Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't get rid of Google redirect virus [Solved]


  • This topic is locked This topic is locked

#1
thillman

thillman

    Member

  • Member
  • PipPip
  • 37 posts
When I use Google Search, 1 out of every 5 or so links I click directs me to a unrelated website (other search sites, a tax site, an RV site, etc). I did my research and attempted to follow a few threads in this forum regarding this virus, as well as the general removal guide. Unfortunately nothing has worked so far. Please help! Here is my HijackThis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:03:47 PM, on 7/19/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO_PROJECT - {9194649F-7143-4308-90C1-D6A35B0E354E} - (no file)
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.57\npchrome_frame.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Louis\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Spotify] "C:\Users\Louis\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Louis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Louis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Louis\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Startup: Facebook Messenger.lnk = C:\Users\Louis\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe
O4 - Startup: NexDef Plug-in.lnk = C:\Users\Louis\AppData\Local\Autobahn\nexdef.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {47489CC3-B1AB-4414-A7D9-4A6380D819D8} (ConfigManager Control) - http://143.56.133.4:...nfigManager.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus....vex-2.2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {817444B5-4D12-4EEB-8E78-C547E84F80B6} (EngineManager Control) - http://143.56.133.4:...gineManager.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {E7B12A6B-341F-4765-A9EA-29A745916878} (ImageViewer ActiveX Control) - http://143.56.133.4:...ImageViewer.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.57\npchrome_frame.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: dlba_device - Unknown owner - C:\Windows\system32\dlbacoms.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 12593 bytes
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Hi, thillman! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 2.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 3.

Please post:

aswMBR log
OTL.txt
Extras.txt


Give me an update on your computer's issues.

Do the redirects only occur with one browser or all?

Do the redirects affect anyother computers connected to the internet in your house?
  • 0

#3
thillman

thillman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Hi CompCav - Thank you, I very much appreciate your help! I followed your instructions, and everything seemed to work just fine, but I only got one log file from OTL (no Extras.txt). The aswMBR and OTL log files are pasted below.

The redirects appear to only affect Chrome, but I infrequently use any other browser (my husband occasionally uses Firefox on this computer and he has had no problems). And it seems to only affect this laptop, my husband has had no problem with his laptop, and I've had no problems with my desktop (I don't use my desktop that often).

*****************************************************************************************************************************************************

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 20:52:29
-----------------------------
20:52:29.778 OS Version: Windows x64 6.0.6002 Service Pack 2
20:52:29.778 Number of processors: 2 586 0x1706
20:52:29.779 ComputerName: LOUIS-PC UserName: Louis
20:52:31.221 Initialize success
20:52:45.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:52:45.476 Disk 0 Vendor: ST932042 SD13 Size: 305245MB BusType: 3
20:52:45.493 Disk 0 MBR read successfully
20:52:45.496 Disk 0 MBR scan
20:52:45.503 Disk 0 unknown MBR code
20:52:45.512 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10997 MB offset 63
20:52:45.528 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 22523130
20:52:45.535 Disk 0 Partition - 00 0F Extended LBA 141630 MB offset 335083936
20:52:45.569 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 141630 MB offset 335083980
20:52:45.612 Disk 0 scanning C:\Windows\system32\drivers
20:52:55.133 Service scanning
20:53:13.735 Modules scanning
20:53:13.741 Disk 0 trace - called modules:
20:53:13.767 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys iaStor.sys hal.dll
20:53:14.100 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800692f300]
20:53:14.106 3 CLASSPNP.SYS[fffffa60010d7c33] -> nt!IofCallDriver -> [0xfffffa800682a5f0]
20:53:14.111 5 PCTCore64.sys[fffffa6000c0e600] -> nt!IofCallDriver -> [0xfffffa8004bee230]
20:53:14.117 7 acpi.sys[fffffa600093cfde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bf1050]
20:53:14.122 Scan finished successfully
20:53:31.367 Disk 0 MBR has been saved successfully to "C:\Users\Louis\Desktop\MBR.dat"
20:53:31.376 The log file has been saved successfully to "C:\Users\Louis\Desktop\aswMBR.txt"

******************************************************************************************************************************************************

OTL logfile created on: 7/22/2012 8:54:40 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Louis\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 35.12% Memory free
8.19 Gb Paging File | 4.61 Gb Available in Paging File | 56.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 23.99 Gb Free Space | 16.09% Space Free | Partition Type: NTFS
Drive D: | 138.31 Gb Total Space | 138.26 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: LOUIS-PC | User Name: Louis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Louis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files\NVIDIA Corporation\nView\nView.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll ()
MOD - C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Virtual Camera\virtualCamera.ax ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV:64bit: - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV:64bit: - (dlba_device) -- C:\Windows\SysNative\dlbacoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe ()
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\0502020.003\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\Drivers\vmm.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\Drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (NETw5v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys ( )
DRV:64bit: - (lullaby) -- C:\Windows\SysNative\DRIVERS\lullaby.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys ()
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120720.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120722.006\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120722.006\eng64.sys (Symantec Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\SearchScopes\{4007C90C-C3FA-4C85-BCA4-4D62590327E0}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mail.google..../?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files (x86)\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Louis\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Louis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Louis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Louis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Louis\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012/02/16 04:53:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_9_4 [2012/07/19 10:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 23:16:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/15 17:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2011/10/26 21:59:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Louis\AppData\Roaming\Move Networks [2010/01/04 22:16:16 | 000,000,000 | ---D | M]

[2010/01/04 22:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis\AppData\Roaming\Mozilla\Extensions
[2012/07/10 00:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\ra2olz9p.default\extensions
[2010/05/15 17:17:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\ra2olz9p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/08 07:21:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\ra2olz9p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/06/15 12:07:09 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\ra2olz9p.default\extensions\[email protected]
[2011/08/09 21:27:58 | 000,002,468 | ---- | M] () -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\ra2olz9p.default\searchplugins\safesearch.xml
[2012/07/21 23:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[1634/11/13 15:46:30 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\LOUIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RA2OLZ9P.DEFAULT\EXTENSIONS\[email protected]
[2012/03/22 20:50:25 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\LOUIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RA2OLZ9P.DEFAULT\EXTENSIONS\[email protected]
[2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/23 09:30:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Louis\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Louis\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Louis\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Louis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Louis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Louis\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: HelloFax - Free Online Faxing & Signing = C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.1_0\
CHR - Extension: Netflix = C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh\1.0.0.2_0\
CHR - Extension: Pandora = C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: Weather Window by WeatherBug = C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\1.0.12_0\
CHR - Extension: WiseStamp - Email Signatures for GMail, Google Apps and more = C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg\3.11.16.100_0\

O1 HOSTS File: ([2012/07/21 19:01:34 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9194649F-7143-4308-90C1-D6A35B0E354E} - No CLSID value found.
O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.57\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe (ASUSTek.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000..\Run: [Akamai NetSession Interface] "C:\Users\Louis\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000..\Run: [Facebook Update] C:\Users\Louis\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000..\Run: [Spotify] C:\Users\Louis\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000..\Run: [Spotify Web Helper] C:\Users\Louis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000..\RunOnce: [JavaInstallRetry] C:\Users\Louis\AppData\LocalLow\Sun\Java\JRERunOnce.exe (Oracle Corporation)
O4 - Startup: C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Louis\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Louis\AppData\Local\Autobahn\nexdef.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} http://www.crezio.co...On/AlwaysOn.CAB (Tpwin Control)
O16 - DPF: {47489CC3-B1AB-4414-A7D9-4A6380D819D8} http://143.56.133.4:...nfigManager.cab (ConfigManager Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlcdnet.asus....vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {817444B5-4D12-4EEB-8E78-C547E84F80B6} http://143.56.133.4:...gineManager.cab (EngineManager Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7B12A6B-341F-4765-A9EA-29A745916878} http://143.56.133.4:...ImageViewer.cab (ImageViewer ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E38C89A-CFC6-4048-8147-9F901C7DF128}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D11F8FF3-0DE4-452C-99D0-A14D4DCC80D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cf - No CLSID value found
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\20.0.1132.57\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Louis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Louis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d9a63074-989d-11de-95e6-002215a48362}\Shell\AutoRun\command - "" = Iexplores.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 20:51:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Louis\Desktop\OTL.exe
[2012/07/22 20:50:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Louis\Desktop\aswMBR.exe
[2012/07/21 23:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/21 19:01:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/20 10:32:53 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\WinZip
[2012/07/20 10:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/07/20 10:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/07/20 10:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/07/19 17:59:25 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2012/07/19 14:12:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/19 14:12:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/19 14:12:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/19 14:07:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/19 14:06:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/19 14:06:26 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/16 20:31:40 | 000,000,000 | ---D | C] -- C:\Users\Louis\Desktop\grampys pictures
[2012/07/09 17:09:37 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/06/23 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\Louis\AppData\Local\Macromedia
[2009/03/11 21:43:35 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Louis\AppData\Roaming\pcouffin.sys
[7 C:\Users\Louis\AppData\Local\*.tmp files -> C:\Users\Louis\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 20:53:31 | 000,000,512 | ---- | M] () -- C:\Users\Louis\Desktop\MBR.dat
[2012/07/22 20:51:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Louis\Desktop\OTL.exe
[2012/07/22 20:51:19 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Louis\Desktop\aswMBR.exe
[2012/07/22 20:46:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 20:46:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 20:22:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000UA.job
[2012/07/22 20:14:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000UA.job
[2012/07/22 19:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 19:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 17:14:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000Core.job
[2012/07/22 14:54:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/22 08:22:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000Core.job
[2012/07/22 06:51:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 23:16:58 | 000,000,919 | ---- | M] () -- C:\Users\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/20 22:08:10 | 000,000,858 | ---- | M] () -- C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
[2012/07/20 22:06:18 | 015,771,480 | ---- | M] () -- C:\Users\Louis\Desktop\nexdefinstall.exe
[2012/07/19 17:59:13 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe
[2012/07/19 10:47:46 | 000,435,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/19 10:46:57 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/07/19 10:46:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/19 10:46:13 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/19 10:46:05 | 003,093,186 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\Cat.DB
[2012/07/18 13:44:39 | 000,823,290 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/18 13:44:39 | 000,689,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/18 13:44:39 | 000,137,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/15 12:28:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/11 21:25:32 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502020.003\isolate.ini
[2012/07/11 18:23:48 | 000,002,011 | ---- | M] () -- C:\Users\Louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/09 17:09:37 | 000,001,128 | ---- | M] () -- C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/06/25 13:55:28 | 003,456,054 | ---- | M] () -- C:\Users\Louis\Desktop\DSCN2616.JPG
[2012/06/25 13:55:00 | 003,535,984 | ---- | M] () -- C:\Users\Louis\Desktop\DSCN2614.JPG
[2012/06/25 13:52:50 | 003,604,191 | ---- | M] () -- C:\Users\Louis\Desktop\DSCN2613.JPG
[2012/06/25 13:52:22 | 004,398,659 | ---- | M] () -- C:\Users\Louis\Desktop\DSCN2611.JPG
[7 C:\Users\Louis\AppData\Local\*.tmp files -> C:\Users\Louis\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/22 20:53:31 | 000,000,512 | ---- | C] () -- C:\Users\Louis\Desktop\MBR.dat
[2012/07/20 22:08:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/20 22:05:39 | 015,771,480 | ---- | C] () -- C:\Users\Louis\Desktop\nexdefinstall.exe
[2012/07/19 14:12:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/19 14:12:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/19 14:12:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/19 14:12:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/19 14:12:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/29 14:04:26 | 000,001,128 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/06/26 16:35:38 | 003,456,054 | ---- | C] () -- C:\Users\Louis\Desktop\DSCN2616.JPG
[2012/06/26 16:35:29 | 003,535,984 | ---- | C] () -- C:\Users\Louis\Desktop\DSCN2614.JPG
[2012/06/26 16:35:19 | 003,604,191 | ---- | C] () -- C:\Users\Louis\Desktop\DSCN2613.JPG
[2012/06/26 16:34:56 | 004,398,659 | ---- | C] () -- C:\Users\Louis\Desktop\DSCN2611.JPG
[2012/04/28 21:24:50 | 000,003,452 | ---- | C] () -- C:\Users\Louis\.recently-used.xbel
[2011/05/18 19:31:41 | 000,001,940 | ---- | C] () -- C:\Users\Louis\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/01/15 18:23:15 | 000,000,732 | ---- | C] () -- C:\Users\Louis\AppData\Local\d3d9caps64.dat
[2010/05/25 16:01:19 | 000,000,680 | ---- | C] () -- C:\Users\Louis\AppData\Local\d3d9caps.dat
[2009/08/22 19:47:47 | 000,000,163 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\PLGComp.ini
[2009/06/29 20:53:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/11 21:43:35 | 000,099,384 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\inst.exe
[2009/03/11 21:43:35 | 000,007,859 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\pcouffin.cat
[2009/03/11 21:43:35 | 000,001,167 | ---- | C] () -- C:\Users\Louis\AppData\Roaming\pcouffin.inf
[2009/01/04 00:55:27 | 000,158,423 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/03 23:15:33 | 000,158,423 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/01/03 23:03:47 | 000,022,528 | ---- | C] () -- C:\Users\Louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/01 14:45:27 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2008/07/01 22:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2012/06/15 12:37:51 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\Babylon
[2012/02/25 11:43:43 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\gtk-2.0
[2009/01/25 01:29:28 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\MusicNet
[2010/03/29 20:24:09 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\ooVoo Details
[2012/07/19 13:58:53 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\Spotify
[2012/06/15 12:29:31 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\Topckit
[2010/03/04 23:23:30 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\Vso
[2012/07/22 17:14:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000Core.job
[2012/07/22 20:14:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000UA.job
[2012/07/15 12:28:57 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/03/05 10:19:53 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F395C153-279B-4E91-A36A-5F303F900901}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 17:37:24 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\services

< MD5 for: SERVICES.CSS >
[2012/06/30 11:26:44 | 000,001,976 | ---- | M] () MD5=001C922FF6DD77A7A6D1A06A378E1704 -- C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcgnkmbeodkmiijjfnliicelkjfcldg\3.11.16.100_0\css\services.css

< MD5 for: SERVICES.EXE >
[2008/01/20 22:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 03:10:50 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 22:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 11:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\SysWOW64\en-US\services.exe.mui
[2006/11/02 11:13:31 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 11:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\SysNative\en-US\services.exe.mui
[2006/11/02 11:13:56 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=F514B57C09E143F1E14415A9E9ADD695 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 23:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 23:20:59 | 000,001,688 | ---- | M] () MD5=EFDD08F4E5E26430885F26F0C35B8C62 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysWOW64\wbem\services.mof
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.mof
[2006/09/18 17:44:54 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 11:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2006/09/18 17:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2006/11/02 11:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2006/11/02 11:13:51 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_fe26f08ab7d12816\services.msc
[2006/09/18 17:29:41 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_2b827e27fe185619\services.msc
[2006/11/02 11:14:00 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 03:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 22:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

#4
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Please re-open OTL

  • Double click the Posted Image on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
  • You will see a console like the one below:

Posted Image

  • At the top of the console click the greyed out None button.<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • In the Extra Registry section, click the Use Safelist button.<---Very Important
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open a notepad window, Extras.Txt. It is saved in the same location as OTL.

  • 0

#5
thillman

thillman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Done. Here is the Extras log

*****************************************************************************************************************************************

OTL Extras logfile created on: 7/22/2012 10:05:20 PM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Louis\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 24.83% Memory free
8.19 Gb Paging File | 4.04 Gb Available in Paging File | 49.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 22.76 Gb Free Space | 15.27% Space Free | Partition Type: NTFS
Drive D: | 138.31 Gb Total Space | 138.26 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: LOUIS-PC | User Name: Louis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 7E 7A B1 07 D1 E7 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073791A4-7245-48E7-8967-708D3EDEE8D2}" = lport=138 | protocol=17 | dir=in | app=system |
"{077DC4D8-3DF8-4092-A6CC-04B649E17EF4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{090C34CF-0F6A-414F-BDD4-42068905442C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0DA5B873-E258-4CD4-8A4E-742065C41F65}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0E4CD723-912D-4906-B1F7-5B8D62A27B8C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0FBD6A72-B914-4D9E-9D29-F28E83C3D864}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1510A9CB-5532-430B-B729-715B17BEF974}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{164EDEA7-053B-40E7-BE8E-8231FC528FBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16EBB3FF-27DE-4595-916A-76600C520C85}" = rport=137 | protocol=17 | dir=out | app=system |
"{191FE889-87DB-488C-94B5-C7BC3994BE03}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B21BBB3-DCC1-42E7-8AE0-2252146D216F}" = lport=3390 | protocol=6 | dir=in | app=system |
"{242FAEAC-C741-40D2-9146-3D97892E1A31}" = lport=544 | protocol=6 | dir=in | name=office printer |
"{244B0BDB-5EE7-4851-9271-2C44FA671BC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{24E4AA4A-6F48-48A2-972B-A0D041B52102}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25223689-BB46-4B5A-AEB9-4A3C0E27BEC2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28E4C677-CE8F-462E-8AAF-8AA84FCE494E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2BE94F4F-93C8-405C-AAE9-FDD1F92C5D14}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2EAB6BA9-3A38-4377-A430-85C31EA4D762}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3594812C-A9E6-4ACE-81C0-61DA5CF56CB2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{35C600BC-12E9-482E-8BF7-2963E91E112A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E6D70F8-D25E-49DF-815E-F3A8EAFE8936}" = rport=10244 | protocol=6 | dir=out | app=system |
"{4019BCC8-1BAB-406E-AEA1-870F8B04CA23}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4AB1FA59-6B91-4FAC-8C85-8624AEC6AF9B}" = rport=2869 | protocol=6 | dir=out | app=system |
"{4B21DA8A-A1B4-43A2-9D18-423D2283095F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{52DB0EF4-7A7B-44FE-86E1-35679DE87FED}" = lport=26675 | protocol=6 | dir=in | [email protected]%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{568ABEB8-1063-45ED-8450-E983F1851BA4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5778F36D-89DE-452A-90A9-56C4EAD5625B}" = lport=139 | protocol=6 | dir=in | app=system |
"{5C8C12C9-CE14-44BD-B162-CF538CFD30A6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{5D345F8F-7A00-4685-98CF-75D7473F022C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D3B9429-3CE0-4BFE-A93C-9F5F2C18CB63}" = rport=138 | protocol=17 | dir=out | app=system |
"{619CB797-D407-4B0D-8E03-DC501EAA235A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{689077D1-7F4A-4014-AB12-EBFB97204140}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{6FA734A9-6182-442F-B423-85B69742A3A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{74947AA5-DB23-48DF-8849-421D81DD4B09}" = rport=445 | protocol=6 | dir=out | app=system |
"{7514306A-7BEB-404F-8443-2CBC9EFD2EF3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{76336252-D203-450B-A30F-C721E8B12D13}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7BFF7C21-BA8A-4376-96F7-E916F2EA3B69}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{7C7A0A1D-1702-4276-9F41-09FC008463D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{806DABB8-2BE6-4A08-8773-0E0317DCF841}" = lport=137 | protocol=17 | dir=in | app=system |
"{82ADC5E3-C1B5-4951-8CFA-20F1F2B0A25B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82F54B51-0C6A-4152-B00B-86D381D2EFD0}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8CD9E599-C728-4B8F-B252-1C3C6B079363}" = rport=139 | protocol=6 | dir=out | app=system |
"{8D1A63EC-7DCB-4AFD-ABED-6671BD80925F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9472EEA0-B9FF-43AB-8D8E-10EDD840E001}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{949A5D04-47E5-4D38-A4F8-B7490DAF1756}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9B0A45C1-0EC7-4B20-9479-970E484AC141}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9F8DF350-6957-45AC-83EF-8781D2013B11}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A026AB87-2441-433D-8121-9AB79965C3E9}" = lport=554 | protocol=6 | dir=in | name=office printer |
"{A5D2B565-1B87-4E31-9C85-C14BD4E025D3}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A913C1F8-ADA1-4D62-A45C-2392DA752C94}" = lport=10244 | protocol=6 | dir=in | app=system |
"{B152DCC6-6204-4213-BD59-DBD20A43AF2E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B1F5E58D-9DDF-4A70-8924-00F06E4251F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5E018E8-F88D-4797-9EEF-F1BC3EF32D48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CB1B4738-C253-4ECD-81E1-3ABB049E6594}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD08F251-4D7C-4F39-9DEB-EB0EB9D0E207}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CF38E52C-CF33-4C68-8CB9-41EAD658E6C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D12B9480-CB16-4BD7-B3FB-491F5DB40ECE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D15836BF-A9FA-44FE-8BB8-8F2EDCC14AE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1D346A1-A191-42A5-85D0-313269AB5F0D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D61CD4F0-DC98-456F-93F2-22477DDBDA3C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DE13ECE7-A56D-4411-8502-38BCE707F0EA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E741E3B6-309C-4E17-9986-927F3BCAE763}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E8C78007-7DA2-4CDB-8B81-F3F007F1C903}" = rport=10244 | protocol=6 | dir=out | app=system |
"{EC79CCC8-E5A9-4F94-848E-C5050E24E78F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EE6913CD-6DC0-4679-9B4B-F754D97163AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EF7BD5E6-0D23-4C37-8F7A-17A369230862}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5CDEF32-DD40-4C7F-B8ED-5AB73495D164}" = lport=445 | protocol=6 | dir=in | app=system |
"{FE9AD118-E1F5-4756-8576-EA6108E5A892}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025451D2-351E-4D84-82CE-BAEF1252EC51}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{090B8660-F627-485B-8032-AED3C5B0505B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1F439030-8698-4844-BCF6-1CC84E0375DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FF7FAD0-B6B8-45D7-AC81-F6A3B949CE3B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{253E7937-EA4B-4354-A535-EE2D7CC157EF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{28565EA2-C123-4536-8846-27736CB4296B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{31986A83-2792-4620-82FB-9BEB3A0A01C8}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{3488B91C-202C-4B3B-838A-A7050C53C5BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39BBC40D-D6BE-48D7-9737-B60B489C330B}" = protocol=58 | dir=out | [email protected],-28546 |
"{39C69DE0-6934-42BE-B7F7-2C7A210B5022}" = protocol=58 | dir=in | [email protected],-148 |
"{3F7C576D-6C7B-48DF-B24B-EF6A55D87BD7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{44A3A22F-4241-4B1A-A2B4-53CF8D841E28}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{47C84B6A-4E0F-4A49-B86F-1F0E57159F01}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{4EDE2878-A3C6-491A-AD77-1B8D38AD0AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5067B020-F651-4B7E-9AEF-5AFA391AFE69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5220DD65-A609-41F0-9DF5-93450BF274CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{580DA2CB-2D07-482E-9CFA-DACADAE01DD5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{602642E8-4003-4A54-8AE6-9EBE20D99322}" = protocol=17 | dir=in | app=c:\windows\system32\dlbacoms.exe |
"{6D3AA69D-7FE0-4996-87E6-BD402CD7E990}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{6DB6950A-B0B5-4B38-833F-76C73758ACE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{791EE51B-5913-4CC7-A1DB-C49E2B380376}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{7BC8E3BF-3952-49D0-8663-089001B49D29}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7C11FB97-EC66-4D91-BE53-07D31695E3E4}" = protocol=6 | dir=in | app=c:\windows\system32\dlbacoms.exe |
"{7EEBD452-F7CA-48D4-A922-B8EF5D258260}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7F0CA799-4065-4887-B833-F91797178C1E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{819E2414-BF4B-4D85-9AC4-2AC24F83AFCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8270C930-040D-4007-96EE-57830A5D9798}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89C470B0-AF51-4887-8698-1FEE536300E0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8A3ABAAF-5F8A-44C4-9644-A736107B0829}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{8C4F8FCC-7251-419A-8F20-DEB7BEBE34D4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{8D21F7D3-5272-47F1-B379-76229C619021}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{91D45143-2CC8-450C-A355-39AAB6D70CC6}" = protocol=58 | dir=in | [email protected],-28545 |
"{96F525BB-20E0-4E0B-9B9F-3F818CEB40EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9737B3B5-4845-4EF8-9A65-36BFA81334F1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9BF0A745-AC32-4983-BEEC-67FC376B2DA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A23F07EF-5E55-48BB-B74E-81849B1BDA34}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A6E2E284-A16E-4C83-80F0-B6E193BBFB88}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8903C80-4954-4508-A4FB-2F6413891DAD}" = protocol=1 | dir=in | [email protected],-28543 |
"{AB10E930-85A8-4582-BA64-53BC795C7F66}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE311099-B1B6-4D86-BE11-DA7A9C421A67}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AFE6D8A2-3C5F-4959-BF61-01B9E0C183AF}" = protocol=1 | dir=out | [email protected],-28544 |
"{B4699981-CA51-467C-9130-8D9AA8862A2D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B63E229F-B665-4F21-8D16-CC695C1472F3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF415F61-445B-4F6B-B1C2-0963498E7989}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BFA9C3D8-DE2D-4E73-969F-D0B3E45963A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C000DE34-ED12-46C7-BD63-08531088CF47}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C2954ACC-D708-4104-A682-4777A5FA5954}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C799A93B-0C31-4783-B7C1-B3FA2BFD9526}" = protocol=6 | dir=out | app=system |
"{CD8E9699-7344-4BD7-BC55-39773F8C7CAC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC18E32B-70B9-4E01-8F32-00AACA519385}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{DCE20195-0417-4971-861F-5960294CB736}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DE6DE0A4-1BFF-448D-8BA5-C9B8F964F879}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DEBA64F8-A666-4C45-B186-DE48CB227891}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E24FC0D2-9730-49E0-AB10-25F277F0D083}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E71954C3-99AF-4991-B833-12BCC0ED581D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E9E2F792-2258-47B8-9429-2BF00B02F87A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{EBA02DB5-2BCF-43E7-AB6A-A08FA1EDB998}" = dir=in | app=c:\users\louis\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{139EB480-6E06-47EE-A2FD-0E099FD4D1AA}C:\users\louis\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\louis\appdata\local\akamai\netsession_win.exe |
"TCP Query User{36A5AC1C-0959-4172-92D4-D795B3435C83}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{45610A0C-F169-45C3-80C1-9C8A74DB7721}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{BA447738-ABAD-465F-BFD8-E077D0019D91}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{FD504A4F-C2AA-45B3-80E2-B58620C813E3}C:\users\louis\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\louis\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2100FABF-62D8-4D88-8973-6D219630206E}C:\users\louis\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\louis\appdata\local\akamai\netsession_win.exe |
"UDP Query User{688741E5-93F5-4FE2-9BD6-1575B6310B6C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{7599A282-B07E-4286-BB6F-FE29214BD015}C:\users\louis\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\louis\appdata\roaming\spotify\spotify.exe |
"UDP Query User{D535B5F2-753C-494F-906B-ABFB4929C8C1}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{DCAF2705-9D13-41A5-80A0-E73F3B53FC69}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F7861E5-3B24-33CA-AECF-B5477194CEEB}" = Windows Phone Emulator x64 - ENU
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416011FF}" = Java™ 6 Update 11 (64-bit)
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 263.09
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 263.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 263.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}" = Express Gate
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4925C0C2-E4E2-456B-9791-0F228BDDC428}" = Facebook Messenger 2.1.4570.0
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DFA6DA8-75D8-4F2B-A1A0-A5E7A3B779C8}" = ASUS Virtual Camera
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{C3B6103A-C76F-45CF-898E-22E74BD33CFF}" = Direct Console 2.0
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Blend_4.0.20901.0" = Microsoft Expression Blend 4
"CleanUp!" = CleanUp!
"Digital Editions" = Adobe Digital Editions
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"Google Chrome Frame" = Google Chrome Frame
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"Mozilla Firefox 4.0b12 (x86 en-US)" = Mozilla Firefox 4.0b12 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MWSnap 3" = MWSnap 3
"N360" = Norton Security Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Rosetta Stone 2.1.5.1A" = Rosetta Stone 2.1.5.1A
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 410" = Portal: First Slice
"Steam App 500" = Left 4 Dead
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 0.9.9
"World of Warcraft" = World of Warcraft
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2012 11:50:44 PM | Computer Name = Louis-PC | Source = Perflib | ID = 1023
Description =

Error - 7/18/2012 11:50:44 PM | Computer Name = Louis-PC | Source = Perflib | ID = 1023
Description =

Error - 7/18/2012 11:59:52 PM | Computer Name = Louis-PC | Source = VSS | ID = 8194
Description =

Error - 7/19/2012 12:14:44 AM | Computer Name = Louis-PC | Source = Perflib | ID = 1023
Description =

Error - 7/19/2012 12:14:44 AM | Computer Name = Louis-PC | Source = Perflib | ID = 1023
Description =

Error - 7/19/2012 10:47:31 AM | Computer Name = Louis-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/19/2012 10:49:49 AM | Computer Name = Louis-PC | Source = Perflib | ID = 1008
Description =

Error - 7/19/2012 1:38:39 PM | Computer Name = Louis-PC | Source = Perflib | ID = 1008
Description =

Error - 7/21/2012 5:27:15 PM | Computer Name = Louis-PC | Source = VSS | ID = 8194
Description =

Error - 7/21/2012 7:02:58 PM | Computer Name = Louis-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.54.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 86c Start Time: 01cd679486a78a40 Termination Time: 4

[ System Events ]
Error - 7/22/2012 7:25:45 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/22/2012 7:33:25 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/22/2012 7:58:10 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/22/2012 8:16:11 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/22/2012 9:01:44 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/22/2012 9:14:47 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/22/2012 9:21:40 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/22/2012 9:48:02 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/22/2012 10:00:56 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 7/22/2012 10:04:27 PM | Computer Name = Louis-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >
  • 0

#6
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\SearchScopes\{4007C90C-C3FA-4C85-BCA4-4D62590327E0}: "URL" = http://www.mysearchr...q={searchTerms}
    IE - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    [2010/05/15 17:17:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\ra2olz9p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/08/09 21:27:58 | 000,002,468 | ---- | M] () -- C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\ra2olz9p.default\searchplugins\safesearch.xml
    [1634/11/13 15:46:30 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\LOUIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RA2OLZ9P.DEFAULT\EXTENSIONS\[email protected]
    [2012/02/23 09:30:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {9194649F-7143-4308-90C1-D6A35B0E354E} - No CLSID value found.
    O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
    O3 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKU\S-1-5-21-3161089060-3693300038-2069457290-1000..\RunOnce: [JavaInstallRetry] C:\Users\Louis\AppData\LocalLow\Sun\Java\JRERunOnce.exe (Oracle Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    [2012/06/15 12:37:51 | 000,000,000 | ---D | M] -- C:\Users\Louis\AppData\Roaming\Babylon
    
    
    :files
    ipconfig /flushdns /c
    
    
    :reg
    
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • Get the report by selecting Reports

    Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 3.

Please post:

OTL fix log
TDSSKiller log


Also it looks like you ran ComboFix, please post the log it is usually at C:\ComboFix

Also give me an update
  • 0

#7
thillman

thillman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I ran OTL as instructed. It said (Not Responding) for a few minutes, but I let it be. After that, it automatically rebooted my computer and the log file is below.

I ran TDSSKiller as instructed. It found 3 suspicious objects only. Log is below.

Couldn't find the Combofix log (not in C:\, not on desktop). Should I run Combofix again?

***************************************************************************************************************************************************

OTL - 07222012_230325

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012/07/22 23:03:57 | 000,000,098 | ---- | M] () C:\Windows\System32\drivers\etc\Hosts : MD5=F9C056369E96130CEAD3623A430D925F

Registry entries deleted on Reboot...

*****************************************************************************************************************************************************


23:24:31.0650 0616 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
23:24:32.0085 0616 ============================================================
23:24:32.0085 0616 Current date / time: 2012/07/22 23:24:32.0085
23:24:32.0085 0616 SystemInfo:
23:24:32.0085 0616
23:24:32.0085 0616 OS Version: 6.0.6002 ServicePack: 2.0
23:24:32.0085 0616 Product type: Workstation
23:24:32.0085 0616 ComputerName: LOUIS-PC
23:24:32.0085 0616 UserName: Louis
23:24:32.0085 0616 Windows directory: C:\Windows
23:24:32.0085 0616 System windows directory: C:\Windows
23:24:32.0085 0616 Running under WOW64
23:24:32.0085 0616 Processor architecture: Intel x64
23:24:32.0085 0616 Number of processors: 2
23:24:32.0085 0616 Page size: 0x1000
23:24:32.0085 0616 Boot type: Normal boot
23:24:32.0085 0616 ============================================================
23:24:33.0069 0616 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x3632C9, SectorsPerTrack: 0x2C, TracksPerCylinder: 0x4, Type 'K0', Flags 0x00000040
23:24:33.0080 0616 ============================================================
23:24:33.0080 0616 \Device\Harddisk0\DR0:
23:24:33.0081 0616 MBR partitions:
23:24:33.0081 0616 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x157ACFA, BlocksNum 0x12A14C00
23:24:33.0096 0616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x13F8F9CC, BlocksNum 0x1149F064
23:24:33.0096 0616 ============================================================
23:24:33.0132 0616 C: <-> \Device\Harddisk0\DR0\Partition0
23:24:33.0165 0616 D: <-> \Device\Harddisk0\DR0\Partition1
23:24:33.0165 0616 ============================================================
23:24:33.0165 0616 Initialize success
23:24:33.0165 0616 ============================================================
23:24:36.0926 5264 ============================================================
23:24:36.0926 5264 Scan started
23:24:36.0926 5264 Mode: Manual;
23:24:36.0927 5264 ============================================================
23:24:38.0310 5264 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:24:38.0382 5264 ACPI - ok
23:24:38.0649 5264 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:24:38.0658 5264 AdobeFlashPlayerUpdateSvc - ok
23:24:38.0757 5264 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:24:38.0784 5264 adp94xx - ok
23:24:38.0841 5264 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:24:38.0864 5264 adpahci - ok
23:24:38.0893 5264 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:24:38.0914 5264 adpu160m - ok
23:24:38.0944 5264 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:24:38.0957 5264 adpu320 - ok
23:24:39.0024 5264 ADSMService (609a6f49b6af0f25837f8a0edddb0745) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
23:24:39.0058 5264 ADSMService - ok
23:24:39.0078 5264 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
23:24:39.0086 5264 AeLookupSvc - ok
23:24:39.0218 5264 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
23:24:39.0234 5264 AFD - ok
23:24:39.0269 5264 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:24:39.0285 5264 agp440 - ok
23:24:39.0315 5264 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:24:39.0329 5264 aic78xx - ok
23:24:39.0353 5264 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
23:24:39.0360 5264 ALG - ok
23:24:39.0394 5264 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
23:24:39.0398 5264 aliide - ok
23:24:39.0423 5264 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
23:24:39.0430 5264 amdide - ok
23:24:39.0452 5264 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
23:24:39.0467 5264 AmdK8 - ok
23:24:39.0507 5264 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
23:24:39.0514 5264 Appinfo - ok
23:24:39.0621 5264 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:24:39.0627 5264 Apple Mobile Device - ok
23:24:39.0663 5264 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:24:39.0678 5264 arc - ok
23:24:39.0708 5264 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:24:39.0721 5264 arcsas - ok
23:24:39.0760 5264 AsDsm (7c00a16745957b42ae47b8a47e33a2c3) C:\Windows\system32\drivers\AsDsm.sys
23:24:39.0785 5264 AsDsm - ok
23:24:39.0847 5264 ASLDRService (eb1807795cd3eeaa3288b4a30de254e8) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
23:24:39.0852 5264 ASLDRService - ok
23:24:39.0872 5264 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
23:24:39.0880 5264 ASMMAP64 - ok
23:24:39.0984 5264 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:24:39.0996 5264 aspnet_state - ok
23:24:40.0032 5264 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:24:40.0039 5264 AsyncMac - ok
23:24:40.0050 5264 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
23:24:40.0055 5264 atapi - ok
23:24:40.0076 5264 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
23:24:40.0099 5264 ATKGFNEXSrv - ok
23:24:40.0176 5264 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:24:40.0216 5264 AudioEndpointBuilder - ok
23:24:40.0223 5264 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:24:40.0233 5264 AudioSrv - ok
23:24:40.0302 5264 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
23:24:40.0333 5264 BFE - ok
23:24:40.0517 5264 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
23:24:40.0548 5264 BHDrvx64 - ok
23:24:40.0687 5264 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
23:24:40.0870 5264 BITS - ok
23:24:40.0904 5264 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:24:40.0907 5264 blbdrive - ok
23:24:40.0991 5264 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:24:41.0006 5264 Bonjour Service - ok
23:24:41.0036 5264 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:24:41.0051 5264 bowser - ok
23:24:41.0093 5264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:24:41.0100 5264 BrFiltLo - ok
23:24:41.0170 5264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:24:41.0176 5264 BrFiltUp - ok
23:24:41.0223 5264 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
23:24:41.0236 5264 Browser - ok
23:24:41.0272 5264 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:24:41.0286 5264 Brserid - ok
23:24:41.0312 5264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:24:41.0316 5264 BrSerWdm - ok
23:24:41.0334 5264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:24:41.0338 5264 BrUsbMdm - ok
23:24:41.0352 5264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:24:41.0356 5264 BrUsbSer - ok
23:24:41.0392 5264 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
23:24:41.0400 5264 BthEnum - ok
23:24:41.0459 5264 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:24:41.0474 5264 BTHMODEM - ok
23:24:41.0493 5264 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
23:24:41.0508 5264 BthPan - ok
23:24:41.0537 5264 BTHPORT (422d812e231ec3a25f43a881061be5a0) C:\Windows\system32\Drivers\BTHport.sys
23:24:41.0556 5264 BTHPORT - ok
23:24:41.0559 5264 Scan interrupted by user!
23:24:41.0559 5264 Scan interrupted by user!
23:24:41.0559 5264 Scan interrupted by user!
23:24:41.0559 5264 ============================================================
23:24:41.0559 5264 Scan finished
23:24:41.0559 5264 ============================================================
23:24:41.0569 4604 Detected object count: 0
23:24:41.0569 4604 Actual detected object count: 0
23:24:49.0762 4524 ============================================================
23:24:49.0762 4524 Scan started
23:24:49.0762 4524 Mode: Manual; SigCheck; TDLFS;
23:24:49.0762 4524 ============================================================
23:24:49.0975 4524 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:24:50.0139 4524 ACPI - ok
23:24:50.0233 4524 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:24:50.0250 4524 AdobeFlashPlayerUpdateSvc - ok
23:24:50.0295 4524 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:24:50.0342 4524 adp94xx - ok
23:24:50.0437 4524 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:24:50.0488 4524 adpahci - ok
23:24:50.0562 4524 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:24:50.0580 4524 adpu160m - ok
23:24:50.0606 4524 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:24:50.0624 4524 adpu320 - ok
23:24:50.0662 4524 ADSMService (609a6f49b6af0f25837f8a0edddb0745) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
23:24:50.0672 4524 ADSMService ( UnsignedFile.Multi.Generic ) - warning
23:24:50.0672 4524 ADSMService - detected UnsignedFile.Multi.Generic (1)
23:24:50.0691 4524 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
23:24:50.0831 4524 AeLookupSvc - ok
23:24:50.0880 4524 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
23:24:50.0935 4524 AFD - ok
23:24:50.0966 4524 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:24:50.0982 4524 agp440 - ok
23:24:51.0002 4524 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:24:51.0021 4524 aic78xx - ok
23:24:51.0041 4524 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
23:24:51.0228 4524 ALG - ok
23:24:51.0248 4524 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
23:24:51.0264 4524 aliide - ok
23:24:51.0277 4524 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
23:24:51.0293 4524 amdide - ok
23:24:51.0306 4524 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
23:24:51.0346 4524 AmdK8 - ok
23:24:51.0361 4524 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
23:24:51.0392 4524 Appinfo - ok
23:24:51.0569 4524 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:24:51.0585 4524 Apple Mobile Device - ok
23:24:51.0650 4524 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:24:51.0673 4524 arc - ok
23:24:51.0695 4524 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:24:51.0718 4524 arcsas - ok
23:24:51.0748 4524 AsDsm (7c00a16745957b42ae47b8a47e33a2c3) C:\Windows\system32\drivers\AsDsm.sys
23:24:51.0776 4524 AsDsm - ok
23:24:51.0818 4524 ASLDRService (eb1807795cd3eeaa3288b4a30de254e8) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
23:24:51.0833 4524 ASLDRService - ok
23:24:51.0852 4524 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
23:24:51.0864 4524 ASMMAP64 - ok
23:24:51.0930 4524 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:24:51.0946 4524 aspnet_state - ok
23:24:52.0019 4524 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:24:52.0069 4524 AsyncMac - ok
23:24:52.0147 4524 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
23:24:52.0171 4524 atapi - ok
23:24:52.0182 4524 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
23:24:52.0193 4524 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
23:24:52.0193 4524 ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
23:24:52.0231 4524 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:24:52.0284 4524 AudioEndpointBuilder - ok
23:24:52.0291 4524 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
23:24:52.0339 4524 AudioSrv - ok
23:24:52.0379 4524 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
23:24:52.0434 4524 BFE - ok
23:24:52.0735 4524 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
23:24:52.0785 4524 BHDrvx64 - ok
23:24:52.0917 4524 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
23:24:53.0169 4524 BITS - ok
23:24:53.0225 4524 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:24:53.0263 4524 blbdrive - ok
23:24:53.0329 4524 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:24:53.0370 4524 Bonjour Service - ok
23:24:53.0415 4524 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:24:53.0443 4524 bowser - ok
23:24:53.0456 4524 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:24:53.0486 4524 BrFiltLo - ok
23:24:53.0503 4524 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:24:53.0533 4524 BrFiltUp - ok
23:24:53.0649 4524 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
23:24:53.0694 4524 Browser - ok
23:24:53.0726 4524 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:24:53.0865 4524 Brserid - ok
23:24:53.0883 4524 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:24:53.0937 4524 BrSerWdm - ok
23:24:53.0947 4524 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:24:54.0001 4524 BrUsbMdm - ok
23:24:54.0015 4524 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:24:54.0069 4524 BrUsbSer - ok
23:24:54.0079 4524 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
23:24:54.0105 4524 BthEnum - ok
23:24:54.0121 4524 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:24:54.0175 4524 BTHMODEM - ok
23:24:54.0197 4524 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
23:24:54.0235 4524 BthPan - ok
23:24:54.0256 4524 BTHPORT (422d812e231ec3a25f43a881061be5a0) C:\Windows\system32\Drivers\BTHport.sys
23:24:54.0300 4524 BTHPORT - ok
23:24:54.0326 4524 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
23:24:54.0365 4524 BthServ - ok
23:24:54.0380 4524 BTHUSB (1c24adb844a910daa2e2732e83a8f3d4) C:\Windows\system32\Drivers\BTHUSB.sys
23:24:54.0423 4524 BTHUSB - ok
23:24:54.0464 4524 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
23:24:54.0487 4524 BVRPMPR5a64 - ok
23:24:54.0505 4524 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:24:54.0557 4524 cdfs - ok
23:24:54.0633 4524 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:24:54.0670 4524 cdrom - ok
23:24:54.0754 4524 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:24:54.0793 4524 CertPropSvc - ok
23:24:54.0824 4524 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
23:24:54.0878 4524 circlass - ok
23:24:54.0907 4524 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:24:54.0952 4524 CLFS - ok
23:24:55.0043 4524 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:24:55.0185 4524 clr_optimization_v2.0.50727_32 - ok
23:24:55.0304 4524 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:24:55.0449 4524 clr_optimization_v2.0.50727_64 - ok
23:24:55.0532 4524 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:24:55.0629 4524 clr_optimization_v4.0.30319_32 - ok
23:24:55.0674 4524 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:24:55.0729 4524 clr_optimization_v4.0.30319_64 - ok
23:24:55.0766 4524 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
23:24:55.0809 4524 CmBatt - ok
23:24:55.0827 4524 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
23:24:55.0844 4524 cmdide - ok
23:24:55.0856 4524 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
23:24:55.0878 4524 Compbatt - ok
23:24:55.0881 4524 COMSysApp - ok
23:24:55.0887 4524 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
23:24:55.0906 4524 crcdisk - ok
23:24:55.0957 4524 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
23:24:56.0014 4524 CryptSvc - ok
23:24:56.0082 4524 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:24:56.0235 4524 DcomLaunch - ok
23:24:56.0281 4524 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:24:56.0325 4524 DfsC - ok
23:24:56.0496 4524 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
23:24:56.0712 4524 DFSR - ok
23:24:56.0906 4524 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
23:24:56.0982 4524 Dhcp - ok
23:24:57.0016 4524 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:24:57.0052 4524 disk - ok
23:24:57.0088 4524 dlba_device - ok
23:24:57.0174 4524 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
23:24:57.0251 4524 Dnscache - ok
23:24:57.0280 4524 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
23:24:57.0364 4524 dot3svc - ok
23:24:57.0419 4524 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
23:24:57.0558 4524 DPS - ok
23:24:57.0595 4524 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:24:57.0642 4524 drmkaud - ok
23:24:57.0700 4524 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
23:24:57.0766 4524 DXGKrnl - ok
23:24:57.0805 4524 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:24:57.0865 4524 E1G60 - ok
23:24:57.0899 4524 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
23:24:57.0985 4524 EapHost - ok
23:24:58.0024 4524 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:24:58.0059 4524 Ecache - ok
23:24:58.0181 4524 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
23:24:58.0241 4524 eeCtrl - ok
23:24:58.0306 4524 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
23:24:58.0388 4524 ehRecvr - ok
23:24:58.0408 4524 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
23:24:58.0443 4524 ehSched - ok
23:24:58.0522 4524 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
23:24:58.0555 4524 ehstart - ok
23:24:58.0601 4524 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
23:24:58.0664 4524 elxstor - ok
23:24:58.0737 4524 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
23:24:58.0928 4524 EMDMgmt - ok
23:24:59.0069 4524 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:24:59.0095 4524 EraserUtilRebootDrv - ok
23:24:59.0132 4524 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
23:24:59.0172 4524 ErrDev - ok
23:24:59.0208 4524 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
23:24:59.0283 4524 EventSystem - ok
23:24:59.0316 4524 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:24:59.0355 4524 exfat - ok
23:24:59.0385 4524 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:24:59.0425 4524 fastfat - ok
23:24:59.0439 4524 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
23:24:59.0481 4524 fdc - ok
23:24:59.0525 4524 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
23:24:59.0598 4524 fdPHost - ok
23:24:59.0610 4524 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
23:24:59.0696 4524 FDResPub - ok
23:24:59.0709 4524 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:24:59.0739 4524 FileInfo - ok
23:24:59.0755 4524 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:24:59.0798 4524 Filetrace - ok
23:24:59.0808 4524 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:24:59.0852 4524 flpydisk - ok
23:24:59.0882 4524 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:24:59.0960 4524 FltMgr - ok
23:25:00.0180 4524 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
23:25:00.0381 4524 FontCache - ok
23:25:00.0421 4524 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:25:00.0453 4524 FontCache3.0.0.0 - ok
23:25:00.0536 4524 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
23:25:00.0596 4524 Fs_Rec - ok
23:25:00.0617 4524 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
23:25:00.0651 4524 gagp30kx - ok
23:25:00.0697 4524 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:25:00.0735 4524 GEARAspiWDM - ok
23:25:00.0805 4524 ghaio (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
23:25:00.0824 4524 ghaio - ok
23:25:00.0871 4524 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
23:25:00.0951 4524 gpsvc - ok
23:25:01.0046 4524 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:25:01.0072 4524 gupdate - ok
23:25:01.0097 4524 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:25:01.0111 4524 gupdatem - ok
23:25:01.0166 4524 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:25:01.0186 4524 gusvc - ok
23:25:01.0276 4524 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
23:25:01.0368 4524 HdAudAddService - ok
23:25:01.0433 4524 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:25:01.0527 4524 HDAudBus - ok
23:25:01.0560 4524 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
23:25:01.0641 4524 HidBth - ok
23:25:01.0659 4524 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
23:25:01.0712 4524 HidIr - ok
23:25:01.0731 4524 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
23:25:01.0827 4524 hidserv - ok
23:25:01.0836 4524 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
23:25:01.0890 4524 HidUsb - ok
23:25:01.0912 4524 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
23:25:02.0010 4524 hkmsvc - ok
23:25:02.0055 4524 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
23:25:02.0084 4524 HpCISSs - ok
23:25:02.0147 4524 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:25:02.0270 4524 HTTP - ok
23:25:02.0296 4524 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
23:25:02.0326 4524 i2omp - ok
23:25:02.0357 4524 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:25:02.0400 4524 i8042prt - ok
23:25:02.0473 4524 iaStor (07fb761600eff44af02c35b8b57e5863) C:\Windows\system32\DRIVERS\iaStor.sys
23:25:02.0498 4524 iaStor - ok
23:25:02.0534 4524 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
23:25:02.0594 4524 iaStorV - ok
23:25:02.0690 4524 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:25:02.0823 4524 idsvc - ok
23:25:02.0969 4524 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120720.001\IDSvia64.sys
23:25:03.0106 4524 IDSVia64 - ok
23:25:03.0338 4524 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:25:03.0367 4524 iirsp - ok
23:25:03.0469 4524 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
23:25:03.0563 4524 IKEEXT - ok
23:25:03.0673 4524 IntcAzAudAddService (29c63bc0fbe776cde25c8293fb1e0f91) C:\Windows\system32\drivers\RTKVHD64.sys
23:25:03.0800 4524 IntcAzAudAddService - ok
23:25:03.0956 4524 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
23:25:03.0985 4524 intelide - ok
23:25:03.0997 4524 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:25:04.0039 4524 intelppm - ok
23:25:04.0068 4524 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
23:25:04.0152 4524 IPBusEnum - ok
23:25:04.0334 4524 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:04.0391 4524 IpFilterDriver - ok
23:25:04.0430 4524 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
23:25:04.0547 4524 iphlpsvc - ok
23:25:04.0550 4524 IpInIp - ok
23:25:04.0568 4524 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
23:25:04.0619 4524 IPMIDRV - ok
23:25:04.0635 4524 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:25:04.0685 4524 IPNAT - ok
23:25:04.0781 4524 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
23:25:04.0855 4524 iPod Service - ok
23:25:04.0885 4524 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:25:04.0941 4524 IRENUM - ok
23:25:04.0991 4524 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
23:25:05.0018 4524 isapnp - ok
23:25:05.0070 4524 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
23:25:05.0106 4524 iScsiPrt - ok
23:25:05.0120 4524 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:25:05.0148 4524 iteatapi - ok
23:25:05.0183 4524 itecir (5fef11c18ec25cdcb27e6c8680690b69) C:\Windows\system32\DRIVERS\itecir.sys
23:25:05.0220 4524 itecir - ok
23:25:05.0266 4524 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:25:05.0287 4524 iteraid - ok
23:25:05.0379 4524 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:25:05.0400 4524 kbdclass - ok
23:25:05.0429 4524 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
23:25:05.0477 4524 kbdhid - ok
23:25:05.0529 4524 kbfiltr (4c9b832435061634dfbeb980ad67bfff) C:\Windows\system32\DRIVERS\kbfiltr.sys
23:25:05.0548 4524 kbfiltr - ok
23:25:05.0578 4524 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:25:05.0712 4524 KeyIso - ok
23:25:05.0752 4524 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
23:25:05.0812 4524 KSecDD - ok
23:25:05.0870 4524 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:25:05.0922 4524 ksthunk - ok
23:25:05.0982 4524 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
23:25:06.0119 4524 KtmRm - ok
23:25:06.0203 4524 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
23:25:06.0362 4524 LanmanServer - ok
23:25:06.0388 4524 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
23:25:06.0581 4524 LanmanWorkstation - ok
23:25:06.0656 4524 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:25:06.0677 4524 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:25:06.0677 4524 LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:25:06.0692 4524 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:25:06.0749 4524 lltdio - ok
23:25:06.0785 4524 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
23:25:06.0914 4524 lltdsvc - ok
23:25:06.0931 4524 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
23:25:07.0024 4524 lmhosts - ok
23:25:07.0063 4524 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
23:25:07.0093 4524 LSI_FC - ok
23:25:07.0141 4524 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
23:25:07.0163 4524 LSI_SAS - ok
23:25:07.0228 4524 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
23:25:07.0287 4524 LSI_SCSI - ok
23:25:07.0319 4524 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:25:07.0379 4524 luafv - ok
23:25:07.0453 4524 lullaby (5fbb81e1ba7d07301787a489962f4b9e) C:\Windows\system32\DRIVERS\lullaby.sys
23:25:07.0490 4524 lullaby - ok
23:25:07.0530 4524 lvupdtio - ok
23:25:07.0603 4524 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
23:25:07.0711 4524 Mcx2Svc - ok
23:25:07.0752 4524 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
23:25:07.0786 4524 megasas - ok
23:25:07.0896 4524 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
23:25:07.0945 4524 MegaSR - ok
23:25:07.0981 4524 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:25:08.0120 4524 MMCSS - ok
23:25:08.0161 4524 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:25:08.0205 4524 Modem - ok
23:25:08.0213 4524 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:25:08.0256 4524 monitor - ok
23:25:08.0333 4524 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:25:08.0358 4524 mouclass - ok
23:25:08.0390 4524 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:25:08.0439 4524 mouhid - ok
23:25:08.0474 4524 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:25:08.0497 4524 MountMgr - ok
23:25:08.0620 4524 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:25:08.0639 4524 MozillaMaintenance - ok
23:25:08.0678 4524 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
23:25:08.0706 4524 mpio - ok
23:25:08.0720 4524 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:25:08.0763 4524 mpsdrv - ok
23:25:08.0801 4524 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
23:25:08.0936 4524 MpsSvc - ok
23:25:08.0962 4524 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:25:08.0990 4524 Mraid35x - ok
23:25:09.0015 4524 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:25:09.0043 4524 MRxDAV - ok
23:25:09.0082 4524 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:09.0121 4524 mrxsmb - ok
23:25:09.0159 4524 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:09.0198 4524 mrxsmb10 - ok
23:25:09.0210 4524 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:09.0236 4524 mrxsmb20 - ok
23:25:09.0274 4524 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
23:25:09.0305 4524 msahci - ok
23:25:09.0325 4524 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
23:25:09.0349 4524 msdsm - ok
23:25:09.0437 4524 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
23:25:09.0543 4524 MSDTC - ok
23:25:09.0581 4524 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:25:09.0632 4524 Msfs - ok
23:25:09.0688 4524 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:25:09.0712 4524 msisadrv - ok
23:25:09.0794 4524 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
23:25:09.0878 4524 MSiSCSI - ok
23:25:09.0881 4524 msiserver - ok
23:25:09.0897 4524 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:25:09.0942 4524 MSKSSRV - ok
23:25:09.0981 4524 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:10.0027 4524 MSPCLOCK - ok
23:25:10.0042 4524 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:25:10.0102 4524 MSPQM - ok
23:25:10.0158 4524 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:25:10.0207 4524 MsRPC - ok
23:25:10.0220 4524 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:25:10.0243 4524 mssmbios - ok
23:25:10.0312 4524 MSSQL$MSSMLBIZ - ok
23:25:10.0366 4524 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
23:25:10.0398 4524 MSSQLServerADHelper - ok
23:25:10.0422 4524 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:25:10.0483 4524 MSTEE - ok
23:25:10.0545 4524 MTsensor (a523d9f6aeb152c4480d754df7fa9f7f) C:\Windows\system32\DRIVERS\ATK64AMD.sys
23:25:10.0586 4524 MTsensor - ok
23:25:10.0604 4524 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:25:10.0638 4524 Mup - ok
23:25:10.0862 4524 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
23:25:10.0913 4524 N360 - ok
23:25:10.0982 4524 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
23:25:11.0179 4524 napagent - ok
23:25:11.0220 4524 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:25:11.0260 4524 NativeWifiP - ok
23:25:11.0409 4524 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120722.006\ENG64.SYS
23:25:11.0439 4524 NAVENG - ok
23:25:11.0647 4524 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120722.006\EX64.SYS
23:25:11.0911 4524 NAVEX15 - ok
23:25:12.0094 4524 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:25:12.0159 4524 NDIS - ok
23:25:12.0210 4524 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:12.0264 4524 NdisTapi - ok
23:25:12.0277 4524 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:12.0343 4524 Ndisuio - ok
23:25:12.0369 4524 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:12.0428 4524 NdisWan - ok
23:25:12.0442 4524 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:25:12.0504 4524 NDProxy - ok
23:25:12.0523 4524 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:25:12.0589 4524 NetBIOS - ok
23:25:12.0629 4524 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:25:12.0687 4524 netbt - ok
23:25:12.0701 4524 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:25:12.0808 4524 Netlogon - ok
23:25:12.0930 4524 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
23:25:13.0071 4524 Netman - ok
23:25:13.0172 4524 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:13.0207 4524 NetMsmqActivator - ok
23:25:13.0211 4524 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:13.0237 4524 NetPipeActivator - ok
23:25:13.0269 4524 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
23:25:13.0393 4524 netprofm - ok
23:25:13.0396 4524 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:13.0422 4524 NetTcpActivator - ok
23:25:13.0426 4524 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:25:13.0451 4524 NetTcpPortSharing - ok
23:25:13.0687 4524 NETw5v64 (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
23:25:13.0916 4524 NETw5v64 - ok
23:25:14.0146 4524 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:25:14.0213 4524 nfrd960 - ok
23:25:14.0239 4524 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
23:25:14.0359 4524 NlaSvc - ok
23:25:14.0378 4524 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:25:14.0463 4524 Npfs - ok
23:25:14.0471 4524 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
23:25:14.0590 4524 nsi - ok
23:25:14.0615 4524 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:25:14.0661 4524 nsiproxy - ok
23:25:14.0738 4524 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:25:14.0833 4524 Ntfs - ok
23:25:15.0049 4524 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:25:15.0133 4524 Null - ok
23:25:15.0233 4524 NVHDA (ed9380f201c8126425c09bed96dbe1e5) C:\Windows\system32\drivers\nvhda64v.sys
23:25:15.0271 4524 NVHDA - ok
23:25:15.0887 4524 nvlddmkm (eaa658634e9011e60af7d008ff5c30ee) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:25:16.0426 4524 nvlddmkm - ok
23:25:16.0575 4524 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
23:25:16.0606 4524 nvraid - ok
23:25:16.0619 4524 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
23:25:16.0653 4524 nvstor - ok
23:25:16.0706 4524 nvsvc (d4d466ec342b8dcaba91ee67f336361c) C:\Windows\system32\nvvsvc.exe
23:25:16.0870 4524 nvsvc - ok
23:25:16.0912 4524 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
23:25:16.0941 4524 nv_agp - ok
23:25:16.0944 4524 NwlnkFlt - ok
23:25:16.0949 4524 NwlnkFwd - ok
23:25:16.0994 4524 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
23:25:17.0036 4524 ohci1394 - ok
23:25:17.0085 4524 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:25:17.0111 4524 ose - ok
23:25:17.0245 4524 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:25:17.0603 4524 p2pimsvc - ok
23:25:17.0612 4524 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:25:17.0732 4524 p2psvc - ok
23:25:17.0782 4524 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:25:17.0848 4524 Parport - ok
23:25:17.0879 4524 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
23:25:17.0910 4524 partmgr - ok
23:25:17.0932 4524 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
23:25:18.0055 4524 PcaSvc - ok
23:25:18.0088 4524 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:25:18.0124 4524 pci - ok
23:25:18.0137 4524 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
23:25:18.0166 4524 pciide - ok
23:25:18.0189 4524 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:25:18.0225 4524 pcmcia - ok
23:25:18.0270 4524 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
23:25:18.0310 4524 pcouffin - ok
23:25:18.0366 4524 PCTCore (aea68392399a11a8c4f9db0fa47dc0dd) C:\Windows\system32\drivers\PCTCore64.sys
23:25:18.0393 4524 PCTCore - ok
23:25:18.0429 4524 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:25:18.0587 4524 PEAUTH - ok
23:25:18.0708 4524 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
23:25:18.0877 4524 PerfHost - ok
23:25:18.0953 4524 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
23:25:19.0110 4524 pla - ok
23:25:19.0151 4524 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
23:25:19.0306 4524 PlugPlay - ok
23:25:19.0359 4524 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:25:19.0478 4524 PNRPAutoReg - ok
23:25:19.0485 4524 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
23:25:19.0637 4524 PNRPsvc - ok
23:25:19.0710 4524 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
23:25:19.0843 4524 PolicyAgent - ok
23:25:19.0993 4524 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:25:20.0035 4524 PptpMiniport - ok
23:25:20.0089 4524 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
23:25:20.0189 4524 Processor - ok
23:25:20.0229 4524 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
23:25:20.0435 4524 ProfSvc - ok
23:25:20.0475 4524 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:25:20.0551 4524 ProtectedStorage - ok
23:25:20.0592 4524 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:25:20.0637 4524 PSched - ok
23:25:20.0759 4524 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
23:25:20.0841 4524 ql2300 - ok
23:25:20.0863 4524 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:25:20.0904 4524 ql40xx - ok
23:25:20.0935 4524 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
23:25:21.0104 4524 QWAVE - ok
23:25:21.0115 4524 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:25:21.0162 4524 QWAVEdrv - ok
23:25:21.0207 4524 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
23:25:21.0518 4524 RapiMgr - ok
23:25:21.0544 4524 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:25:21.0651 4524 RasAcd - ok
23:25:21.0694 4524 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
23:25:21.0854 4524 RasAuto - ok
23:25:21.0874 4524 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:21.0925 4524 Rasl2tp - ok
23:25:21.0945 4524 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
23:25:22.0076 4524 RasMan - ok
23:25:22.0092 4524 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:22.0136 4524 RasPppoe - ok
23:25:22.0211 4524 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:25:22.0242 4524 RasSstp - ok
23:25:22.0273 4524 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:25:22.0320 4524 rdbss - ok
23:25:22.0339 4524 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:22.0391 4524 RDPCDD - ok
23:25:22.0419 4524 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
23:25:22.0476 4524 rdpdr - ok
23:25:22.0480 4524 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:25:22.0526 4524 RDPENCDD - ok
23:25:22.0568 4524 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
23:25:22.0614 4524 RDPWD - ok
23:25:22.0645 4524 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
23:25:22.0773 4524 RemoteAccess - ok
23:25:22.0822 4524 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
23:25:22.0955 4524 RemoteRegistry - ok
23:25:23.0006 4524 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
23:25:23.0057 4524 RFCOMM - ok
23:25:23.0079 4524 rimmptsk (4ccf35f5086cdbf5e6c51a1cfbd0b269) C:\Windows\system32\DRIVERS\rimmpx64.sys
23:25:23.0116 4524 rimmptsk - ok
23:25:23.0140 4524 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
23:25:23.0180 4524 rimsptsk - ok
23:25:23.0207 4524 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
23:25:23.0250 4524 rismxdp - ok
23:25:23.0263 4524 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
23:25:23.0360 4524 RpcLocator - ok
23:25:23.0409 4524 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
23:25:23.0545 4524 RpcSs - ok
23:25:23.0561 4524 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:25:23.0612 4524 rspndr - ok
23:25:23.0761 4524 RTL8169 (a2cbe070fba458357acef41c3f3906ca) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:25:23.0854 4524 RTL8169 - ok
23:25:23.0917 4524 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
23:25:24.0020 4524 SamSs - ok
23:25:24.0098 4524 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
23:25:24.0126 4524 sbp2port - ok
23:25:24.0156 4524 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
23:25:24.0297 4524 SCardSvr - ok
23:25:24.0354 4524 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
23:25:24.0523 4524 Schedule - ok
23:25:24.0554 4524 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
23:25:24.0592 4524 SCPolicySvc - ok
23:25:24.0663 4524 sdAuxService (41ec8c98808422f8d33c32056e966448) C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
23:25:24.0770 4524 sdAuxService - ok
23:25:24.0854 4524 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
23:25:24.0917 4524 sdbus - ok
23:25:24.0981 4524 sdCoreService (e4f354ba21b0638d1fc2d03f1fc82150) C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
23:25:25.0053 4524 sdCoreService - ok
23:25:25.0089 4524 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
23:25:25.0264 4524 SDRSVC - ok
23:25:25.0292 4524 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:25:25.0358 4524 secdrv - ok
23:25:25.0366 4524 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
23:25:25.0506 4524 seclogon - ok
23:25:25.0550 4524 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
23:25:25.0687 4524 SENS - ok
23:25:25.0704 4524 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
23:25:25.0772 4524 Serenum - ok
23:25:25.0791 4524 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
23:25:25.0865 4524 Serial - ok
23:25:25.0887 4524 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:25:25.0935 4524 sermouse - ok
23:25:25.0960 4524 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
23:25:26.0098 4524 SessionEnv - ok
23:25:26.0115 4524 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
23:25:26.0154 4524 sffdisk - ok
23:25:26.0171 4524 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
23:25:26.0223 4524 sffp_mmc - ok
23:25:26.0237 4524 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:25:26.0276 4524 sffp_sd - ok
23:25:26.0293 4524 sfloppy (40567781f0785c4a69411d1b40da8987) C:\Windows\system32\DRIVERS\sfloppy.sys
23:25:26.0345 4524 sfloppy - ok
23:25:26.0377 4524 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
23:25:26.0478 4524 SharedAccess - ok
23:25:26.0616 4524 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
23:25:26.0760 4524 ShellHWDetection - ok
23:25:26.0776 4524 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
23:25:26.0806 4524 SiSRaid2 - ok
23:25:26.0824 4524 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
23:25:26.0861 4524 SiSRaid4 - ok
23:25:26.0976 4524 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
23:25:27.0191 4524 slsvc - ok
23:25:27.0328 4524 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
23:25:27.0481 4524 SLUINotify - ok
23:25:27.0572 4524 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:25:27.0614 4524 Smb - ok
23:25:27.0645 4524 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
23:25:27.0769 4524 SNMPTRAP - ok
23:25:27.0873 4524 SNP2UVC (0f8d8fe3a4ce42b11e9dfc1bd72756f6) C:\Windows\system32\DRIVERS\snp2uvc.sys
23:25:27.0958 4524 SNP2UVC - ok
23:25:28.0026 4524 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:25:28.0056 4524 spldr - ok
23:25:28.0099 4524 spmgr (739db668dbd812285ecc553e64a5e212) C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
23:25:28.0126 4524 spmgr - ok
23:25:28.0160 4524 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
23:25:28.0312 4524 Spooler - ok
23:25:28.0399 4524 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
23:25:28.0423 4524 SQLBrowser - ok
23:25:28.0469 4524 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:25:28.0544 4524 SQLWriter - ok
23:25:28.0666 4524 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
23:25:28.0719 4524 SRTSP - ok
23:25:28.0749 4524 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
23:25:28.0772 4524 SRTSPX - ok
23:25:28.0821 4524 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:25:28.0895 4524 srv - ok
23:25:28.0930 4524 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:25:28.0983 4524 srv2 - ok
23:25:28.0999 4524 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:25:29.0043 4524 srvnet - ok
23:25:29.0068 4524 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
23:25:29.0242 4524 SSDPSRV - ok
23:25:29.0286 4524 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
23:25:29.0416 4524 SstpSvc - ok
23:25:29.0486 4524 Steam Client Service - ok
23:25:29.0607 4524 Stereo Service (30efe082e29c64bc4ecd5afd18b4a0c2) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:25:29.0759 4524 Stereo Service - ok
23:25:29.0824 4524 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
23:25:30.0037 4524 stisvc - ok
23:25:30.0127 4524 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:25:30.0155 4524 swenum - ok
23:25:30.0195 4524 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
23:25:30.0380 4524 swprv - ok
23:25:30.0414 4524 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:25:30.0443 4524 Symc8xx - ok
23:25:30.0546 4524 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
23:25:30.0579 4524 SymDS - ok
23:25:30.0638 4524 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
23:25:30.0727 4524 SymEFA - ok
23:25:30.0817 4524 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
23:25:30.0884 4524 SymEvent - ok
23:25:30.0945 4524 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
23:25:30.0980 4524 SymIM - ok
23:25:31.0018 4524 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
23:25:31.0042 4524 SymIRON - ok
23:25:31.0075 4524 SYMTDIv (61d06be74fa23ebb7d816e4468edd19e) C:\Windows\System32\Drivers\N360x64\0502020.003\SYMTDIV.SYS
23:25:31.0122 4524 SYMTDIv - ok
23:25:31.0223 4524 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:25:31.0292 4524 Sym_hi - ok
23:25:31.0314 4524 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:25:31.0355 4524 Sym_u3 - ok
23:25:31.0408 4524 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
23:25:31.0463 4524 SynTP - ok
23:25:31.0550 4524 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
23:25:31.0761 4524 SysMain - ok
23:25:31.0793 4524 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
23:25:31.0926 4524 TabletInputService - ok
23:25:31.0956 4524 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
23:25:32.0105 4524 TapiSrv - ok
23:25:32.0115 4524 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
23:25:32.0265 4524 TBS - ok
23:25:32.0358 4524 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
23:25:32.0473 4524 Tcpip - ok
23:25:32.0502 4524 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
23:25:32.0572 4524 Tcpip6 - ok
23:25:32.0623 4524 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
23:25:32.0683 4524 tcpipreg - ok
23:25:32.0722 4524 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:25:32.0774 4524 TDPIPE - ok
23:25:32.0797 4524 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:25:32.0849 4524 TDTCP - ok
23:25:32.0876 4524 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:25:32.0919 4524 tdx - ok
23:25:32.0969 4524 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
23:25:33.0007 4524 TermDD - ok
23:25:33.0037 4524 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
23:25:33.0240 4524 TermService - ok
23:25:33.0434 4524 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
23:25:33.0558 4524 Themes - ok
23:25:33.0632 4524 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
23:25:33.0732 4524 THREADORDER - ok
23:25:33.0814 4524 TPM (270308efb59976157755c768b8544b5f) C:\Windows\system32\drivers\tpm.sys
23:25:33.0844 4524 TPM - ok
23:25:33.0875 4524 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
23:25:34.0030 4524 TrkWks - ok
23:25:34.0149 4524 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
23:25:34.0207 4524 TrustedInstaller - ok
23:25:34.0249 4524 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:34.0299 4524 tssecsrv - ok
23:25:34.0336 4524 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:25:34.0369 4524 tunmp - ok
23:25:34.0414 4524 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:25:34.0444 4524 tunnel - ok
23:25:34.0458 4524 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
23:25:34.0495 4524 uagp35 - ok
23:25:34.0531 4524 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:25:34.0588 4524 udfs - ok
23:25:34.0649 4524 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
23:25:34.0808 4524 UI0Detect - ok
23:25:34.0824 4524 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
23:25:34.0862 4524 uliagpkx - ok
23:25:34.0906 4524 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
23:25:34.0940 4524 uliahci - ok
23:25:34.0955 4524 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:25:34.0999 4524 UlSata - ok
23:25:35.0021 4524 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:25:35.0051 4524 ulsata2 - ok
23:25:35.0065 4524 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:25:35.0124 4524 umbus - ok
23:25:35.0144 4524 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
23:25:35.0320 4524 upnphost - ok
23:25:35.0369 4524 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:35.0421 4524 usbccgp - ok
23:25:35.0461 4524 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:25:35.0536 4524 usbcir - ok
23:25:35.0584 4524 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:25:35.0635 4524 usbehci - ok
23:25:35.0661 4524 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:25:35.0717 4524 usbhub - ok
23:25:35.0759 4524 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
23:25:35.0808 4524 usbohci - ok
23:25:35.0936 4524 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
23:25:35.0986 4524 usbprint - ok
23:25:36.0013 4524 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
23:25:36.0065 4524 usbscan - ok
23:25:36.0086 4524 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:36.0138 4524 USBSTOR - ok
23:25:36.0157 4524 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:25:36.0210 4524 usbuhci - ok
23:25:36.0244 4524 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
23:25:36.0303 4524 usbvideo - ok
23:25:36.0330 4524 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
23:25:36.0371 4524 usb_rndisx - ok
23:25:36.0394 4524 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
23:25:36.0542 4524 UxSms - ok
23:25:36.0620 4524 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
23:25:36.0804 4524 vds - ok
23:25:36.0839 4524 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:36.0893 4524 vga - ok
23:25:36.0911 4524 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:25:36.0972 4524 VgaSave - ok
23:25:36.0988 4524 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
23:25:37.0025 4524 viaide - ok
23:25:37.0068 4524 vmm (21c96aa588d3993191761a08dbaabb15) C:\Windows\system32\Drivers\vmm.sys
23:25:37.0109 4524 vmm - ok
23:25:37.0133 4524 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:25:37.0171 4524 volmgr - ok
23:25:37.0248 4524 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:25:37.0288 4524 volmgrx - ok
23:25:37.0334 4524 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:25:37.0387 4524 volsnap - ok
23:25:37.0411 4524 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
23:25:37.0462 4524 vsmraid - ok
23:25:37.0546 4524 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
23:25:37.0807 4524 VSS - ok
23:25:37.0871 4524 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
23:25:38.0052 4524 W32Time - ok
23:25:38.0197 4524 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:25:38.0279 4524 WacomPen - ok
23:25:38.0306 4524 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:25:38.0365 4524 Wanarp - ok
23:25:38.0375 4524 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:25:38.0418 4524 Wanarpv6 - ok
23:25:38.0467 4524 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
23:25:38.0498 4524 WcesComm - ok
23:25:38.0539 4524 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
23:25:38.0705 4524 wcncsvc - ok
23:25:38.0746 4524 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
23:25:38.0911 4524 WcsPlugInService - ok
23:25:38.0928 4524 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
23:25:38.0975 4524 Wd - ok
23:25:39.0082 4524 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:25:39.0140 4524 Wdf01000 - ok
23:25:39.0161 4524 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:25:39.0318 4524 WdiServiceHost - ok
23:25:39.0323 4524 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
23:25:39.0482 4524 WdiSystemHost - ok
23:25:39.0522 4524 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
23:25:39.0663 4524 WebClient - ok
23:25:39.0697 4524 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
23:25:39.0852 4524 Wecsvc - ok
23:25:39.0863 4524 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
23:25:40.0017 4524 wercplsupport - ok
23:25:40.0098 4524 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
23:25:40.0252 4524 WerSvc - ok
23:25:40.0344 4524 WinDefend - ok
23:25:40.0352 4524 WinHttpAutoProxySvc - ok
23:25:40.0435 4524 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
23:25:40.0625 4524 Winmgmt - ok
23:25:40.0738 4524 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
23:25:40.0970 4524 WinRM - ok
23:25:41.0104 4524 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
23:25:41.0304 4524 Wlansvc - ok
23:25:41.0483 4524 wlidsvc (98f138897ef4246381d197cb81846d62) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:25:41.0571 4524 wlidsvc - ok
23:25:41.0657 4524 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
23:25:41.0709 4524 WmiAcpi - ok
23:25:41.0764 4524 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
23:25:41.0814 4524 wmiApSrv - ok
23:25:41.0849 4524 WMPNetworkSvc - ok
23:25:41.0880 4524 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
23:25:42.0049 4524 WPCSvc - ok
23:25:42.0087 4524 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
23:25:42.0276 4524 WPDBusEnum - ok
23:25:42.0323 4524 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
23:25:42.0355 4524 WpdUsb - ok
23:25:42.0506 4524 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:25:42.0582 4524 WPFFontCache_v0400 - ok
23:25:42.0619 4524 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:25:42.0691 4524 ws2ifsl - ok
23:25:42.0719 4524 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
23:25:42.0876 4524 wscsvc - ok
23:25:42.0879 4524 WSearch - ok
23:25:42.0994 4524 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
23:25:43.0224 4524 wuauserv - ok
23:25:43.0497 4524 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:43.0548 4524 WUDFRd - ok
23:25:43.0593 4524 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
23:25:43.0761 4524 wudfsvc - ok
23:25:44.0247 4524 ZuneNetworkSvc (96603cd14677dfec2e577e9a18f28ae3) C:\Program Files\Zune\ZuneNss.exe
23:25:44.0557 4524 ZuneNetworkSvc - ok
23:25:44.0740 4524 ZuneWlanCfgSvc (9e32337ae19ea9e5473555eb217fa3cb) C:\Windows\system32\ZuneWlanCfgSvc.exe
23:25:44.0927 4524 ZuneWlanCfgSvc - ok
23:25:44.0950 4524 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
23:25:45.0274 4524 \Device\Harddisk0\DR0 - ok
23:25:45.0278 4524 Boot (0x1200) (33e99c9f0c36c4b52433cf65e611755a) \Device\Harddisk0\DR0\Partition0
23:25:45.0280 4524 \Device\Harddisk0\DR0\Partition0 - ok
23:25:45.0284 4524 Boot (0x1200) (af1f499d8b68dec8f09c5ce247e3829a) \Device\Harddisk0\DR0\Partition1
23:25:45.0286 4524 \Device\Harddisk0\DR0\Partition1 - ok
23:25:45.0287 4524 ============================================================
23:25:45.0287 4524 Scan finished
23:25:45.0287 4524 ============================================================
23:25:45.0297 5492 Detected object count: 3
23:25:45.0297 5492 Actual detected object count: 3
23:25:53.0769 5492 ADSMService ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:53.0770 5492 ADSMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:53.0771 5492 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:53.0771 5492 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:25:53.0772 5492 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:25:53.0773 5492 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#8
thillman

thillman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Also, still redirecting :(
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Delete your current copy of ComboFix.

Then download a fresh copy and run it following these directions:

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer.
  • 0

#10
thillman

thillman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Uninstalled and reinstalled ComboFix (on my desktop). Turned off Norton. Ran smoothly. Didn't have any internet connection problems afterwards so didn't restart. Unfortunately, still getting redirects. Here is the ComboFix log.


ComboFix 12-07-21.01 - Louis 07/23/2012 0:19.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2043 [GMT -4:00]
Running from: c:\users\Louis\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\ntuser.dat
c:\users\Louis\AppData\Roaming\inst.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\DEBUG.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 04:40 . 2012-07-23 04:40 -------- d-----w- c:\users\Louis\AppData\Local\temp
2012-07-23 04:40 . 2012-07-23 04:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 03:16 . 2012-07-22 03:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-21 23:01 . 2012-07-21 23:01 -------- d-----w- C:\_OTL
2012-07-20 14:32 . 2012-07-20 14:32 -------- d-----w- c:\users\Louis\AppData\Local\WinZip
2012-07-20 14:29 . 2012-07-20 14:32 -------- d-----w- c:\programdata\WinZip
2012-07-20 14:29 . 2012-07-20 14:29 -------- d-----w- c:\program files\WinZip
2012-07-19 21:59 . 2012-07-19 21:59 388608 ----a-w- c:\program files\HijackThis.exe
2012-07-19 18:06 . 2012-07-23 04:17 -------- d-----w- C:\32788R22FWJFW
2012-07-16 20:15 . 2012-07-19 14:45 -------- d-----w- c:\windows\system32\drivers\N360x64\0502020.003
2012-07-10 23:32 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-05 21:15 . 2012-07-14 00:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-05 21:15 . 2012-07-14 00:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 21:16 . 2012-06-23 21:16 -------- d-----w- c:\users\Louis\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 03:09 . 2008-12-26 11:33 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-21 02:53 . 2012-04-21 13:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-21 02:53 . 2011-10-08 01:09 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-06-02 22:19 . 2012-06-21 18:58 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 18:58 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:58 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:58 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-21 18:58 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 18:58 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-21 18:58 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 18:58 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-21 18:58 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-21 18:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-21 18:57 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 18:57 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-21 18:57 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-01 14:29 . 2012-06-13 17:53 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-07-02 02:28 . 2008-07-02 02:28 61440 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-27 15147400]
"Facebook Update"="c:\users\Louis\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Spotify"="c:\users\Louis\AppData\Roaming\Spotify\Spotify.exe" [2012-07-23 7601880]
"Spotify Web Helper"="c:\users\Louis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-23 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"DirectConsole2"="c:\program files (x86)\ASUS\Direct Console\Direct Console.exe" [2009-08-11 2861696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
c:\users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Louis\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe [2012-7-6 217536]
NexDef Plug-in.lnk - c:\users\Louis\AppData\Local\Autobahn\nexdef.exe [2011-8-11 15490560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-21 250056]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 33868725
*NewlyCreated* - WS2IFSL
*Deregistered* - 33868725
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 02:53]
.
2012-07-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000Core.job
- c:\users\Louis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-16 21:09]
.
2012-07-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000UA.job
- c:\users\Louis\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-16 21:09]
.
2012-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-28 22:11]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 19:47]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-02 19:47]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000Core.job
- c:\users\Louis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 22:14]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3161089060-3693300038-2069457290-1000UA.job
- c:\users\Louis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-08 22:14]
.
2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{F395C153-279B-4E91-A36A-5F303F900901}.job
- c:\windows\system32\msfeedssync.exe [2011-12-28 15:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-06-13 6342688]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 163552]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-11-09 5901416]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1875048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
DPF: {47489CC3-B1AB-4414-A7D9-4A6380D819D8} - hxxp://143.56.133.4:10224/Remote%20Client/3.7a/English/en-US/ConfigManager.cab
DPF: {817444B5-4D12-4EEB-8E78-C547E84F80B6} - hxxp://143.56.133.4:10224/Remote%20Client/3.7a/English/en-US/EngineManager.cab
DPF: {E7B12A6B-341F-4765-A9EA-29A745916878} - hxxp://143.56.133.4:10224/Remote%20Client/3.7a/English/en-US/ImageViewer.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\ra2olz9p.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 1879f133000000000000002215a48362
FF - user.js: extensions.BabylonToolbar_i.hardId - 1879f133000000000000002215a48362
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15506
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:38
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Louis\AppData\Local\Akamai\netsession_win.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Digital Editions - f:\adobe digital editions\uninstall.exe
AddRemove-HijackThis - c:\users\Louis\Downloads\HijackThis.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2012-07-23 00:45:41
ComboFix-quarantined-files.txt 2012-07-23 04:45
.
Pre-Run: 24,569,253,888 bytes free
Post-Run: 24,035,139,584 bytes free
.
- - End Of File - - E432559DA01E4330871B90880C0149FF
  • 0

Advertisements


#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
First

Run chrome
Go into options -> under the hood
Clear cache and cookies.

If that fails then try the more drastic method

In the run box type in the following command

%USERPROFILE%\AppData\Local\Google\Chrome\User Data


Navigate to the folder called Default in the directory window that opens and and right-click on it and select Rename.

Now rename it to Backup Default.
Now launch Google Chrome and check if the issues you have been experiencing have been rectified.

Note: You may have to reapply your custom settings/import bookmarks again etc.
  • 0

#12
thillman

thillman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Cleared the cache and cookies, still got redirects. Tried the drastic method, and it seems to have worked! I clicked 50+ links from Google search and no redirects. Yay! thankyouthankyouthankyouthankyouthankyou. Is there anything else I should do? And is this thing gone gone, or is it just waiting in the wings, and I've just tricked it for the time being? Will I have to worry about it again in the future?
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
We are not done.

But we are on the way!!








Step 1.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now. We just want to run it on demand.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log


Please give me an update on how your computer is doing!
  • 0

#14
thillman

thillman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Alright, here's everything. Both Malwarebytes and ESET found malicious files and deleted them. yay! Still no redirects.

************************************************************************************************************************************************


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.23.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Louis :: LOUIS-PC [administrator]

7/23/2012 10:09:58 AM
mbam-log-2012-07-23 (10-09-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198504
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\Topckit (PUP.Topckit) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

********************************************************************************************************************************************


[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ce83daf51e7c4843929a9e27753eec99
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-23 04:09:09
# local_time=2012-07-23 12:09:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 56 31680903 179652169 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=195536
# found=3
# cleaned=3
# scan_time=6285
C:\Users\Louis\AppData\Local\Mozilla\Firefox\Profiles\ra2olz9p.default\Cache\4\74\BB5D2d01 Win32/Adware.Facetheme.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Louis\AppData\Local\Mozilla\Firefox\Profiles\ra2olz9p.default\Cache\9\31\64698d01 Win32/Adware.Facetheme.C application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\07222012_230325\C_Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\ra2olz9p.default\extensions\[email protected] JS/Redirector.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C

***************************************************************************************************************************************************

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Spyware Doctor with AntiVirus
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Spyware Doctor 7.0
Malwarebytes Anti-Malware version 1.62.0.1300
HijackThis 2.0.2
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 4.0b12 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
  • 0

#15
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
We have some updates to do to improve your security.

Step 1.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


Step 2.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

Uninstall all previous versions.
Download the latest version from: http://www.adobe.com.../readstep2.html

If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.


Step 3.

Update Mozilla FireFox

Your version of FireFox is 4.0b12and the current release is 14

Please uninstall the version you have and go here to download the latest version and install it. If you do not use FireFox then you do not need to install the current version.


Step 4.


Please confirm you are still running well or if there are any issues you have noticed since my last post.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP