Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Search being redirected - attempted numerous software programs

Started by st3v3n6 , Mar 13 2012 01:08 AM

This topic is locked

#1
st3v3n6

Posted 13 March 2012 - 01:08 AM

Member

Member
14 posts

Good Evening,

I've attempted to fix this laptop I'm currently on having already used a wide number of programs. These include Spybot, Adaware, Kaspersky, AVG, Hitman Pro, Malwarebytes, ComboFix, etc. you name it. For the most part, scans are clean or in worst cases, files these scans have deemed a threat are cookies.

Symptoms?
I'll go about searching Google on Firefox or Chrome (not sure about I.E. - don't use it all too often) and get directed to other sites such as: Gimmeanswers and AddedSuccess, just to name of few, with the following message:
"Warning: mysql_connect() [function.mysql-connect]: Too many connections in /home/addedsuccess.com/php/comm_includes/mysql.php on line 5"

Origin?
Not too sure, my younger sister typically uses this laptop to play online children games so I'm assuming it could have been from that.

As requested, the OTL scan log is posted below.

...on a personal note...I'm grateful that you're taking your time to look into this. Thanks ahead of time.

Windows 7 Home Premium
x64
3.00 GB RAM

OTL logfile created on: 3/12/2012 11:12:36 PM - Run 2
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Cynthia\Desktop\Disc2
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 52.34% Memory free
5.93 Gb Paging File | 4.12 Gb Available in Paging File | 69.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.44 Gb Total Space | 187.15 Gb Free Space | 66.03% Space Free | Partition Type: NTFS

Computer Name: CYNTHIASPC | User Name: Cynthia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 23:03:12 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Cynthia\Desktop\Disc2\OTL(1).exe
PRC - [2012/02/18 14:47:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 15:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/14 04:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/12/14 04:59:18 | 010,981,248 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/12/14 04:41:54 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/08/30 09:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/10 08:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 06:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 06:32:42 | 000,750,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgam.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/24 14:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/09/15 18:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/08/12 15:20:46 | 000,178,816 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/06/19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/18 16:59:10 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009/05/18 16:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 21:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/18 14:47:43 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/14 15:38:30 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 08:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/09/24 14:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/09/15 18:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/06/15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/12 22:02:23 | 000,096,072 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2009/12/11 14:40:38 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe -- (D-Link SharePort Helper)
SRV:64bit: - [2009/09/17 12:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012/01/13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/14 04:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/30 09:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/02/08 06:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/28 23:14:07 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/23 17:28:26 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/27 20:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/05 01:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 17:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 15:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 09:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/10 08:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/12 02:42:12 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/01/07 07:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/29 01:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/04/27 11:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/12 01:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/01/23 22:19:07 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/10/28 23:54:29 | 000,692,736 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2009/10/15 02:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/08/22 22:08:07 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/08/20 23:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 14:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 02:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 11:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/03 19:18:40 | 000,291,336 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/18 13:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 18:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2010/08/30 15:04:52 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/04/30 15:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 15:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2801948

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2801948
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT2801948
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-atty
IE - HKCU\..\SearchScopes\{E07C8D32-91EB-4912-B5B6-1B4B5E78F7EA}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "NCH EN Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cynthia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Cynthia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/17 16:10:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 10:49:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/18 14:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/15 16:20:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/17 16:10:10 | 000,000,000 | ---D | M]

[2010/12/02 22:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cynthia\AppData\Roaming\Mozilla\Extensions
[2010/12/02 22:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cynthia\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/03/06 17:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cynthia\AppData\Roaming\Mozilla\Firefox\Profiles\tp6z2tu8.default\extensions
[2011/08/14 14:56:00 | 000,000,915 | ---- | M] () -- C:\Users\Cynthia\AppData\Roaming\Mozilla\Firefox\Profiles\tp6z2tu8.default\searchplugins\conduit.xml
[2010/07/13 22:31:06 | 000,002,057 | ---- | M] () -- C:\Users\Cynthia\AppData\Roaming\Mozilla\Firefox\Profiles\tp6z2tu8.default\searchplugins\youtube-video-search.xml
[2011/11/08 16:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/01 20:34:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/02 10:49:59 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
() (No name found) -- C:\USERS\CYNTHIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TP6Z2TU8.DEFAULT\EXTENSIONS\[email protected]
[2012/02/18 14:47:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/09 10:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/05/11 21:16:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/21 16:52:07 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/08 16:14:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Cynthia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Cynthia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AT_DolceGabbana = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfbmpaebheclpaopjodkelcihldloih\2_0\
CHR - Extension: AVG Safe Search = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Skype Click to Call = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Gmail = C:\Users\Cynthia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/12 22:35:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {59c6f12b-f004-43e5-9997-08f2123119b6} - C:\Program Files (x86)\oovootoolbar\oovootoolbarX.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...Installer64.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35F14D87-7B10-4362-85C0-C597CCFC9199}: DhcpNameServer = 172.26.38.1 172.26.38.2 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81012D37-4BBC-4D21-BD16-F79BA8CF0D69}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6F8F50C-6D4B-41A3-A7A3-5B0CCD82E0CA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 22:49:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/12 22:15:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/12 22:15:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/12 22:15:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/12 22:15:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/12 22:15:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/12 22:15:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/12 22:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/03/10 02:18:07 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\GooredFix Backups
[2012/03/10 02:14:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/09 21:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/03/08 21:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/08 20:17:56 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\forum
[2012/03/08 18:27:18 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Roaming\Malwarebytes
[2012/03/08 18:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/08 18:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/08 18:27:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/08 18:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/03 23:18:18 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{9A8E845B-5185-4775-A49A-9FADE23DAE06}
[2012/03/03 23:18:06 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{382A1A94-4B33-465D-9CDA-940E23A3F7F2}
[2012/02/23 20:42:13 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\FOTOS PETEN
[2012/02/22 23:16:13 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\Desktop\Britney Spears dolls set 2 Flickr - Photo Sharing!_files
[2012/02/19 01:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/02/16 23:24:08 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{E689E3F0-C7C2-4961-AEFA-35946C9CB323}
[2012/02/16 23:23:56 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{AACE79F5-8606-4896-A3D8-AA42747ADCC4}
[2012/02/16 21:45:05 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{A2BBA95E-C360-407A-8A00-6250D9EE0EFF}
[2012/02/16 21:44:52 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{E195916C-8572-4953-96B5-EC63EBCF2785}
[2012/02/16 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{4BDBA114-E0FF-4963-92CA-C9BE85046CED}
[2012/02/16 12:23:30 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{24B8AC33-F706-409B-9A71-A5C65B680F2E}
[2012/02/16 12:08:19 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{E8AE9D8B-5841-406E-BC22-5EA936239716}
[2012/02/16 12:08:07 | 000,000,000 | ---D | C] -- C:\Users\Cynthia\AppData\Local\{ACB64A8B-F77F-4E3B-AAAE-87F88C22CE39}
[1 C:\Users\Cynthia\Desktop\*.tmp files -> C:\Users\Cynthia\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/12 23:16:24 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 23:16:24 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 23:09:04 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/12 22:54:01 | 000,663,434 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/12 22:54:00 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/12 22:54:00 | 000,122,270 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/12 22:49:36 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/03/12 22:49:31 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 22:49:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 22:49:12 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/12 22:38:05 | 000,002,345 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/03/12 22:38:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2112233159-706162275-1558631429-1001UA.job
[2012/03/12 22:35:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/12 22:02:23 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/03/12 17:49:49 | 091,606,683 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/09 17:38:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2112233159-706162275-1558631429-1001Core.job
[2012/03/09 13:11:18 | 000,525,357 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/08 18:27:12 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/02 20:33:52 | 000,314,722 | ---- | M] () -- C:\Users\Cynthia\Desktop\ticket.jpeg
[2012/02/25 13:31:19 | 000,777,486 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/22 23:16:13 | 000,171,169 | ---- | M] () -- C:\Users\Cynthia\Desktop\Britney Spears dolls set 2 Flickr - Photo Sharing!.htm
[2012/02/19 01:36:39 | 000,000,426 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/02/19 01:36:39 | 000,000,019 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20120310-013349.backup
[2012/02/18 22:51:33 | 000,000,884 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2012/02/17 12:00:31 | 005,077,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 21:00:33 | 000,000,558 | ---- | M] () -- C:\Users\Cynthia\Desktop\hbday.msdvd
[2012/02/16 20:39:44 | 035,427,308 | ---- | M] () -- C:\Users\Cynthia\Desktop\February 16, 2012.wlmp hbdaycs.wmv ema.wmv
[2012/02/16 20:20:57 | 075,754,498 | ---- | M] () -- C:\Users\Cynthia\Desktop\February 16, 2012.wlmp hbdaycs.wmv
[2012/02/16 12:59:54 | 000,040,283 | ---- | M] () -- C:\Users\Cynthia\Desktop\1.jpg
[2012/02/16 12:59:40 | 000,040,283 | ---- | M] () -- C:\Users\Cynthia\Desktop\cynthiaaa.jpeg
[2012/02/12 16:44:03 | 000,130,727 | ---- | M] () -- C:\Users\Cynthia\Desktop\cynthiaisacutie.jpg
[2012/02/12 16:43:35 | 000,169,929 | ---- | M] () -- C:\Users\Cynthia\Desktop\cynthia me.jpg
[1 C:\Users\Cynthia\Desktop\*.tmp files -> C:\Users\Cynthia\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/12 22:15:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/12 22:15:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/12 22:15:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/12 22:15:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/12 22:15:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/12 22:02:23 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/03/08 18:27:12 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/02 20:34:13 | 000,314,722 | ---- | C] () -- C:\Users\Cynthia\Desktop\ticket.jpeg
[2012/02/22 23:16:09 | 000,171,169 | ---- | C] () -- C:\Users\Cynthia\Desktop\Britney Spears dolls set 2 Flickr - Photo Sharing!.htm
[2012/02/19 01:36:39 | 000,000,426 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/02/16 21:00:33 | 000,000,558 | ---- | C] () -- C:\Users\Cynthia\Desktop\hbday.msdvd
[2012/02/16 20:37:48 | 035,427,308 | ---- | C] () -- C:\Users\Cynthia\Desktop\February 16, 2012.wlmp hbdaycs.wmv ema.wmv
[2012/02/16 20:16:18 | 075,754,498 | ---- | C] () -- C:\Users\Cynthia\Desktop\February 16, 2012.wlmp hbdaycs.wmv
[2012/02/16 12:59:53 | 000,040,283 | ---- | C] () -- C:\Users\Cynthia\Desktop\1.jpg
[2012/02/16 12:56:39 | 000,040,283 | ---- | C] () -- C:\Users\Cynthia\Desktop\cynthiaaa.jpeg
[2012/02/12 16:44:09 | 000,130,727 | ---- | C] () -- C:\Users\Cynthia\Desktop\cynthiaisacutie.jpg
[2012/02/12 16:43:57 | 000,169,929 | ---- | C] () -- C:\Users\Cynthia\Desktop\cynthia me.jpg
[2012/01/15 13:12:53 | 000,007,469 | ---- | C] () -- C:\ProgramData\55192851
[2012/01/15 13:12:53 | 000,007,447 | ---- | C] () -- C:\Users\Cynthia\AppData\Roaming\a4ee51d8
[2012/01/15 13:12:53 | 000,007,409 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\b0d97d67
[2011/10/12 20:55:28 | 000,000,000 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\{F9AF1695-CF8D-48F6-81CC-B06861DFF985}
[2011/09/28 20:21:40 | 000,000,000 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\{213DC8F0-7ECB-4765-B31D-3A07F65A9C08}
[2011/08/10 15:26:53 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2011/07/25 14:32:15 | 000,000,048 | ---- | C] () -- C:\Windows\PickList.ini
[2011/07/25 14:32:13 | 000,000,000 | ---- | C] () -- C:\Windows\od5.ini
[2011/07/20 22:16:57 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/20 22:16:57 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2170W.DAT
[2011/06/11 10:16:11 | 000,014,976 | ---- | C] () -- C:\Windows\SysWow64\drivers\SBKUPNT.SYS
[2011/06/11 10:16:11 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\DEVLOAD.EXE
[2011/06/11 10:16:10 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI
[2011/06/11 10:16:09 | 000,000,287 | ---- | C] () -- C:\Windows\SKNIFE.INI
[2011/06/11 10:16:01 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/02/11 00:27:43 | 000,000,054 | ---- | C] () -- C:\Windows\Musician.INI
[2010/12/23 03:56:05 | 000,000,600 | ---- | C] () -- C:\Users\Cynthia\AppData\Roaming\winscp.rnd
[2010/11/17 16:01:05 | 000,221,449 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/11/17 16:01:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/11/05 21:28:23 | 000,192,808 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/10/28 16:09:05 | 000,002,957 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp FLAC Codec.dat
[2010/10/28 16:06:06 | 000,506,744 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2010/10/28 16:06:06 | 000,013,089 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/10/27 19:44:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/27 03:40:25 | 000,777,486 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/27 02:09:06 | 000,000,114 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/06/13 22:42:57 | 000,016,384 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2011/11/08 22:25:04 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\AVG10
[2011/07/20 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\BitTorrent
[2010/10/13 17:55:39 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/23 17:31:16 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\DAEMON Tools Lite
[2010/12/22 22:00:51 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Dev-Cpp
[2012/02/08 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\DiskAid
[2012/01/25 23:48:08 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\foobar2000
[2011/08/23 17:44:15 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Garritan
[2011/04/17 00:05:13 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\GrabPro
[2011/04/15 01:14:13 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\ImgBurn
[2011/08/10 00:51:24 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\MAGIX
[2011/08/23 17:43:20 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\MakeMusic
[2011/12/06 22:00:26 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\ooVoo Details
[2011/05/30 23:31:50 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Opera
[2012/01/29 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Orbit
[2010/10/13 17:58:31 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\PACE Anti-Piracy
[2011/09/01 22:18:20 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Plogue
[2011/04/17 00:04:37 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\ProgSense
[2011/03/27 10:56:00 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Publish Providers
[2010/12/02 22:43:54 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Songbird2
[2011/03/27 10:56:05 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Sony
[2012/01/18 18:53:00 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Sony Creative Software
[2010/10/13 18:00:45 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/24 01:39:44 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Synthesia
[2011/06/14 21:10:19 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\TeamViewer
[2012/02/08 21:08:12 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\TuneAid
[2011/05/29 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\Unity
[2011/09/16 00:53:33 | 000,000,000 | ---D | M] -- C:\Users\Cynthia\AppData\Roaming\VideoBooth
[2012/03/09 17:38:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2112233159-706162275-1558631429-1001Core.job
[2012/03/12 22:38:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2112233159-706162275-1558631429-1001UA.job
[2012/02/04 09:13:31 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 968 bytes -> C:\Users\Cynthia\AppData\Local\keHTOt3iCiWi568:WmbGzsqtWufa8gIshGREMpx
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\ticket.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\scan.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\DMV.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\cynthiaaa.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\1.jpg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

#2
maliprog

Posted 13 March 2012 - 06:56 AM

Trusted Helper

Malware Removal
6,172 posts

Hello st3v3n6 and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2012/01/15 13:12:53 | 000,007,469 | ---- | C] () -- C:\ProgramData\55192851
[2012/01/15 13:12:53 | 000,007,447 | ---- | C] () -- C:\Users\Cynthia\AppData\Roaming\a4ee51d8
[2012/01/15 13:12:53 | 000,007,409 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\b0d97d67
[2011/10/12 20:55:28 | 000,000,000 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\{F9AF1695-CF8D-48F6-81CC-B06861DFF985}
[2011/09/28 20:21:40 | 000,000,000 | ---- | C] () -- C:\Users\Cynthia\AppData\Local\{213DC8F0-7ECB-4765-B31D-3A07F65A9C08}
@Alternate Data Stream - 968 bytes -> C:\Users\Cynthia\AppData\Local\keHTOt3iCiWi568:WmbGzsqtWufa8gIshGREMpx
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\ticket.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\scan.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\DMV.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\cynthiaaa.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 160 bytes -> C:\Users\Cynthia\Desktop\1.jpg:3or4kl4x13tuuug3Byamue2s4b

:Files
ipconfig /flushdns /c
C:\Users\Cynthia\AppData\Local\keHTOt3iCiWi568

:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside:
- Verify Driver Digital Signature
- Detect TDLFS file system
then click OK.
Click the Start Scan button to start the scan.
If a suspicious object is detected, the default action will be Skip
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected for malicious objects
Click Continue then Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Please don't forget to include these items in your reply:

OTL fix log
TDSSKiller log

It would be helpful if you could post each log in separate post

#3
st3v3n6

Posted 13 March 2012 - 09:18 PM

Member

Topic Starter
Member
14 posts

Hi maliprog,

Thank you for your help. As instructed, below are the following 2 logs.

========== OTL ==========
C:\ProgramData\55192851 moved successfully.
C:\Users\Cynthia\AppData\Roaming\a4ee51d8 moved successfully.
C:\Users\Cynthia\AppData\Local\b0d97d67 moved successfully.
C:\Users\Cynthia\AppData\Local\{F9AF1695-CF8D-48F6-81CC-B06861DFF985} moved successfully.
C:\Users\Cynthia\AppData\Local\{213DC8F0-7ECB-4765-B31D-3A07F65A9C08} moved successfully.
ADS C:\Users\Cynthia\AppData\Local\keHTOt3iCiWi568:WmbGzsqtWufa8gIshGREMpx deleted successfully.
ADS C:\Users\Cynthia\Desktop\ticket.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Cynthia\Desktop\scan.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Cynthia\Desktop\DMV.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Cynthia\Desktop\cynthiaaa.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Cynthia\Desktop\1.jpg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Cynthia\Desktop\Disc2\cmd.bat deleted successfully.
C:\Users\Cynthia\Desktop\Disc2\cmd.txt deleted successfully.
C:\Users\Cynthia\AppData\Local\keHTOt3iCiWi568 folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.36.3 log created on 03132012_170319

#4
st3v3n6

Posted 13 March 2012 - 09:19 PM

Member

Topic Starter
Member
14 posts

17:07:38.0185 4224 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
17:07:38.0887 4224 ============================================================
17:07:38.0887 4224 Current date / time: 2012/03/13 17:07:38.0887
17:07:38.0887 4224 SystemInfo:
17:07:38.0887 4224
17:07:38.0887 4224 OS Version: 6.1.7601 ServicePack: 1.0
17:07:38.0887 4224 Product type: Workstation
17:07:38.0887 4224 ComputerName: CYNTHIASPC
17:07:38.0887 4224 UserName: Cynthia
17:07:38.0887 4224 Windows directory: C:\Windows
17:07:38.0887 4224 System windows directory: C:\Windows
17:07:38.0887 4224 Running under WOW64
17:07:38.0887 4224 Processor architecture: Intel x64
17:07:38.0887 4224 Number of processors: 2
17:07:38.0887 4224 Page size: 0x1000
17:07:38.0887 4224 Boot type: Normal boot
17:07:38.0887 4224 ============================================================
17:07:39.0495 4224 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:07:39.0511 4224 \Device\Harddisk0\DR0:
17:07:39.0511 4224 MBR used
17:07:39.0511 4224 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x236E3138
17:07:39.0542 4224 Initialize success
17:07:39.0542 4224 ============================================================
17:08:03.0301 1028 ============================================================
17:08:03.0301 1028 Scan started
17:08:03.0301 1028 Mode: Manual; SigCheck; TDLFS;
17:08:03.0301 1028 ============================================================
17:08:04.0518 1028 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:08:04.0814 1028 1394ohci - ok
17:08:04.0986 1028 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:08:05.0001 1028 ACPI - ok
17:08:05.0048 1028 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:08:05.0110 1028 AcpiPmi - ok
17:08:05.0329 1028 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:08:05.0344 1028 adp94xx - ok
17:08:05.0454 1028 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:08:05.0469 1028 adpahci - ok
17:08:05.0500 1028 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:08:05.0500 1028 adpu320 - ok
17:08:05.0672 1028 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:08:05.0750 1028 AFD - ok
17:08:05.0875 1028 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:08:05.0875 1028 agp440 - ok
17:08:05.0968 1028 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:08:05.0984 1028 aliide - ok
17:08:06.0031 1028 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:08:06.0046 1028 amdide - ok
17:08:06.0093 1028 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:08:06.0171 1028 AmdK8 - ok
17:08:06.0249 1028 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:08:06.0327 1028 AmdPPM - ok
17:08:06.0452 1028 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:08:06.0468 1028 amdsata - ok
17:08:06.0499 1028 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:08:06.0515 1028 amdsbs - ok
17:08:06.0530 1028 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:08:06.0546 1028 amdxata - ok
17:08:06.0655 1028 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
17:08:06.0749 1028 AmUStor - ok
17:08:06.0873 1028 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:08:06.0998 1028 AppID - ok
17:08:07.0154 1028 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:08:07.0170 1028 arc - ok
17:08:07.0185 1028 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:08:07.0201 1028 arcsas - ok
17:08:07.0248 1028 AsDsm (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
17:08:07.0388 1028 AsDsm - ok
17:08:07.0466 1028 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
17:08:07.0466 1028 ASMMAP64 - ok
17:08:07.0591 1028 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:08:07.0716 1028 AsyncMac - ok
17:08:07.0841 1028 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:08:07.0856 1028 atapi - ok
17:08:07.0965 1028 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
17:08:08.0075 1028 athr - ok
17:08:08.0231 1028 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
17:08:08.0246 1028 AVGIDSDriver - ok
17:08:08.0293 1028 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
17:08:08.0293 1028 AVGIDSEH - ok
17:08:08.0418 1028 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
17:08:08.0433 1028 AVGIDSFilter - ok
17:08:08.0574 1028 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
17:08:08.0589 1028 Avgldx64 - ok
17:08:08.0699 1028 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
17:08:08.0699 1028 Avgmfx64 - ok
17:08:08.0792 1028 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
17:08:08.0792 1028 Avgrkx64 - ok
17:08:08.0948 1028 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
17:08:08.0948 1028 Avgtdia - ok
17:08:09.0073 1028 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:08:09.0151 1028 b06bdrv - ok
17:08:09.0245 1028 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:08:09.0307 1028 b57nd60a - ok
17:08:09.0416 1028 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:08:09.0479 1028 Beep - ok
17:08:09.0603 1028 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:08:09.0635 1028 blbdrive - ok
17:08:09.0791 1028 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:08:09.0853 1028 bowser - ok
17:08:09.0947 1028 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:08:10.0040 1028 BrFiltLo - ok
17:08:10.0118 1028 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:08:10.0134 1028 BrFiltUp - ok
17:08:10.0243 1028 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:08:10.0305 1028 BridgeMP - ok
17:08:10.0399 1028 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:08:10.0461 1028 Brserid - ok
17:08:10.0555 1028 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:08:10.0586 1028 BrSerWdm - ok
17:08:10.0602 1028 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:08:10.0664 1028 BrUsbMdm - ok
17:08:10.0758 1028 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:08:10.0789 1028 BrUsbSer - ok
17:08:10.0805 1028 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:08:10.0836 1028 BTHMODEM - ok
17:08:10.0992 1028 catchme - ok
17:08:11.0085 1028 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:08:11.0148 1028 cdfs - ok
17:08:11.0288 1028 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:08:11.0335 1028 cdrom - ok
17:08:11.0460 1028 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:08:11.0507 1028 circlass - ok
17:08:11.0585 1028 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:08:11.0616 1028 CLFS - ok
17:08:11.0725 1028 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:08:11.0756 1028 CmBatt - ok
17:08:11.0850 1028 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:08:11.0850 1028 cmdide - ok
17:08:11.0943 1028 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:08:11.0975 1028 CNG - ok
17:08:12.0068 1028 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:08:12.0084 1028 Compbatt - ok
17:08:12.0146 1028 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:08:12.0193 1028 CompositeBus - ok
17:08:12.0302 1028 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:08:12.0318 1028 crcdisk - ok
17:08:12.0505 1028 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:08:12.0552 1028 DfsC - ok
17:08:12.0677 1028 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:08:12.0723 1028 discache - ok
17:08:12.0833 1028 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:08:12.0848 1028 Disk - ok
17:08:12.0942 1028 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
17:08:12.0989 1028 Dot4 - ok
17:08:13.0098 1028 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
17:08:13.0129 1028 Dot4Print - ok
17:08:13.0191 1028 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
17:08:13.0223 1028 dot4usb - ok
17:08:13.0301 1028 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:08:13.0316 1028 drmkaud - ok
17:08:13.0410 1028 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
17:08:13.0410 1028 dtsoftbus01 - ok
17:08:13.0535 1028 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:08:13.0550 1028 DXGKrnl - ok
17:08:13.0722 1028 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:08:13.0862 1028 ebdrv - ok
17:08:14.0018 1028 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:08:14.0034 1028 elxstor - ok
17:08:14.0143 1028 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:08:14.0205 1028 ErrDev - ok
17:08:14.0299 1028 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
17:08:14.0330 1028 ETD - ok
17:08:14.0424 1028 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:08:14.0486 1028 exfat - ok
17:08:14.0595 1028 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:08:14.0627 1028 fastfat - ok
17:08:14.0673 1028 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:08:14.0720 1028 fdc - ok
17:08:14.0829 1028 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:08:14.0845 1028 FileInfo - ok
17:08:14.0861 1028 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:08:14.0923 1028 Filetrace - ok
17:08:15.0032 1028 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:08:15.0048 1028 flpydisk - ok
17:08:15.0110 1028 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:08:15.0126 1028 FltMgr - ok
17:08:15.0141 1028 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:08:15.0157 1028 FsDepends - ok
17:08:15.0266 1028 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
17:08:15.0282 1028 fssfltr - ok
17:08:15.0313 1028 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
17:08:15.0329 1028 Fs_Rec - ok
17:08:15.0453 1028 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:08:15.0469 1028 fvevol - ok
17:08:15.0500 1028 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:08:15.0516 1028 gagp30kx - ok
17:08:15.0672 1028 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:08:15.0672 1028 GEARAspiWDM - ok
17:08:15.0812 1028 GUCI_AVS (5f1cf2ae2c2e14b0266e70c4960998c6) C:\Windows\system32\DRIVERS\GUCI_AVS.sys
17:08:15.0859 1028 GUCI_AVS - ok
17:08:16.0015 1028 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:08:16.0077 1028 hcw85cir - ok
17:08:16.0202 1028 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:08:16.0233 1028 HdAudAddService - ok
17:08:16.0374 1028 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:08:16.0405 1028 HDAudBus - ok
17:08:16.0452 1028 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:08:16.0483 1028 HidBatt - ok
17:08:16.0577 1028 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:08:16.0639 1028 HidBth - ok
17:08:16.0670 1028 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:08:16.0701 1028 HidIr - ok
17:08:16.0842 1028 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:08:16.0873 1028 HidUsb - ok
17:08:17.0076 1028 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:08:17.0091 1028 HpSAMD - ok
17:08:17.0169 1028 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:08:17.0216 1028 HTTP - ok
17:08:17.0341 1028 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:08:17.0341 1028 hwpolicy - ok
17:08:17.0419 1028 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:08:17.0435 1028 i8042prt - ok
17:08:17.0528 1028 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
17:08:17.0544 1028 iaStor - ok
17:08:17.0622 1028 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:08:17.0637 1028 iaStorV - ok
17:08:17.0965 1028 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:08:18.0293 1028 igfx - ok
17:08:18.0386 1028 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:08:18.0402 1028 iirsp - ok
17:08:18.0464 1028 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:08:18.0480 1028 intelide - ok
17:08:18.0589 1028 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:08:18.0620 1028 intelppm - ok
17:08:18.0667 1028 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:08:18.0729 1028 IpFilterDriver - ok
17:08:18.0870 1028 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:08:18.0917 1028 IPMIDRV - ok
17:08:19.0026 1028 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:08:19.0073 1028 IPNAT - ok
17:08:19.0197 1028 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:08:19.0260 1028 IRENUM - ok
17:08:19.0369 1028 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:08:19.0385 1028 isapnp - ok
17:08:19.0447 1028 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:08:19.0463 1028 iScsiPrt - ok
17:08:19.0603 1028 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
17:08:19.0603 1028 ivusb - ok
17:08:19.0665 1028 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:08:19.0681 1028 kbdclass - ok
17:08:19.0790 1028 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:08:19.0821 1028 kbdhid - ok
17:08:19.0931 1028 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
17:08:19.0946 1028 kbfiltr - ok
17:08:19.0993 1028 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:08:20.0009 1028 KSecDD - ok
17:08:20.0024 1028 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:08:20.0040 1028 KSecPkg - ok
17:08:20.0133 1028 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:08:20.0196 1028 ksthunk - ok
17:08:20.0227 1028 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
17:08:20.0258 1028 L1E - ok
17:08:20.0352 1028 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:08:20.0445 1028 lltdio - ok
17:08:20.0555 1028 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:08:20.0570 1028 LSI_FC - ok
17:08:20.0586 1028 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:08:20.0601 1028 LSI_SAS - ok
17:08:20.0695 1028 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:08:20.0711 1028 LSI_SAS2 - ok
17:08:20.0726 1028 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:08:20.0742 1028 LSI_SCSI - ok
17:08:20.0773 1028 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:08:20.0835 1028 luafv - ok
17:08:20.0898 1028 lullaby (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
17:08:20.0898 1028 lullaby - ok
17:08:20.0945 1028 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:08:20.0960 1028 MBAMProtector - ok
17:08:21.0054 1028 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:08:21.0054 1028 megasas - ok
17:08:21.0101 1028 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:08:21.0116 1028 MegaSR - ok
17:08:21.0210 1028 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:08:21.0257 1028 Modem - ok
17:08:21.0350 1028 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:08:21.0381 1028 monitor - ok
17:08:21.0459 1028 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:08:21.0459 1028 mouclass - ok
17:08:21.0553 1028 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:08:21.0584 1028 mouhid - ok
17:08:21.0678 1028 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:08:21.0693 1028 mountmgr - ok
17:08:21.0803 1028 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:08:21.0818 1028 mpio - ok
17:08:21.0849 1028 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:08:21.0912 1028 mpsdrv - ok
17:08:22.0083 1028 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
17:08:22.0115 1028 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
17:08:22.0115 1028 MREMP50 - detected UnsignedFile.Multi.Generic (1)
17:08:22.0146 1028 MREMP50a64 - ok
17:08:22.0161 1028 MREMPR5 - ok
17:08:22.0161 1028 MRENDIS5 - ok
17:08:22.0193 1028 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
17:08:22.0208 1028 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
17:08:22.0208 1028 MRESP50 - detected UnsignedFile.Multi.Generic (1)
17:08:22.0255 1028 MRESP50a64 - ok
17:08:22.0380 1028 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:08:22.0489 1028 MRxDAV - ok
17:08:22.0583 1028 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:08:22.0629 1028 mrxsmb - ok
17:08:22.0676 1028 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:08:22.0707 1028 mrxsmb10 - ok
17:08:22.0817 1028 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:08:22.0832 1028 mrxsmb20 - ok
17:08:22.0879 1028 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:08:22.0895 1028 msahci - ok
17:08:22.0941 1028 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:08:22.0957 1028 msdsm - ok
17:08:23.0066 1028 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:08:23.0097 1028 Msfs - ok
17:08:23.0113 1028 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:08:23.0191 1028 mshidkmdf - ok
17:08:23.0238 1028 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:08:23.0238 1028 msisadrv - ok
17:08:23.0347 1028 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:08:23.0394 1028 MSKSSRV - ok
17:08:23.0394 1028 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:08:23.0456 1028 MSPCLOCK - ok
17:08:23.0565 1028 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:08:23.0643 1028 MSPQM - ok
17:08:23.0690 1028 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:08:23.0706 1028 MsRPC - ok
17:08:23.0815 1028 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:08:23.0831 1028 mssmbios - ok
17:08:23.0862 1028 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:08:23.0909 1028 MSTEE - ok
17:08:23.0987 1028 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:08:24.0018 1028 MTConfig - ok
17:08:24.0111 1028 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
17:08:24.0127 1028 MTsensor - ok
17:08:24.0143 1028 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:08:24.0158 1028 Mup - ok
17:08:24.0252 1028 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:08:24.0283 1028 NativeWifiP - ok
17:08:24.0408 1028 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:08:24.0439 1028 NDIS - ok
17:08:24.0517 1028 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:08:24.0579 1028 NdisCap - ok
17:08:24.0595 1028 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:08:24.0657 1028 NdisTapi - ok
17:08:24.0782 1028 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:08:24.0829 1028 Ndisuio - ok
17:08:24.0876 1028 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:08:24.0923 1028 NdisWan - ok
17:08:25.0063 1028 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:08:25.0125 1028 NDProxy - ok
17:08:25.0266 1028 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
17:08:25.0313 1028 Netaapl - ok
17:08:25.0406 1028 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:08:25.0469 1028 NetBIOS - ok
17:08:25.0515 1028 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:08:25.0578 1028 NetBT - ok
17:08:25.0718 1028 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:08:25.0734 1028 nfrd960 - ok
17:08:25.0765 1028 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:08:25.0812 1028 Npfs - ok
17:08:25.0890 1028 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:08:25.0952 1028 nsiproxy - ok
17:08:26.0030 1028 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:08:26.0061 1028 Ntfs - ok
17:08:26.0155 1028 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:08:26.0217 1028 Null - ok
17:08:26.0327 1028 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:08:26.0342 1028 nvraid - ok
17:08:26.0405 1028 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:08:26.0405 1028 nvstor - ok
17:08:26.0483 1028 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:08:26.0498 1028 nv_agp - ok
17:08:26.0607 1028 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:08:26.0654 1028 ohci1394 - ok
17:08:26.0763 1028 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:08:26.0779 1028 Parport - ok
17:08:26.0826 1028 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
17:08:26.0841 1028 partmgr - ok
17:08:26.0966 1028 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:08:26.0982 1028 pci - ok
17:08:27.0013 1028 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:08:27.0029 1028 pciide - ok
17:08:27.0122 1028 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:08:27.0138 1028 pcmcia - ok
17:08:27.0153 1028 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:08:27.0169 1028 pcw - ok
17:08:27.0200 1028 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:08:27.0278 1028 PEAUTH - ok
17:08:27.0497 1028 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:08:27.0559 1028 PptpMiniport - ok
17:08:27.0590 1028 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:08:27.0637 1028 Processor - ok
17:08:27.0762 1028 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:08:27.0824 1028 Psched - ok
17:08:27.0871 1028 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:08:27.0871 1028 PxHlpa64 - ok
17:08:27.0980 1028 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:08:28.0027 1028 ql2300 - ok
17:08:28.0121 1028 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:08:28.0136 1028 ql40xx - ok
17:08:28.0167 1028 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:08:28.0214 1028 QWAVEdrv - ok
17:08:28.0308 1028 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:08:28.0355 1028 RasAcd - ok
17:08:28.0401 1028 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:08:28.0448 1028 RasAgileVpn - ok
17:08:28.0573 1028 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:08:28.0620 1028 Rasl2tp - ok
17:08:28.0713 1028 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:08:28.0760 1028 RasPppoe - ok
17:08:28.0791 1028 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:08:28.0838 1028 RasSstp - ok
17:08:28.0963 1028 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:08:29.0010 1028 rdbss - ok
17:08:29.0041 1028 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:08:29.0057 1028 rdpbus - ok
17:08:29.0150 1028 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:08:29.0197 1028 RDPCDD - ok
17:08:29.0244 1028 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:08:29.0306 1028 RDPENCDD - ok
17:08:29.0415 1028 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:08:29.0478 1028 RDPREFMP - ok
17:08:29.0790 1028 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
17:08:29.0837 1028 RDPWD - ok
17:08:30.0164 1028 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:08:30.0180 1028 rdyboost - ok
17:08:30.0554 1028 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:08:30.0617 1028 rspndr - ok
17:08:30.0960 1028 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:08:30.0975 1028 sbp2port - ok
17:08:31.0365 1028 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
17:08:31.0412 1028 SCDEmu - ok
17:08:31.0677 1028 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:08:31.0755 1028 scfilter - ok
17:08:31.0927 1028 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:08:32.0005 1028 secdrv - ok
17:08:32.0177 1028 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:08:32.0208 1028 Serenum - ok
17:08:32.0411 1028 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:08:32.0457 1028 Serial - ok
17:08:32.0723 1028 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:08:32.0754 1028 sermouse - ok
17:08:32.0941 1028 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:08:32.0988 1028 sffdisk - ok
17:08:33.0128 1028 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:08:33.0159 1028 sffp_mmc - ok
17:08:33.0315 1028 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:08:33.0362 1028 sffp_sd - ok
17:08:33.0518 1028 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:08:33.0612 1028 sfloppy - ok
17:08:33.0783 1028 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
17:08:33.0815 1028 SiSGbeLH - ok
17:08:33.0955 1028 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:08:34.0189 1028 SiSRaid2 - ok
17:08:34.0345 1028 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:08:34.0376 1028 SiSRaid4 - ok
17:08:34.0626 1028 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:08:34.0719 1028 Smb - ok
17:08:34.0922 1028 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:08:34.0938 1028 spldr - ok
17:08:35.0078 1028 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:08:35.0125 1028 srv - ok
17:08:35.0297 1028 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:08:35.0343 1028 srv2 - ok
17:08:35.0484 1028 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:08:35.0499 1028 srvnet - ok
17:08:35.0640 1028 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:08:35.0655 1028 stexstor - ok
17:08:35.0780 1028 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:08:35.0796 1028 swenum - ok
17:08:35.0936 1028 sxuptp (20a4a4513e50f84b662e106eb27f5aeb) C:\Windows\system32\DRIVERS\sxuptp.sys
17:08:35.0952 1028 sxuptp - ok
17:08:36.0061 1028 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
17:08:36.0108 1028 Tcpip - ok
17:08:36.0264 1028 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
17:08:36.0311 1028 TCPIP6 - ok
17:08:36.0420 1028 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:08:36.0451 1028 tcpipreg - ok
17:08:36.0513 1028 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:08:36.0545 1028 TDPIPE - ok
17:08:36.0623 1028 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
17:08:36.0685 1028 TDTCP - ok
17:08:36.0732 1028 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:08:36.0763 1028 tdx - ok
17:08:36.0950 1028 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
17:08:36.0950 1028 teamviewervpn - ok
17:08:37.0013 1028 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:08:37.0028 1028 TermDD - ok
17:08:37.0184 1028 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:08:37.0231 1028 tssecsrv - ok
17:08:37.0278 1028 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:08:37.0340 1028 TsUsbFlt - ok
17:08:37.0496 1028 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:08:37.0543 1028 tunnel - ok
17:08:37.0574 1028 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:08:37.0590 1028 uagp35 - ok
17:08:37.0699 1028 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:08:37.0761 1028 udfs - ok
17:08:37.0839 1028 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:08:37.0855 1028 uliagpkx - ok
17:08:37.0980 1028 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:08:37.0995 1028 umbus - ok
17:08:38.0089 1028 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:08:38.0120 1028 UmPass - ok
17:08:38.0229 1028 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:08:38.0276 1028 USBAAPL64 - ok
17:08:38.0339 1028 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:08:38.0354 1028 usbccgp - ok
17:08:38.0479 1028 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:08:38.0510 1028 usbcir - ok
17:08:38.0557 1028 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
17:08:38.0588 1028 usbehci - ok
17:08:38.0713 1028 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:08:38.0760 1028 usbhub - ok
17:08:38.0807 1028 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:08:38.0869 1028 usbohci - ok
17:08:39.0087 1028 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:08:39.0150 1028 usbprint - ok
17:08:39.0431 1028 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:08:39.0477 1028 usbscan - ok
17:08:39.0696 1028 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:08:39.0805 1028 USBSTOR - ok
17:08:40.0039 1028 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
17:08:40.0101 1028 usbuhci - ok
17:08:40.0257 1028 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
17:08:40.0289 1028 usbvideo - ok
17:08:40.0538 1028 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:08:40.0554 1028 vdrvroot - ok
17:08:40.0741 1028 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:08:40.0757 1028 vga - ok
17:08:40.0788 1028 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:08:40.0866 1028 VgaSave - ok
17:08:41.0053 1028 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:08:41.0069 1028 vhdmp - ok
17:08:41.0287 1028 VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
17:08:41.0427 1028 VIAHdAudAddService - ok
17:08:41.0583 1028 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:08:41.0599 1028 viaide - ok
17:08:41.0771 1028 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:08:41.0771 1028 volmgr - ok
17:08:41.0864 1028 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:08:41.0895 1028 volmgrx - ok
17:08:42.0067 1028 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:08:42.0098 1028 volsnap - ok
17:08:42.0223 1028 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:08:42.0239 1028 vsmraid - ok
17:08:42.0332 1028 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:08:42.0395 1028 vwifibus - ok
17:08:42.0566 1028 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:08:42.0613 1028 vwififlt - ok
17:08:42.0785 1028 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:08:42.0816 1028 vwifimp - ok
17:08:42.0987 1028 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:08:43.0034 1028 WacomPen - ok
17:08:43.0284 1028 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:08:43.0362 1028 WANARP - ok
17:08:43.0393 1028 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:08:43.0440 1028 Wanarpv6 - ok
17:08:43.0674 1028 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:08:43.0705 1028 Wd - ok
17:08:43.0955 1028 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
17:08:44.0048 1028 WDC_SAM - ok
17:08:44.0251 1028 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:08:44.0282 1028 Wdf01000 - ok
17:08:44.0547 1028 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:08:44.0594 1028 WfpLwf - ok
17:08:44.0703 1028 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
17:08:44.0735 1028 WimFltr - ok
17:08:44.0875 1028 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:08:44.0891 1028 WIMMount - ok
17:08:45.0327 1028 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:08:45.0374 1028 WinUsb - ok
17:08:45.0608 1028 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:08:45.0655 1028 WmiAcpi - ok
17:08:45.0889 1028 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:08:45.0920 1028 ws2ifsl - ok
17:08:46.0154 1028 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:08:46.0232 1028 WudfPf - ok
17:08:46.0388 1028 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:08:46.0451 1028 WUDFRd - ok
17:08:46.0560 1028 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:08:46.0934 1028 \Device\Harddisk0\DR0 - ok
17:08:46.0981 1028 Boot (0x1200) (0b755c9a74c50addd869aaacc2684cc4) \Device\Harddisk0\DR0\Partition0
17:08:46.0997 1028 \Device\Harddisk0\DR0\Partition0 - ok
17:08:46.0997 1028 ============================================================
17:08:46.0997 1028 Scan finished
17:08:46.0997 1028 ============================================================
17:08:47.0012 1076 Detected object count: 2
17:08:47.0012 1076 Actual detected object count: 2
17:09:25.0232 1076 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:25.0232 1076 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:25.0232 1076 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
17:09:25.0232 1076 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:09:33.0531 4244 Deinitialize success

#5
st3v3n6

Posted 13 March 2012 - 09:29 PM

Member

Topic Starter
Member
14 posts

I thought I'd surf around to see if I'd still get redirected, unfortunately yes. My AVG detected the following:

"File name: fairu.in/main.php?page=c7c753f5c64805be"
"Theat name: Exploit Blackhole Exploit Kit Detection (type 1889)"

Upon clicking show details, it says:

"Process name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"Process ID: 1072"

#6
maliprog

Posted 14 March 2012 - 12:37 AM

Trusted Helper

Malware Removal
6,172 posts

Hi st3v3n6,

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
Also, ZIP MBR.dat it creates and attach it to your next reply

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

aswMBR log
Combofix log

It would be helpful if you could post each log in separate post

#7
st3v3n6

Posted 14 March 2012 - 01:32 AM

Member

Topic Starter
Member
14 posts

Hi,

Thanks for baring with me, can't thank you enough!

Below is the log for the aswMBR scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-13 23:44:14
-----------------------------
23:44:14.194 OS Version: Windows x64 6.1.7601 Service Pack 1
23:44:14.194 Number of processors: 2 586 0x170A
23:44:14.194 ComputerName: CYNTHIASPC UserName: Cynthia
23:44:15.739 Initialize success
23:46:21.419 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:46:21.422 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
23:46:21.435 Disk 0 MBR read successfully
23:46:21.439 Disk 0 MBR scan
23:46:21.442 Disk 0 Windows VISTA default MBR code
23:46:21.448 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
23:46:21.468 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 290246 MB offset 30716280
23:46:21.479 Disk 0 scanning C:\Windows\system32\drivers
23:46:32.178 Service scanning
23:47:02.933 Modules scanning
23:47:02.941 Disk 0 trace - called modules:
23:47:02.970 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:47:02.975 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033e3060]
23:47:02.979 3 CLASSPNP.SYS[fffff88001b7943f] -> nt!IofCallDriver -> [0xfffffa8002477e40]
23:47:02.986 5 ACPI.sys[fffff88000d6b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e45050]
23:47:02.993 Scan finished successfully
23:47:24.706 Disk 0 MBR has been saved successfully to "C:\Users\Cynthia\Desktop\MBR.dat"
23:47:24.716 The log file has been saved successfully to "C:\Users\Cynthia\Desktop\aswMBR.txt"

#8
st3v3n6

Posted 14 March 2012 - 01:34 AM

Member

Topic Starter
Member
14 posts

Attached is the ZIP file of MBR.

Attached Files

MBR.zip 556bytes 75 downloads

#9
st3v3n6

Posted 14 March 2012 - 01:35 AM

Member

Topic Starter
Member
14 posts

Below is the ComboFix log:

ComboFix 12-03-13.01 - Cynthia 03/13/2012 23:51:31.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3037.1729 [GMT -7:00]
Running from: c:\users\Cynthia\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 07:03 . 2012-03-14 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-10 09:14 . 2012-03-10 09:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-10 04:02 . 2012-03-13 05:02 -------- d-----w- c:\program files\HitmanPro
2012-03-09 04:07 . 2012-03-09 04:07 -------- d-----w- c:\program files (x86)\ESET
2012-03-09 01:27 . 2012-03-09 01:27 -------- d-----w- c:\users\Cynthia\AppData\Roaming\Malwarebytes
2012-03-09 01:27 . 2012-03-09 01:27 -------- d-----w- c:\programdata\Malwarebytes
2012-03-09 01:27 . 2012-03-09 01:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-09 01:27 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 08:27 . 2012-02-19 08:36 -------- d-----w- c:\programdata\HitmanPro
2012-02-15 23:31 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 23:31 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 23:31 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 23:30 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 23:30 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 23:30 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 23:30 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 23:30 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 07:05 . 2010-07-01 05:47 45056 ----a-w- c:\windows\system32\acovcnt.exe
2011-12-24 16:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-12-24 16:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-13_05.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-24 05:22 . 2012-03-14 00:13 70916 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-14 00:13 52906 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-22 17:20 . 2012-03-14 00:13 24346 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2112233159-706162275-1558631429-1001_UserData.bin
+ 2012-03-14 07:05 . 2012-03-14 07:05 27424 c:\windows\system32\drivers\hitmanpro36.sys
+ 2009-07-14 04:46 . 2012-03-13 06:08 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-14 07:04 . 2012-03-14 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-13 05:35 . 2012-03-13 05:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-13 05:35 . 2012-03-13 05:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-14 07:04 . 2012-03-14 07:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-24 03:52 . 2012-03-13 23:43 354796 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-03-13 04:57 663434 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-14 00:15 663434 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-14 00:15 122270 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-13 04:57 122270 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-13 05:34 544328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-14 07:04 544328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-23 07:32 . 2012-03-14 07:04 52166864 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2112233159-706162275-1558631429-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2010-11-17 06:50 81920 ----a-w- c:\program files (x86)\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files (x86)\oovootoolbar\oovootoolbarX.dll" [2010-11-17 81920]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 D-Link SharePort Helper;D-Link SharePort Helper;c:\program files\D-Link\SharePort Utility\Spnuhelper.exe [2009-12-11 49152]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-28 1253376]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-03-13 96072]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2112233159-706162275-1558631429-1001Core.job
- c:\users\Cynthia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-07 00:33]
.
2012-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2112233159-706162275-1558631429-1001UA.job
- c:\users\Cynthia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-07 00:33]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 03:24]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-27 03:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Cynthia\AppData\Roaming\Mozilla\Firefox\Profiles\tp6z2tu8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
.
**************************************************************************
.
Completion time: 2012-03-14 00:13:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-14 07:13
ComboFix2.txt 2012-03-13 05:44
.
Pre-Run: 200,105,959,424 bytes free
Post-Run: 199,784,714,240 bytes free
.
- - End Of File - - 5CC41F0707700A9D9B9248E7AB45879D

#10
st3v3n6

Posted 14 March 2012 - 01:44 AM

Member

Topic Starter
Member
14 posts

Maliprog,

After rebooting as ComboFix had requested, and per your instruction, I went on to Google on Firefox but was redirected upon clicking a wikipedia link on Google search; took me to the "Askthecrew.net" search engine. Attempted a 2nd search and took me once again to "Gimmeanswers" page after clicking on another link.

This is one stubborn piece of malware.

Up to this point, I've done everything you have instructed me to do so.

#11
maliprog

Posted 14 March 2012 - 04:40 AM

Trusted Helper

Malware Removal
6,172 posts

Let's try this:

Step 1

OK. Before we continue...

Please try to do Google search in Internet Explorer.
Do you have another, clean, PC near you? Can you connect it to your network and try to do Google search?

Report back results.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Files
ipconfig /all /c
nslookup google.com /c
nslookup yahoo.com /c
ping -n 2 google.com /c
ping -n 2 yahoo.com /c
route print /c
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Please don't forget to include these items in your reply:

OTL fix log

It would be helpful if you could post each log in separate post

#12
st3v3n6

Posted 17 March 2012 - 11:54 PM

Member

Topic Starter
Member
14 posts

Sorry for replying back after 2 days.

Concerning Step 1: I have another disinfected laptop right here with me, that laptop searches normally without any abnormal searches regardless of browser; whether it's IE, Firefox, or Google Chrome. However, THE infected laptop we've been dealing with does search on Google via Internet Explorer without any signs of it being infected.

As instructed, I've done about 20-25 searches on Google with IE on the infected laptop and has directed me to the exact links I've clicked on. I decided to hop back onto Firefox, and within search #2 was already redirected to "gimmeanswers".

I'll shortly post the results for the remaining steps you've instructed me.

Thanks.

#13
st3v3n6

Posted 18 March 2012 - 12:12 AM

Member

Topic Starter
Member
14 posts

========== OTL ==========
========== FILES ==========
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : CynthiasPC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TeamViewer VPN Adapter
Physical Address. . . . . . . . . : 00-FF-64-D7-D4-46
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 3E-4B-D6-57-48-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Physical Address. . . . . . . . . : E0-CB-4E-36-B9-D9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 1C-4B-D6-57-48-FD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::28ca:d9ea:f4aa:3759%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, March 17, 2012 10:39:04 PM
Lease Expires . . . . . . . . . . : Sunday, March 18, 2012 10:39:04 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 236735446
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-ED-89-4C-1C-4B-D6-57-48-FD
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 12:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:44d:2277:9ce9:37c6(Preferred)
Link-local IPv6 Address . . . . . : fe80::44d:2277:9ce9:37c6%20(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.gateway.2wire.net:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{64D7D446-321B-45E5-B49E-261EA16DD5BF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{E26B4FF0-572F-438F-A299-80225B53E132}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Cynthia\Desktop\Disc2\cmd.bat deleted successfully.
C:\Users\Cynthia\Desktop\Disc2\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: home
Address: 192.168.0.1
Name: google.com
Addresses: 74.125.224.227
74.125.224.228
74.125.224.229
74.125.224.230
74.125.224.231
74.125.224.232
74.125.224.233
74.125.224.238
74.125.224.224
74.125.224.225
74.125.224.226
C:\Users\Cynthia\Desktop\Disc2\cmd.bat deleted successfully.
C:\Users\Cynthia\Desktop\Disc2\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
Server: home
Address: 192.168.0.1
Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24
C:\Users\Cynthia\Desktop\Disc2\cmd.bat deleted successfully.
C:\Users\Cynthia\Desktop\Disc2\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.224.238] with 32 bytes of data:
Reply from 74.125.224.238: bytes=32 time=18ms TTL=55
Reply from 74.125.224.238: bytes=32 time=18ms TTL=55
Ping statistics for 74.125.224.238:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 18ms, Average = 18ms
C:\Users\Cynthia\Desktop\Disc2\cmd.bat deleted successfully.
C:\Users\Cynthia\Desktop\Disc2\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=54ms TTL=52
Reply from 72.30.38.140: bytes=32 time=31ms TTL=52
Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 54ms, Average = 42ms
C:\Users\Cynthia\Desktop\Disc2\cmd.bat deleted successfully.
C:\Users\Cynthia\Desktop\Disc2\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
15...00 ff 64 d7 d4 46 ......TeamViewer VPN Adapter
12...3e 4b d6 57 48 fd ......Microsoft Virtual WiFi Miniport Adapter
11...e0 cb 4e 36 b9 d9 ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
10...1c 4b d6 57 48 fd ......Atheros AR9285 Wireless Network Adapter
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.11 281
192.168.0.11 255.255.255.255 On-link 192.168.0.11 281
192.168.0.255 255.255.255.255 On-link 192.168.0.11 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.11 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.11 281
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
20 58 ::/0 On-link
1 306 ::1/128 On-link
20 58 2001::/32 On-link
20 306 2001:0:5ef5:79fd:44d:2277:9ce9:37c6/128
On-link
10 281 fe80::/64 On-link
20 306 fe80::/64 On-link
20 306 fe80::44d:2277:9ce9:37c6/128
On-link
10 281 fe80::28ca:d9ea:f4aa:3759/128
On-link
1 306 ff00::/8 On-link
20 306 ff00::/8 On-link
10 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\Cynthia\Desktop\Disc2\cmd.bat deleted successfully.
C:\Users\Cynthia\Desktop\Disc2\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.36.3 log created on 03172012_230338

#14
maliprog

Posted 19 March 2012 - 01:13 AM

Trusted Helper

Malware Removal
6,172 posts

Hi st3v3n6,

Step 1

Click on Start then Run...
Type

firefox.exe -safe-mode

And press OK button
If it ask you press Continue in Safe Mode
Test Google searches now and let me know results.

Step 2

Delete your version of OTL and download new one form Here

Run OTL.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

OTL log

It would be helpful if you could post each log in separate post

#15
st3v3n6

Posted 19 March 2012 - 04:31 PM

Member

Topic Starter
Member
14 posts

Hi Maliprog,

Step 1: As instructed, ran Firefox under the safe mode command - I conducted about 15 minutes worth of Google searching and came across no problems whatsoever; everything came up clean.

Step 2: I deleted the version of OTL currently saved on the laptop and downloaded the version you provided via the link. The log was as follows: