - ok
09:40:23.0558 6128 [ 08C3394391AB0AFF65D75AE65D4207E1 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
09:40:23.0574 6128 RTSTOR - ok
09:40:23.0589 6128 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:40:23.0589 6128 SamSs - ok
09:40:23.0683 6128 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:40:23.0683 6128 sbp2port - ok
09:40:23.0761 6128 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
09:40:23.0808 6128 SBSDWSCService - ok
09:40:23.0855 6128 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:40:23.0870 6128 SCardSvr - ok
09:40:23.0995 6128 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:40:24.0042 6128 Schedule - ok
09:40:24.0089 6128 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:40:24.0089 6128 SCPolicySvc - ok
09:40:24.0120 6128 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
09:40:24.0135 6128 sdbus - ok
09:40:24.0198 6128 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:40:24.0213 6128 SDRSVC - ok
09:40:24.0229 6128 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:40:24.0229 6128 secdrv - ok
09:40:24.0276 6128 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:40:24.0276 6128 seclogon - ok
09:40:24.0291 6128 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
09:40:24.0307 6128 SENS - ok
09:40:24.0369 6128 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:40:24.0369 6128 Serenum - ok
09:40:24.0432 6128 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
09:40:24.0432 6128 Serial - ok
09:40:24.0510 6128 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:40:24.0510 6128 sermouse - ok
09:40:24.0588 6128 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:40:24.0588 6128 SessionEnv - ok
09:40:24.0619 6128 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:40:24.0619 6128 sffdisk - ok
09:40:24.0650 6128 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:40:24.0650 6128 sffp_mmc - ok
09:40:24.0697 6128 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:40:24.0697 6128 sffp_sd - ok
09:40:24.0697 6128 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:40:24.0697 6128 sfloppy - ok
09:40:24.0728 6128 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:40:24.0744 6128 SharedAccess - ok
09:40:24.0853 6128 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:40:24.0869 6128 ShellHWDetection - ok
09:40:24.0947 6128 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:40:24.0947 6128 sisagp - ok
09:40:24.0978 6128 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:40:24.0978 6128 SiSRaid2 - ok
09:40:25.0009 6128 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:40:25.0009 6128 SiSRaid4 - ok
09:40:25.0118 6128 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:40:25.0618 6128 slsvc - ok
09:40:25.0759 6128 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:40:25.0884 6128 SLUINotify - ok
09:40:26.0180 6128 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:40:26.0274 6128 Smb - ok
09:40:26.0493 6128 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:40:26.0509 6128 SNMPTRAP - ok
09:40:26.0555 6128 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:40:26.0555 6128 spldr - ok
09:40:26.0711 6128 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:40:26.0711 6128 Spooler - ok
09:40:26.0758 6128 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:40:26.0774 6128 srv - ok
09:40:26.0852 6128 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:40:26.0852 6128 srv2 - ok
09:40:26.0883 6128 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:40:26.0899 6128 srvnet - ok
09:40:26.0945 6128 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:40:26.0945 6128 SSDPSRV - ok
09:40:27.0476 6128 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:40:27.0491 6128 SstpSvc - ok
09:40:27.0959 6128 Steam Client Service - ok
09:40:28.0022 6128 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
09:40:28.0022 6128 StillCam - ok
09:40:28.0396 6128 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:40:28.0427 6128 stisvc - ok
09:40:28.0505 6128 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:40:28.0505 6128 swenum - ok
09:40:28.0552 6128 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:40:28.0568 6128 swprv - ok
09:40:28.0583 6128 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:40:28.0583 6128 Symc8xx - ok
09:40:28.0661 6128 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:40:28.0661 6128 Sym_hi - ok
09:40:28.0739 6128 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:40:28.0739 6128 Sym_u3 - ok
09:40:28.0771 6128 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:40:28.0786 6128 SynTP - ok
09:40:28.0833 6128 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:40:28.0864 6128 SysMain - ok
09:40:28.0911 6128 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:40:28.0911 6128 TabletInputService - ok
09:40:28.0958 6128 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:40:28.0973 6128 TapiSrv - ok
09:40:29.0051 6128 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:40:29.0067 6128 TBS - ok
09:40:29.0207 6128 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:40:29.0223 6128 Tcpip - ok
09:40:29.0363 6128 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:40:29.0379 6128 Tcpip6 - ok
09:40:29.0410 6128 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:40:29.0426 6128 tcpipreg - ok
09:40:29.0488 6128 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:40:29.0504 6128 TDPIPE - ok
09:40:29.0535 6128 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:40:29.0535 6128 TDTCP - ok
09:40:29.0566 6128 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:40:29.0582 6128 tdx - ok
09:40:29.0597 6128 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:40:29.0597 6128 TermDD - ok
09:40:29.0722 6128 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:40:29.0738 6128 TermService - ok
09:40:29.0785 6128 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:40:29.0785 6128 Themes - ok
09:40:29.0816 6128 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:40:29.0816 6128 THREADORDER - ok
09:40:29.0894 6128 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:40:29.0894 6128 TrkWks - ok
09:40:30.0003 6128 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:40:30.0003 6128 TrustedInstaller - ok
09:40:30.0034 6128 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:40:30.0034 6128 tssecsrv - ok
09:40:30.0299 6128 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:40:30.0299 6128 tunmp - ok
09:40:30.0346 6128 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:40:30.0346 6128 tunnel - ok
09:40:30.0377 6128 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:40:30.0377 6128 uagp35 - ok
09:40:30.0425 6128 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:40:30.0456 6128 udfs - ok
09:40:30.0488 6128 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:40:30.0503 6128 UI0Detect - ok
09:40:30.0612 6128 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:40:30.0612 6128 uliagpkx - ok
09:40:30.0644 6128 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:40:30.0644 6128 uliahci - ok
09:40:30.0690 6128 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:40:30.0706 6128 UlSata - ok
09:40:30.0706 6128 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:40:30.0706 6128 ulsata2 - ok
09:40:30.0737 6128 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:40:30.0737 6128 umbus - ok
09:40:30.0815 6128 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:40:30.0815 6128 upnphost - ok
09:40:30.0956 6128 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:40:30.0956 6128 USBAAPL - ok
09:40:31.0049 6128 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:40:31.0049 6128 usbaudio - ok
09:40:31.0127 6128 [ 5353218B3265E3B8190335059F697A11 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys
09:40:31.0127 6128 usbbus - ok
09:40:31.0158 6128 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:40:31.0158 6128 usbccgp - ok
09:40:31.0268 6128 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:40:31.0268 6128 usbcir - ok
09:40:31.0767 6128 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:40:31.0782 6128 usbehci - ok
09:40:32.0079 6128 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:40:32.0094 6128 usbhub - ok
09:40:32.0126 6128 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:40:32.0126 6128 usbohci - ok
09:40:32.0313 6128 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:40:32.0469 6128 usbprint - ok
09:40:32.0640 6128 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:40:32.0640 6128 usbscan - ok
09:40:32.0718 6128 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:40:32.0718 6128 USBSTOR - ok
09:40:32.0859 6128 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:40:32.0859 6128 usbuhci - ok
09:40:32.0921 6128 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:40:32.0921 6128 usbvideo - ok
09:40:32.0952 6128 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:40:32.0952 6128 UxSms - ok
09:40:33.0015 6128 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:40:33.0030 6128 vds - ok
09:40:33.0202 6128 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:40:33.0202 6128 vga - ok
09:40:33.0249 6128 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:40:33.0249 6128 VgaSave - ok
09:40:33.0311 6128 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:40:33.0311 6128 viaagp - ok
09:40:33.0342 6128 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:40:33.0342 6128 ViaC7 - ok
09:40:33.0358 6128 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys
09:40:33.0358 6128 viaide - ok
09:40:33.0420 6128 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:40:33.0436 6128 volmgr - ok
09:40:33.0592 6128 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:40:33.0592 6128 volmgrx - ok
09:40:33.0748 6128 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:40:33.0748 6128 volsnap - ok
09:40:33.0966 6128 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:40:33.0982 6128 vsmraid - ok
09:40:34.0044 6128 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:40:34.0091 6128 VSS - ok
09:40:34.0200 6128 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:40:34.0200 6128 W32Time - ok
09:40:34.0232 6128 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:40:34.0388 6128 WacomPen - ok
09:40:34.0512 6128 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:40:34.0512 6128 Wanarp - ok
09:40:34.0512 6128 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:40:34.0512 6128 Wanarpv6 - ok
09:40:34.0559 6128 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:40:34.0575 6128 wcncsvc - ok
09:40:34.0731 6128 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:40:34.0731 6128 WcsPlugInService - ok
09:40:34.0793 6128 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
09:40:34.0793 6128 Wd - ok
09:40:35.0246 6128 WDC_SAM - ok
09:40:35.0511 6128 [ 90C0FE55328FB79292A2DC3B3CBEB12A ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
09:40:35.0511 6128 WDDMService - ok
09:40:35.0573 6128 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:40:35.0589 6128 Wdf01000 - ok
09:40:36.0026 6128 [ DD017DEB8A60085559E94089801BCCB1 ] WDFME C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
09:40:36.0057 6128 WDFME - ok
09:40:36.0072 6128 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:40:36.0088 6128 WdiServiceHost - ok
09:40:36.0088 6128 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:40:36.0088 6128 WdiSystemHost - ok
09:40:36.0384 6128 [ 796A652180ACBAB0771E206043C1F628 ] WDSC C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
09:40:36.0400 6128 WDSC - ok
09:40:36.0478 6128 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:40:36.0494 6128 WebClient - ok
09:40:36.0556 6128 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:40:36.0556 6128 Wecsvc - ok
09:40:36.0618 6128 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:40:36.0634 6128 wercplsupport - ok
09:40:36.0665 6128 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:40:36.0681 6128 WerSvc - ok
09:40:36.0790 6128 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:40:36.0837 6128 winachsf - ok
09:40:37.0040 6128 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:40:37.0055 6128 WinDefend - ok
09:40:37.0055 6128 WinHttpAutoProxySvc - ok
09:40:37.0164 6128 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:40:37.0180 6128 Winmgmt - ok
09:40:37.0227 6128 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:40:37.0289 6128 WinRM - ok
09:40:37.0383 6128 [ 676F4B665BDD8053EAA53AC1695B8074 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
09:40:37.0383 6128 WinUSB - ok
09:40:38.0038 6128 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:40:38.0069 6128 Wlansvc - ok
09:40:38.0522 6128 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:40:38.0522 6128 wlcrasvc - ok
09:40:39.0536 6128 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:40:39.0614 6128 wlidsvc - ok
09:40:39.0863 6128 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
09:40:39.0863 6128 WmiAcpi - ok
09:40:40.0175 6128 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:40:40.0175 6128 wmiApSrv - ok
09:40:40.0300 6128 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:40:40.0362 6128 WMPNetworkSvc - ok
09:40:40.0409 6128 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:40:40.0409 6128 WPCSvc - ok
09:40:40.0456 6128 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:40:40.0472 6128 WPDBusEnum - ok
09:40:40.0706 6128 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:40:40.0737 6128 WPFFontCache_v0400 - ok
09:40:40.0846 6128 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:40:40.0846 6128 ws2ifsl - ok
09:40:40.0908 6128 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
09:40:40.0924 6128 wscsvc - ok
09:40:41.0064 6128 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:40:41.0064 6128 WSDPrintDevice - ok
09:40:41.0501 6128 [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
09:40:41.0501 6128 WSDScan - ok
09:40:41.0517 6128 WSearch - ok
09:40:41.0938 6128 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:40:42.0000 6128 wuauserv - ok
09:40:42.0297 6128 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:40:42.0297 6128 WUDFRd - ok
09:40:42.0375 6128 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:40:42.0375 6128 wudfsvc - ok
09:40:43.0046 6128 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
09:40:43.0560 6128 XAudio - ok
09:40:43.0904 6128 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
09:40:43.0950 6128 XAudioService - ok
09:40:44.0138 6128 [ A27C5009F39D6E3BAECCEF628CB78759 ] YMIDUSBW C:\Windows\system32\drivers\ymidusbw.sys
09:40:44.0169 6128 YMIDUSBW - ok
09:40:44.0247 6128 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
09:40:44.0247 6128 yukonwlh - ok
09:40:44.0403 6128 ================ Scan global ===============================
09:40:44.0481 6128 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:40:44.0606 6128 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:40:44.0637 6128 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:40:44.0746 6128 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:40:44.0762 6128 [Global] - ok
09:40:44.0762 6128 ================ Scan MBR ==================================
09:40:44.0793 6128 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
09:40:48.0147 6128 \Device\Harddisk0\DR0 - ok
09:40:48.0147 6128 ================ Scan VBR ==================================
09:40:48.0194 6128 [ 9DCDAF7F471265C30D24DFCFE84401FC ] \Device\Harddisk0\DR0\Partition1
09:40:48.0194 6128 \Device\Harddisk0\DR0\Partition1 - ok
09:40:49.0005 6128 [ F2AF592F3E9B0CBA825A7ED6707EAAB7 ] \Device\Harddisk0\DR0\Partition2
09:40:49.0145 6128 \Device\Harddisk0\DR0\Partition2 - ok
09:40:49.0145 6128 ============================================================
09:40:49.0145 6128 Scan finished
09:40:49.0145 6128 ============================================================
09:40:49.0161 2956 Detected object count: 0
09:40:49.0161 2956 Actual detected object count: 0

#10 Kaz181

Kaz181
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 04 December 2012 - 10:12 AM

aswMBR log...




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-29 12:31:20
-----------------------------
12:31:20.702 OS Version: Windows 6.0.6002 Service Pack 2
12:31:20.702 Number of processors: 2 586 0x170A
12:31:20.702 ComputerName: BRAD-LAPTOP UserName: Brad
12:31:32.683 Initialize success
12:31:36.552 AVAST engine defs: 12112900
12:31:58.501 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:31:58.501 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
12:31:58.563 Disk 0 MBR read successfully
12:31:58.563 Disk 0 MBR scan
12:31:58.579 Disk 0 unknown MBR code
12:31:58.579 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
12:31:58.626 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
12:31:58.626 Disk 0 scanning sectors +625135616
12:31:58.688 Disk 0 scanning C:\Windows\system32\drivers
12:32:11.607 Service scanning
12:32:32.792 Modules scanning
12:32:39.312 Disk 0 trace - called modules:
12:32:39.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
12:32:39.344 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870ee7f0]
12:32:39.344 3 CLASSPNP.SYS[83a118b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86ec08d8]
12:32:40.498 AVAST engine scan C:\Windows
12:32:44.117 AVAST engine scan C:\Windows\system32
12:36:09.105 AVAST engine scan C:\Windows\system32\drivers
12:36:25.179 AVAST engine scan C:\Users\Brad
12:43:34.056 AVAST engine scan C:\ProgramData
12:46:32.850 Scan finished successfully
12:47:09.541 Disk 0 MBR has been saved successfully to "C:\Users\Brad\Documents\MBR.dat"
12:47:09.541 The log file has been saved successfully to "C:\Users\Brad\Documents\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-04 09:43:25
-----------------------------
09:43:25.707 OS Version: Windows 6.0.6002 Service Pack 2
09:43:25.707 Number of processors: 2 586 0x170A
09:43:25.707 ComputerName: BRAD-LAPTOP UserName: Brad
09:43:29.560 Initialize success
09:43:36.268 AVAST engine defs: 12120400
09:44:05.200 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:44:05.200 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
09:44:05.231 Disk 0 MBR read successfully
09:44:05.231 Disk 0 MBR scan
09:44:05.231 Disk 0 unknown MBR code
09:44:05.247 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294097 MB offset 63
09:44:05.356 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 602312704
09:44:05.356 Disk 0 scanning sectors +625135616
09:44:05.403 Disk 0 scanning C:\Windows\system32\drivers
09:44:26.776 Service scanning
09:44:54.826 Modules scanning
09:45:21.990 Disk 0 trace - called modules:
09:45:22.005 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
09:45:22.021 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x876f9368]
09:45:22.021 3 CLASSPNP.SYS[83a0a8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86f18b98]
09:45:29.291 AVAST engine scan C:\Windows
09:45:36.467 AVAST engine scan C:\Windows\system32
09:50:01.147 AVAST engine scan C:\Windows\system32\drivers
09:51:29.087 AVAST engine scan C:\Users\Brad
10:03:29.068 AVAST engine scan C:\ProgramData
10:07:14.306 Scan finished successfully
10:11:03.120 Disk 0 MBR has been saved successfully to "C:\Users\Brad\Documents\MBR.dat"
10:11:03.120 The log file has been saved successfully to "C:\Users\Brad\Documents\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 04 December 2012 - 01:15 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Kaz181

Kaz181
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 04 December 2012 - 01:44 PM

OTL logfile created on: 12/4/2012 1:27:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brad\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 36.53% Memory free
6.06 Gb Paging File | 3.84 Gb Available in Paging File | 63.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 187.25 Gb Free Space | 65.20% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.82 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: BRAD-LAPTOP | User Name: Brad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brad\Desktop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Brad\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\NuvicoDvrPlayer\DvrPlayer.exe ()
PRC - C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe (Intuit, Inc.)
PRC - C:\Program Files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe (Creative Home)
PRC - C:\Program Files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe (Sound Devices, LLC)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Program Files\Brother\Brmfcmon\BrMfimon.exe (Brother Industries, Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\wx._gdi_.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32com.shell.shell.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32api.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\_elementtree.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\wx._html2.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\_socket.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32ts.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32crypt.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\wx._misc_.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\_ssl.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\pythoncom26.dll ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32security.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\PyWinTypes26.dll ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\_ctypes.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32profile.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32pdh.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\wx._core_.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32process.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\wx._windows_.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\_hashlib.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\wx._wizard.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32file.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32inet.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\wx._controls_.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\win32event.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\pyexpat.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\unicodedata.pyd ()
MOD - C:\Users\Brad\AppData\Local\temp\_MEI34042\select.pyd ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\NuvicoDvrPlayer\DvrPlayer.exe ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (WDFME) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()
SRV - (WDSC) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (QuickBooksDB20) -- C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe (Intuit, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (jjtAutoLaunch) -- C:\Program Files\Sound Devices\USBPre\Services\jjtAutoLaunch.exe (Sound Devices, LLC)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDC_SAM) -- system32\DRIVERS\wdcsam.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (ivusb) -- system32\DRIVERS\ivusb.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\Brad\AppData\Local\Temp\aswMBR.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (YMIDUSBW) -- C:\Windows\System32\drivers\ymidusbw.sys (Yamaha Corporation)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (HtcVCom32) -- C:\Windows\System32\drivers\HtcVComV32.sys (QUALCOMM Incorporated)
DRV - (HtcUsbMdmV32) -- C:\Windows\System32\drivers\HtcUsbMdmV32.sys (QUALCOMM Incorporated)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (Low_Filt) -- C:\Windows\System32\drivers\Low_Filt.sys (Sound Devices)
DRV - (I2C_Filt) -- C:\Windows\System32\drivers\I2C_Filt.sys (Sound Devices)
DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (OA004Vid) -- C:\Windows\System32\drivers\OA004Vid.sys (Creative Technology Ltd.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (OA004Ufd) -- C:\Windows\System32\drivers\OA004Ufd.sys (Creative Technology Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1001\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/calendar/render?hl=en&tab=wc&gsessionid=DQRVq3ZiGNUXJ9uOVMbbTw"
FF - prefs.js..extensions.enabledAddons: zjrdwcxgrz@zjrdwcxgrz.org:1.0
FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brad\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012/11/29 11:45:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/14 10:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/14 10:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2012/11/14 10:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/11/14 10:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/14 10:12:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/14 10:12:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/11/14 10:12:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/12/14 10:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions
[2009/12/14 10:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/10/25 14:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\snjil2j6.default\extensions
[2010/04/27 13:00:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\snjil2j6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/15 15:31:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Sunbird\Profiles\3czrhbci.default\extensions
[2012/09/20 13:21:54 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\snjil2j6.default\extensions\amznUWL2@amazon.com.xpi
[2008/01/20 21:23:50 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\snjil2j6.default\extensions\zjrdwcxgrz@zjrdwcxgrz.org.xpi
[2012/11/10 16:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/31 10:14:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/10 16:34:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/11/29 11:45:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/10/31 10:14:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/31 09:01:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/26 11:58:52 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Brad\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Brad\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Brad\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Brad\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Windows\system32\C2MP\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: avast! WebRep = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Users\Brad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/03 13:46:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-83134582-2109526634-1254696658-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-83134582-2109526634-1254696658-1000..\Run: [PrinterShare] C:\Program Files\PrinterShare\paConsole.exe (PrinterAnywhere)
O4 - HKU\S-1-5-21-83134582-2109526634-1254696658-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-83134582-2109526634-1254696658-1001..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-83134582-2109526634-1254696658-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-83134582-2109526634-1254696658-1001\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F216079-13F3-4DE2-A9E5-450FD28BC3B3}: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{692698FE-9EA3-4E3F-9B28-4CCB0E356C2D}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/04 09:38:05 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Brad\Desktop\aswMBR.exe
[2012/12/04 09:37:15 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brad\Desktop\tdsskiller.exe
[2012/12/03 13:51:44 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\temp
[2012/12/03 13:46:06 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/12/03 12:54:01 | 005,009,299 | R--- | C] (Swearware) -- C:\Users\Brad\Desktop\ComboFix.exe
[2012/12/03 12:08:25 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/29 12:55:08 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Brad\Desktop\dds.com
[2012/11/29 11:05:26 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\Desktop
[2012/11/29 10:33:26 | 000,000,000 | ---D | C] -- C:\Users\Brad\Desktop\RK_Quarantine
[2012/11/28 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/11/16 11:36:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/16 11:36:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/16 11:36:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/16 11:36:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/16 11:35:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/16 11:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee
[2012/11/16 09:34:50 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{D17A9C1C-4BDD-462C-921F-93E4318CE747}
[2012/11/14 14:52:08 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Malwarebytes
[2012/11/14 14:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/14 14:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/14 14:51:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/14 14:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/14 14:44:35 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\LavasoftStatistics
[2012/11/14 14:41:08 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Roaming\Ad-Aware Antivirus
[2012/11/14 12:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/14 12:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/14 12:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/11/14 11:31:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/14 11:31:30 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/14 11:31:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/14 11:31:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/14 11:31:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/14 11:31:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/14 11:31:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/14 11:31:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/14 10:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/14 10:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/14 10:04:56 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/14 10:04:26 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/14 09:54:31 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{63659E29-650B-4A31-A1D7-8FF193FB217D}
[2012/11/13 14:11:57 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{252C79C6-3575-4876-997F-73386E250FA4}
[2012/11/10 16:34:39 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/11/10 16:34:39 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/11/10 16:34:39 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/11/10 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{0330295E-8D54-4C93-A81E-E0CD6AD93091}
[2012/11/09 12:28:43 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{4DCC4C55-AA39-48E7-B931-BCEF492C0084}
[2012/11/07 17:27:11 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{1E34D0E8-47DD-48C3-8174-13F9C548B581}
[2012/11/06 15:10:44 | 000,000,000 | ---D | C] -- C:\Users\Brad\AppData\Local\{6F879204-D1C1-4BC4-918B-EACFE05C9BA0}

========== Files - Modified Within 30 Days ==========

[2012/12/04 13:28:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/04 13:28:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/04 13:06:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/04 12:52:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-83134582-2109526634-1254696658-1000UA.job
[2012/12/04 12:50:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/04 11:06:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/04 10:11:03 | 000,000,512 | ---- | M] () -- C:\Users\Brad\Documents\MBR.dat
[2012/12/04 09:52:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-83134582-2109526634-1254696658-1000Core.job
[2012/12/04 09:38:47 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Brad\Desktop\aswMBR.exe
[2012/12/04 09:37:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brad\Desktop\tdsskiller.exe
[2012/12/04 09:36:49 | 000,604,674 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/04 09:36:49 | 000,104,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/04 09:29:39 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/12/04 09:28:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/03 13:46:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/03 12:54:05 | 005,009,299 | R--- | M] (Swearware) -- C:\Users\Brad\Desktop\ComboFix.exe
[2012/12/03 11:55:59 | 000,002,078 | ---- | M] () -- C:\Users\Brad\Desktop\Google Chrome.lnk
[2012/12/03 11:55:59 | 000,002,040 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/29 12:55:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Brad\Desktop\dds.com
[2012/11/29 11:45:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/11/29 11:10:01 | 000,856,731 | ---- | M] () -- C:\Users\Brad\Desktop\SecurityCheck.exe
[2012/11/29 11:08:50 | 000,000,000 | ---- | M] () -- C:\Users\Brad\defogger_reenable
[2012/11/29 11:02:53 | 000,050,477 | ---- | M] () -- C:\Users\Brad\Desktop\Defogger.exe
[2012/11/29 10:33:05 | 000,752,128 | ---- | M] () -- C:\Users\Brad\Desktop\RogueKiller.exe
[2012/11/29 09:56:35 | 000,216,576 | ---- | M] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/28 13:24:40 | 000,001,647 | ---- | M] () -- C:\Users\Brad\Desktop\IrfanView Thumbnails.lnk
[2012/11/28 13:24:40 | 000,000,767 | ---- | M] () -- C:\Users\Brad\Desktop\IrfanView.lnk
[2012/11/27 09:40:30 | 000,385,691 | ---- | M] () -- C:\Users\Brad\Desktop\FLOORPAD_cutsheet.pdf
[2012/11/16 11:54:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20121126-105849.backup
[2012/11/15 09:21:56 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrad.job
[2012/11/14 14:51:56 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/14 12:40:48 | 000,001,039 | ---- | M] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/14 12:40:48 | 000,001,015 | ---- | M] () -- C:\Users\Brad\Desktop\Spybot - Search & Destroy.lnk
[2012/11/14 12:07:40 | 000,407,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/14 10:12:18 | 000,001,686 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/13 13:44:00 | 000,007,109 | ---- | M] () -- C:\Users\Brad\Documents\WHEATLAND CDI.venue

========== Files Created - No Company Name ==========

[2012/11/29 12:47:09 | 000,000,512 | ---- | C] () -- C:\Users\Brad\Documents\MBR.dat
[2012/11/29 11:10:00 | 000,856,731 | ---- | C] () -- C:\Users\Brad\Desktop\SecurityCheck.exe
[2012/11/29 11:08:50 | 000,000,000 | ---- | C] () -- C:\Users\Brad\defogger_reenable
[2012/11/29 11:02:51 | 000,050,477 | ---- | C] () -- C:\Users\Brad\Desktop\Defogger.exe
[2012/11/29 10:33:03 | 000,752,128 | ---- | C] () -- C:\Users\Brad\Desktop\RogueKiller.exe
[2012/11/28 13:24:40 | 000,001,647 | ---- | C] () -- C:\Users\Brad\Desktop\IrfanView Thumbnails.lnk
[2012/11/28 13:24:40 | 000,000,767 | ---- | C] () -- C:\Users\Brad\Desktop\IrfanView.lnk
[2012/11/27 09:40:29 | 000,385,691 | ---- | C] () -- C:\Users\Brad\Desktop\FLOORPAD_cutsheet.pdf
[2012/11/16 11:36:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/16 11:36:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/16 11:36:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/16 11:36:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/16 11:36:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/14 14:51:56 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/14 12:40:48 | 000,001,039 | ---- | C] () -- C:\Users\Brad\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/14 12:40:48 | 000,001,015 | ---- | C] () -- C:\Users\Brad\Desktop\Spybot - Search & Destroy.lnk
[2012/11/14 10:12:18 | 000,001,686 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/13 13:44:00 | 000,007,109 | ---- | C] () -- C:\Users\Brad\Documents\WHEATLAND CDI.venue
[2012/05/16 09:33:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/05/16 09:33:27 | 000,022,670 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/04/19 12:15:22 | 000,002,626 | -H-- | C] () -- C:\Users\Brad\AppData\Local\ceiimgca.ini
[2011/12/07 12:04:51 | 000,000,600 | ---- | C] () -- C:\Users\Brad\AppData\Local\PUTTY.RND
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/01/17 17:46:24 | 004,648,960 | ---- | C] () -- C:\Windows\System32\m7cl3-qt-mt336.dll
[2010/04/29 14:15:08 | 000,002,641 | -H-- | C] () -- C:\Users\Brad\AppData\Local\caiiccka.ini
[2009/12/30 16:21:56 | 000,005,776 | ---- | C] () -- C:\Users\Brad\AppData\Local\30115003_releaseNotes.rtf
[2009/10/01 13:38:47 | 000,007,052 | ---- | C] () -- C:\Users\Brad\AppData\Local\d3d9caps.dat
[2009/05/26 14:21:48 | 000,002,012 | ---- | C] () -- C:\Users\Brad\AppData\Local\AshlyConfig.Config
[2009/05/13 13:08:31 | 000,216,576 | ---- | C] () -- C:\Users\Brad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/24 13:15:37 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2012/07/10 14:45:36 | 000,000,000 | ---D | M] -- C:\Users\Brad\AppData\Roaming\Microsoft\{984754aa-fc01-256c-7edb-923f60c594c9}\sols\#SharedObjects\D2WHZZTM\myonlinearcade.com\yume\n
[2011/07/27 14:47:15 | 000,000,084 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\Microsoft\{984754aa-fc01-256c-7edb-923f60c594c9}\sols\#SharedObjects\D2WHZZTM\s.cxt.ms\lso.swf\u.sol
[2012/04/19 14:19:32 | 000,000,082 | ---- | M] () -- C:\Users\Brad\AppData\Roaming\Microsoft\{984754aa-fc01-256c-7edb-923f60c594c9}\sols\#SharedObjects\D2WHZZTM\t.cxt.ms\lso.swf\u.sol
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 05 December 2012 - 03:41 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKU\S-1-5-21-83134582-2109526634-1254696658-1001..\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
    IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-83134582-2109526634-1254696658-1000\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    FF - prefs.js..extensions.enabledAddons: zjrdwcxgrz@zjrdwcxgrz.org:1.0
    [2008/01/20 21:23:50 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\snjil2j6.default\extensions\zjrdwcxgrz@zjrdwcxgrz.org.xpi
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Kaz181

Kaz181
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 06 December 2012 - 09:46 AM

Fix log is below. A few quick google searches seem to show that the redirect is gone. I'll try some more and let you know if I find any problems. Thanks!



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-83134582-2109526634-1254696658-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HPADVISOR deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}\ not found.
Registry key HKEY_USERS\S-1-5-21-83134582-2109526634-1254696658-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}\ not found.
Prefs.js: zjrdwcxgrz@zjrdwcxgrz.org:1.0 removed from extensions.enabledAddons
C:\Users\Brad\AppData\Roaming\Mozilla\Firefox\Profiles\snjil2j6.default\extensions\zjrdwcxgrz@zjrdwcxgrz.org.xpi moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Brad\Desktop\Desktop\cmd.bat deleted successfully.
C:\Users\Brad\Desktop\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Brad
->Java cache emptied: 9355683 bytes

User: Default

User: Default User

User: Public

User: QBDataServiceUser20

Total Java Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: All Users

User: Brad
->Flash cache emptied: 68997 bytes

User: Default

User: Default User

User: Public

User: QBDataServiceUser20

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12062012_093618

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:22 AM

Posted 06 December 2012 - 06:54 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users