Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus, Tried TDSS Killer [Closed]


  • This topic is locked This topic is locked

#16
Wilbur13

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
The first few searches were okay, then it started redirecting again.

I do connect through a router.
No other computers on the network are being redirected.
Firefox and IE both redirect, Chrome does not appear to redirect from the few times I tried it. I use Firefox usually.
  • 0

Advertisements


#17
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Click on Start then Run... then type:

firefox.exe -safe-mode

And press OK button
If it ask you press Continue in Safe Mode
Test Google searches now and let me know results.
  • 0

#18
Wilbur13

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
The first 5 or 6 searches I tried worked, then it went back to redirecting. I tried Google and Yahoo and both redirected.
  • 0

#19
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Interesting... We only kill it for a while and then it comes back. It's probably reinfecting system.

Step 1

Let's install the free Avast:

AVAST Free

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now.

Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you.

After you start the Windows please find AVAST log in:

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt

Post that log here for me.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • AVAST log
  • OTL scan log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#20
Wilbur13

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
It found one file. I hit repair, but it didn't work. I didn't want to delete it though, so I left it for now and hit exit.

03/09/2013 11:10
Scan of all local drives

File C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\D7AD.tmp.vir is infected by Win32:Malware-gen, Repair: Error 42060 {The file was not repaired.}
Scanning aborted

Number of searched folders: 6888
Number of tested files: 344491
Number of infected files: 1

Edited by Wilbur13, 09 March 2013 - 06:55 PM.

  • 0

#21
Wilbur13

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 3/9/2013 7:25:05 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\QUARTE_MATT\Desktop
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 62.79% Memory free
5.93 Gb Paging File | 4.58 Gb Available in Paging File | 77.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 230.59 Gb Total Space | 106.56 Gb Free Space | 46.21% Space Free | Partition Type: NTFS
Drive F: | 2.00 Gb Total Space | 1.99 Gb Free Space | 99.83% Space Free | Partition Type: FAT32

Computer Name: 2CE929CQCT | User Name: QUARTE_MATT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/20 23:08:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\QUARTE_MATT\Desktop\OTL.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/28 16:37:22 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
PRC - [2012/11/28 16:37:22 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/11/28 16:23:06 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/11/01 14:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/02 11:23:08 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2011/01/14 12:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2011/01/08 17:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/22 07:43:43 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/02/25 15:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/10/22 19:00:12 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/10/22 19:00:10 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CCM\CcmExec.exe
PRC - [2009/09/11 12:51:48 | 001,811,704 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2009/08/18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/11/07 14:20:40 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
PRC - [2008/11/07 14:20:06 | 001,344,736 | ---- | M] (Memeo Inc.) -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
PRC - [2008/09/25 05:23:16 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
PRC - [2008/07/24 14:22:12 | 000,450,560 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
PRC - [2008/07/15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2007/04/06 03:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
PRC - [2005/07/21 10:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/09 19:03:05 | 000,792,576 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._gdi_.pyd
MOD - [2013/03/09 19:03:05 | 000,571,392 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\pysqlite2._sqlite.pyd
MOD - [2013/03/09 19:03:05 | 000,263,168 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32com.shell.shell.pyd
MOD - [2013/03/09 19:03:05 | 000,153,088 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\pyexpat.pyd
MOD - [2013/03/09 19:03:05 | 000,096,256 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32api.pyd
MOD - [2013/03/09 19:03:05 | 000,086,016 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_elementtree.pyd
MOD - [2013/03/09 19:03:05 | 000,070,656 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._html2.pyd
MOD - [2013/03/09 19:03:05 | 000,040,448 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_socket.pyd
MOD - [2013/03/09 19:03:05 | 000,023,040 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32ts.pyd
MOD - [2013/03/09 19:03:05 | 000,011,776 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32crypt.pyd
MOD - [2013/03/09 19:03:04 | 001,024,616 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\windows._cacheinvalidation.pyd
MOD - [2013/03/09 19:03:04 | 000,731,136 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._misc_.pyd
MOD - [2013/03/09 19:03:04 | 000,354,304 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\pythoncom26.dll
MOD - [2013/03/09 19:03:04 | 000,073,728 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_ctypes.pyd
MOD - [2013/03/09 19:03:04 | 000,017,920 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32profile.pyd
MOD - [2013/03/09 19:03:03 | 001,169,408 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._core_.pyd
MOD - [2013/03/09 19:03:03 | 000,807,424 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._windows_.pyd
MOD - [2013/03/09 19:03:03 | 000,645,120 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_ssl.pyd
MOD - [2013/03/09 19:03:03 | 000,311,808 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_hashlib.pyd
MOD - [2013/03/09 19:03:03 | 000,110,592 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32security.pyd
MOD - [2013/03/09 19:03:03 | 000,110,592 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\pywintypes26.dll
MOD - [2013/03/09 19:03:03 | 000,036,352 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32process.pyd
MOD - [2013/03/09 19:03:03 | 000,022,528 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32pdh.pyd
MOD - [2013/03/09 19:03:02 | 000,121,856 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._wizard.pyd
MOD - [2013/03/09 19:03:02 | 000,111,104 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32file.pyd
MOD - [2013/03/09 19:03:02 | 000,039,424 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32inet.pyd
MOD - [2013/03/09 19:03:01 | 001,056,256 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._controls_.pyd
MOD - [2013/03/09 19:03:01 | 000,585,728 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\unicodedata.pyd
MOD - [2013/03/09 19:03:01 | 000,017,920 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32event.pyd
MOD - [2013/03/09 19:03:01 | 000,011,776 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\select.pyd
MOD - [2012/04/19 19:22:45 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cbfdbf9ed05f520f449102c086841ac4\Microsoft.VisualBasic.ni.dll
MOD - [2012/04/19 19:17:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8e47bcd69923f39c010b285d0681b795\System.ServiceProcess.ni.dll
MOD - [2012/04/19 19:16:58 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll
MOD - [2012/04/19 19:16:33 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll
MOD - [2012/04/19 19:16:27 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll
MOD - [2012/02/24 10:45:22 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll
MOD - [2012/02/24 10:39:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
MOD - [2012/02/24 10:39:42 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll
MOD - [2012/02/24 10:38:52 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/24 10:38:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/24 10:38:37 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/15 09:24:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/13 16:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/11/07 14:21:36 | 000,447,056 | ---- | M] () -- C:\Program Files\WD\WD Anywhere Backup\sqlite3.dll


========== Services (SafeList) ==========

SRV - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/02/28 19:41:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/01/18 05:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/01/14 12:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2011/01/08 17:06:56 | 000,016,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/07/22 08:10:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/22 19:00:12 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/09/11 12:51:48 | 001,811,704 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2009/08/18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/11/07 14:20:40 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2008/09/25 05:23:16 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008/07/24 14:22:50 | 000,102,400 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe -- (WDBtnMgrSvc.exe)
SRV - [2008/07/15 12:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2008/05/16 22:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2008/04/08 12:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/04/06 03:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV - [2005/07/21 10:14:58 | 000,134,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe -- (MOM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Unknown] -- C:\Windows\TEMP\mc2DCDF.tmp -- (mchInjDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\QUARTE~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/06 18:33:24 | 000,164,736 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/06 18:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/06 18:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/02/20 22:26:00 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/18 05:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 05:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/07/16 14:03:36 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2010/07/16 14:03:18 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/09/14 09:31:54 | 000,659,328 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/12 17:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress)
DRV - [2009/04/29 07:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/04/20 08:38:54 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/04/06 16:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/11 14:56:00 | 000,045,056 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/10/09 02:32:46 | 001,810,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008/07/29 14:41:36 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/10 13:47:22 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bentley.edu/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0E3985CD-A97A-4245-856E-76DB3FED2010}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{3CCF9E35-9921-4822-9ED4-1BCDFFFAAD54}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{8AD33851-14CC-4CB8-985B-19EFE3615F65}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{A75C516E-2111-4976-B0EA-A7455551A29E}: "URL" = http://libcat.bentle...chTerms}&SORT=D
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52222

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010/07/22 07:48:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/03/09 11:05:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Components: C:\Program Files\Flock\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Flock 2.6.1\extensions\\Plugins: C:\Program Files\Flock\plugins [2013/02/23 20:19:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/29 19:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/23 20:19:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DigitalPersona\Bin\firefoxext [2010/07/22 07:48:58 | 000,000,000 | ---D | M]

[2011/01/17 16:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\QUARTE_MATT\AppData\Roaming\mozilla\Extensions
[2010/09/07 10:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\QUARTE_MATT\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2013/03/07 22:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\QUARTE_MATT\AppData\Roaming\mozilla\Firefox\Profiles\rsw2boq3.default\extensions
[2009/07/13 18:11:12 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\QUARTE_MATT\AppData\Roaming\mozilla\firefox\profiles\rsw2boq3.default\extensions\[email protected]
[2013/03/07 22:49:36 | 000,194,575 | ---- | M] () (No name found) -- C:\Users\QUARTE_MATT\AppData\Roaming\mozilla\firefox\profiles\rsw2boq3.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
[2012/08/30 19:32:32 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\QUARTE_MATT\AppData\Roaming\mozilla\firefox\profiles\rsw2boq3.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013/02/23 20:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/19 15:04:43 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCentraUpdater.dll
[2008/07/14 11:12:20 | 000,001,004 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bentley-library-catalog.xml
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\QUARTE_MATT\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Centra Updater Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Docs = C:\Users\QUARTE_MATT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\QUARTE_MATT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\QUARTE_MATT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\QUARTE_MATT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\QUARTE_MATT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/03 22:13:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (WDC)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Ranges: Range1 ([*] in Trusted sites)
O15 - HKCU\..Trusted Domains: bentley.edu ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blue.ad.bentley.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9682893D-8F95-44B0-A953-DB94F2730FF6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD5B4F30-7694-4B1E-A0FD-8941832A33EC}: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/09 11:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/09 11:06:03 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/03/09 11:06:02 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/03/09 11:06:00 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/03/09 11:05:59 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/03/09 11:05:58 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/03/09 11:05:53 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/03/09 11:05:52 | 000,228,600 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/03/09 11:04:54 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/09 11:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/09 11:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/03 22:13:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/03 22:06:50 | 000,000,000 | ---D | C] -- C:\Users\QUARTE_MATT\AppData\Local\temp
[2013/03/03 21:53:20 | 005,036,260 | R--- | C] (Swearware) -- C:\Users\QUARTE_MATT\Desktop\ComboFix.exe
[2013/02/27 22:48:52 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\QUARTE_MATT\Desktop\aswMBR.exe
[2013/02/23 19:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/02/23 19:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/02/22 19:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/02/21 22:13:09 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\QUARTE_MATT\Desktop\tdsskiller.exe
[2013/02/21 22:07:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/20 23:08:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\QUARTE_MATT\Desktop\OTL.exe
[2013/02/20 22:51:50 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/02/20 22:26:00 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2013/02/17 21:08:22 | 000,000,000 | ---D | C] -- C:\Users\QUARTE_MATT\AppData\Local\CrashDumps
[2013/02/17 20:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/02/17 20:25:37 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/02/17 11:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/17 11:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/02/17 11:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

========== Files - Modified Within 30 Days ==========

[2013/03/09 19:08:47 | 000,645,388 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/09 19:08:47 | 000,110,712 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/09 19:07:44 | 000,020,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/09 19:07:44 | 000,020,512 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/09 19:03:01 | 000,000,474 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/03/09 19:00:47 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/09 18:58:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/09 11:10:48 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/09 11:06:04 | 000,002,085 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/09 11:05:53 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/03/09 10:53:20 | 111,691,960 | ---- | M] () -- C:\Users\QUARTE_MATT\Desktop\avast_free_antivirus_setup.exe
[2013/03/09 10:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/09 10:33:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/07 21:13:54 | 111,713,197 | ---- | M] () -- C:\Users\QUARTE_MATT\Desktop\Jake_Owen_-_Barefoot_Blue_Jean_Night_(2011)_320kbps.rar
[2013/03/06 18:33:24 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/03/06 18:33:24 | 000,368,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/03/06 18:33:24 | 000,164,736 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/06 18:33:24 | 000,062,376 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/03/06 18:33:24 | 000,049,248 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/06 18:33:23 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/03/06 18:33:23 | 000,060,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013/03/06 18:33:22 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/03/06 18:32:42 | 000,228,600 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/03/05 23:08:33 | 000,576,684 | ---- | M] () -- C:\Users\QUARTE_MATT\Documents\Fit_AbWorkout.pdf
[2013/03/03 22:13:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/03/03 21:53:35 | 005,036,260 | R--- | M] (Swearware) -- C:\Users\QUARTE_MATT\Desktop\ComboFix.exe
[2013/02/28 19:30:38 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/27 22:56:19 | 000,377,856 | ---- | M] () -- C:\Users\QUARTE_MATT\Desktop\9dcg2bw4.exe
[2013/02/27 22:56:19 | 000,377,856 | ---- | M] () -- C:\9dcg2bw4.exe
[2013/02/27 22:54:10 | 000,000,512 | ---- | M] () -- C:\Users\QUARTE_MATT\Desktop\MBR.dat
[2013/02/27 22:50:15 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\QUARTE_MATT\Desktop\aswMBR.exe
[2013/02/22 19:33:27 | 157,228,696 | ---- | M] () -- C:\Users\QUARTE_MATT\Desktop\setup_11.0.0.1245.x01_2013_02_23_02_18.exe
[2013/02/21 22:13:22 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\QUARTE_MATT\Desktop\tdsskiller.exe
[2013/02/20 23:08:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\QUARTE_MATT\Desktop\OTL.exe
[2013/02/20 22:26:00 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2013/02/20 21:16:14 | 000,080,311 | ---- | M] () -- C:\Users\QUARTE_MATT\Desktop\Lenovo E585.pdf
[2013/02/19 22:22:27 | 000,002,235 | ---- | M] () -- C:\Users\QUARTE_MATT\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/17 21:18:09 | 000,000,272 | ---- | M] () -- C:\ProgramData\SMRResults311.dat
[2013/02/17 20:10:54 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2013/02/17 11:35:39 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

========== Files Created - No Company Name ==========

[2013/03/09 11:06:04 | 000,002,085 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/09 11:05:57 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/09 11:05:56 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/03/09 10:52:32 | 111,691,960 | ---- | C] () -- C:\Users\QUARTE_MATT\Desktop\avast_free_antivirus_setup.exe
[2013/03/07 20:37:42 | 111,713,197 | ---- | C] () -- C:\Users\QUARTE_MATT\Desktop\Jake_Owen_-_Barefoot_Blue_Jean_Night_(2011)_320kbps.rar
[2013/03/05 23:08:33 | 000,576,684 | ---- | C] () -- C:\Users\QUARTE_MATT\Documents\Fit_AbWorkout.pdf
[2013/02/27 22:56:38 | 000,377,856 | ---- | C] () -- C:\9dcg2bw4.exe
[2013/02/27 22:56:17 | 000,377,856 | ---- | C] () -- C:\Users\QUARTE_MATT\Desktop\9dcg2bw4.exe
[2013/02/27 22:54:10 | 000,000,512 | ---- | C] () -- C:\Users\QUARTE_MATT\Desktop\MBR.dat
[2013/02/22 19:32:07 | 157,228,696 | ---- | C] () -- C:\Users\QUARTE_MATT\Desktop\setup_11.0.0.1245.x01_2013_02_23_02_18.exe
[2013/02/20 21:16:14 | 000,080,311 | ---- | C] () -- C:\Users\QUARTE_MATT\Desktop\Lenovo E585.pdf
[2013/02/17 21:18:09 | 000,000,272 | ---- | C] () -- C:\ProgramData\SMRResults311.dat
[2013/02/17 19:49:30 | 000,002,235 | ---- | C] () -- C:\Users\QUARTE_MATT\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/17 11:35:39 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/13 21:41:53 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/01/18 05:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 05:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 05:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 05:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/12/04 16:39:35 | 000,011,678 | -HS- | C] () -- C:\Users\QUARTE_MATT\AppData\Local\gnknnt2n7ojj3gnm8xoe8a087t8f
[2011/08/28 22:28:12 | 000,000,000 | ---- | C] () -- C:\Users\QUARTE_MATT\AppData\Local\{795FF470-B269-4E6B-ABEC-8AEA7DD7E459}
[2011/08/08 19:13:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/08 19:13:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/08 19:13:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/08 19:13:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/08 19:13:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/08 17:41:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/05/08 17:41:09 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/03/12 16:53:16 | 000,001,209 | ---- | C] () -- C:\Windows\eReg.dat
[2010/11/16 11:22:23 | 000,083,456 | ---- | C] () -- C:\Users\QUARTE_MATT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 16:29:22 | 000,004,096 | -H-- | C] () -- C:\Users\QUARTE_MATT\AppData\Local\keyfile3.drm
[2010/09/07 08:36:16 | 000,005,238 | RHS- | C] () -- C:\Users\QUARTE_MATT\ntuser.pol
[2010/08/05 14:56:28 | 000,048,946 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 04:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/17 14:11:03 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\Amazon
[2011/07/31 18:42:31 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\AVG10
[2010/11/16 12:29:09 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\Blackberry Desktop
[2011/01/17 17:07:51 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\Centra
[2011/12/25 14:17:42 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\com.amazon.music.uploader
[2010/07/22 07:55:31 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\DigitalPersona
[2011/09/06 17:43:52 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\Epson
[2010/09/07 10:42:27 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\Flock
[2011/03/14 12:12:03 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\FrostWire
[2011/01/15 22:56:52 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\GMATPrep
[2013/02/23 15:13:52 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\Nitro PDF
[2013/02/20 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\PrimoPDF
[2010/11/16 11:22:04 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\Research In Motion
[2011/01/17 16:15:52 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\Saba
[2010/12/07 16:27:36 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\SAP
[2010/09/30 10:08:49 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\SmartDraw
[2012/10/05 19:27:10 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\Spotify
[2010/09/07 08:36:44 | 000,000,000 | ---D | M] -- C:\Users\QUARTE_MATT\AppData\Roaming\WD

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:502D809E

< End of report >
  • 0

#22
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Wilbur13,

Please restart and test your system after these two steps and let me know results.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2013/03/09 19:03:05 | 000,792,576 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._gdi_.pyd
    MOD - [2013/03/09 19:03:05 | 000,571,392 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\pysqlite2._sqlite.pyd
    MOD - [2013/03/09 19:03:05 | 000,263,168 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32com.shell.shell.pyd
    MOD - [2013/03/09 19:03:05 | 000,153,088 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\pyexpat.pyd
    MOD - [2013/03/09 19:03:05 | 000,096,256 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32api.pyd
    MOD - [2013/03/09 19:03:05 | 000,086,016 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_elementtree.pyd
    MOD - [2013/03/09 19:03:05 | 000,070,656 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._html2.pyd
    MOD - [2013/03/09 19:03:05 | 000,040,448 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_socket.pyd
    MOD - [2013/03/09 19:03:05 | 000,023,040 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32ts.pyd
    MOD - [2013/03/09 19:03:05 | 000,011,776 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32crypt.pyd
    MOD - [2013/03/09 19:03:04 | 001,024,616 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\windows._cacheinvalidation.pyd
    MOD - [2013/03/09 19:03:04 | 000,731,136 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._misc_.pyd
    MOD - [2013/03/09 19:03:04 | 000,354,304 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\pythoncom26.dll
    MOD - [2013/03/09 19:03:04 | 000,073,728 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_ctypes.pyd
    MOD - [2013/03/09 19:03:04 | 000,017,920 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32profile.pyd
    MOD - [2013/03/09 19:03:03 | 001,169,408 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._core_.pyd
    MOD - [2013/03/09 19:03:03 | 000,807,424 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._windows_.pyd
    MOD - [2013/03/09 19:03:03 | 000,645,120 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_ssl.pyd
    MOD - [2013/03/09 19:03:03 | 000,311,808 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\_hashlib.pyd
    MOD - [2013/03/09 19:03:03 | 000,110,592 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32security.pyd
    MOD - [2013/03/09 19:03:03 | 000,110,592 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\pywintypes26.dll
    MOD - [2013/03/09 19:03:03 | 000,036,352 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32process.pyd
    MOD - [2013/03/09 19:03:03 | 000,022,528 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32pdh.pyd
    MOD - [2013/03/09 19:03:02 | 000,121,856 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._wizard.pyd
    MOD - [2013/03/09 19:03:02 | 000,111,104 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32file.pyd
    MOD - [2013/03/09 19:03:02 | 000,039,424 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32inet.pyd
    MOD - [2013/03/09 19:03:01 | 001,056,256 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\wx._controls_.pyd
    MOD - [2013/03/09 19:03:01 | 000,585,728 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\unicodedata.pyd
    MOD - [2013/03/09 19:03:01 | 000,017,920 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\win32event.pyd
    MOD - [2013/03/09 19:03:01 | 000,011,776 | ---- | M] () -- C:\Users\QUARTE~1\AppData\Local\Temp\_MEI56402\select.pyd
    DRV - File not found [Kernel | Disabled | Unknown] -- C:\Windows\TEMP\mc2DCDF.tmp -- (mchInjDrv)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52222
    FF - prefs.js..network.proxy.no_proxies_on: ""
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • MiniToolBox log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#23
Wilbur13

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I got redirected from the first search that I tried.

========== OTL ==========
Error: No service named mchInjDrv was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv deleted successfully.
File C:\Windows\TEMP\mc2DCDF.tmp not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "" removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\QUARTE_MATT\Desktop\cmd.bat deleted successfully.
C:\Users\QUARTE_MATT\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 03142013_211047
  • 0

#24
Wilbur13

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
MiniToolBox by Farbar Version:05-03-2013
Ran by QUARTE_MATT (administrator) on 14-03-2013 at 21:19:13
Running from "C:\Users\QUARTE_MATT\Desktop"
Windows 7 Enterprise (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", ""

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5300 AGN = Wireless Network Connection (Connected)
Intel® 82567LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : 2CE929CQCT
Primary Dns Suffix . . . . . . . : blue.ad.bentley.edu
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : blue.ad.bentley.edu
ad.bentley.edu
bentley.edu

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-21-6A-5C-FB-C3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5300 AGN
Physical Address. . . . . . . . . : 00-21-6A-5C-FB-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, March 14, 2013 9:14:24 PM
Lease Expires . . . . . . . . . . : Friday, March 15, 2013 9:14:25 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 167.206.254.1
167.206.254.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® 82567LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-26-55-57-43-DB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: vdns1.srv.hcvlny.cv.net
Address: 167.206.254.1

Name: google.com
Addresses: 2607:f8b0:4006:800::1000
74.125.226.198
74.125.226.201
74.125.226.206
74.125.226.197
74.125.226.199
74.125.226.200
74.125.226.194
74.125.226.192
74.125.226.193
74.125.226.196
74.125.226.195


Pinging google.com [74.125.226.198] with 32 bytes of data:
Reply from 74.125.226.198: bytes=32 time=11ms TTL=55
Reply from 74.125.226.198: bytes=32 time=9ms TTL=55

Ping statistics for 74.125.226.198:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 11ms, Average = 10ms
Server: vdns1.srv.hcvlny.cv.net
Address: 167.206.254.1

Name: yahoo.com
Addresses: 206.190.36.45
98.139.183.24
98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Request timed out.
Reply from 98.139.183.24: bytes=32 time=405ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 405ms, Maximum = 405ms, Average = 405ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 21 6a 5c fb c3 ......Microsoft Virtual WiFi Miniport Adapter
12...00 21 6a 5c fb c2 ......Intel® WiFi Link 5300 AGN
11...00 26 55 57 43 db ......Intel® 82567LM Gigabit Network Connection
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.104 281
192.168.1.104 255.255.255.255 On-link 192.168.1.104 281
192.168.1.255 255.255.255.255 On-link 192.168.1.104 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.104 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.104 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/14/2013 09:16:07 PM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The Agent incoming queue data submission has been blocked.
This may indicate that queue does not have sufficient space or is unavailable to accept data.

Management Group: ForefrontClientSecurity

Error: (03/14/2013 09:15:48 PM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The Agent outgoing data processing has been blocked.
This indicates problems with communication or database processing.

Management Group: ForefrontClientSecurity

Error: (03/14/2013 09:15:09 PM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The agent could not resolve the IP of the MOM Server CLSVAV02.gold.ad.bentley.edu. The error reported is 'The requested name is valid, but no data of the requested type was found.'.

Error: (03/14/2013 07:57:53 PM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The Agent incoming queue data submission has been blocked.
This may indicate that queue does not have sufficient space or is unavailable to accept data.

Management Group: ForefrontClientSecurity

Error: (03/14/2013 07:57:43 PM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The Agent outgoing data processing has been blocked.
This indicates problems with communication or database processing.

Management Group: ForefrontClientSecurity

Error: (03/14/2013 07:56:57 PM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The agent could not resolve the IP of the MOM Server CLSVAV02.gold.ad.bentley.edu. The error reported is 'The requested name is valid, but no data of the requested type was found.'.

Error: (03/12/2013 10:18:31 PM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The Agent incoming queue data submission has been blocked.
This may indicate that queue does not have sufficient space or is unavailable to accept data.

Management Group: ForefrontClientSecurity

Error: (03/12/2013 10:18:28 PM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The Agent outgoing data processing has been blocked.
This indicates problems with communication or database processing.

Management Group: ForefrontClientSecurity

Error: (03/12/2013 10:17:37 PM) (Source: Microsoft Operations Manager) (User: NT AUTHORITY)
Description: The agent could not resolve the IP of the MOM Server CLSVAV02.gold.ad.bentley.edu. The error reported is 'The requested name is valid, but no data of the requested type was found.'.

Error: (03/09/2013 08:46:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (03/14/2013 09:18:11 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/14/2013 09:15:23 PM) (Source: Microsoft-Windows-GroupPolicy) (User: BLUE)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/14/2013 09:15:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{1CCB96F4-B8AD-4B43-9688-B273F58E0910}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/14/2013 09:14:30 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (03/14/2013 09:14:28 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain BLUE due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (03/14/2013 09:14:17 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/14/2013 09:14:17 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (03/14/2013 08:31:56 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (03/14/2013 07:59:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/14/2013 07:57:17 PM) (Source: Microsoft-Windows-GroupPolicy) (User: BLUE)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.


Microsoft Office Sessions:
=========================
Error: (12/11/2011 04:50:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6708 seconds with 3900 seconds of active time. This session ended with a crash.

Error: (03/29/2011 00:20:51 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 131 seconds with 60 seconds of active time. This session ended with a crash.

Error: (11/04/2010 00:14:21 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12571 seconds with 300 seconds of active time. This session ended with a crash.

Error: (11/02/2010 11:05:02 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42227 seconds with 2280 seconds of active time. This session ended with a crash.

Error: (10/23/2010 01:53:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3234 seconds with 60 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer (Version: 3.1.1)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.171)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.6) (Version: 10.1.6)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Amazon MP3 Uploader (Version: 1.0.8)
Amazon Unbox Video (Version: 2.1.0.126)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Print Creations
Audacity 1.2.6
AuthenTec Fingerprint Software (Version: 8.5.4.23)
avast! Free Antivirus (Version: 8.0.1483.0)
BlackBerry Device Software Updater (Version: 6.0.1.6)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.17)
Centra Client
Command & Conquer Generals (Version: 0.50.0000)
Command and ConquerTM Generals Zero Hour (Version: 1.00.0000)
Configuration Manager Client (Version: 4.00.6487.2000)
Data Lifeguard Diagnostic for Windows (Version: 1.13)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DigitalPersona Personal 4.11 (Version: 4.11.3811)
ECL Viewer (Version: 6.0)
EPSON Artisan 710 Series Printer Uninstall
EPSON CX7400 User's Guide
Epson Event Manager (Version: 2.30.01)
Epson Print CD (Version: 2.00.00)
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
FileZilla Client 3.3.3 (Version: 3.3.3)
Google Chrome (Version: 25.0.1364.172)
Google Drive (Version: 1.7.4018.3496)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.135)
HP ESU for Microsoft Windows 7 (Version: 1.1.1.1)
HP Quick Launch Buttons (Version: 6.50.17.1)
HP Webcam Application (Version: 1.0.057.1114)
HP Wireless Assistant (Version: 3.50.9.1)
iCloud (Version: 2.1.0.39)
iTunes (Version: 11.0.1.12)
Java 7 Update 15 (Version: 7.0.150)
Java Auto Updater (Version: 2.1.9.0)
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
MediaImpression 2.0 for PENTAX (Version: 2.0.63.630)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Expression Blend 3 (Version: 3.0.1927.0)
Microsoft Expression Blend 3 SDK (Version: 1.0.1327.0)
Microsoft Expression Design 3 (Version: 6.0.1739.0)
Microsoft Expression Encoder 3 (Version: 3.0.1332.0)
Microsoft Expression Studio 3 (Version: 3.0.1061.0)
Microsoft Expression Web 3 (Version: 3.0.1762.0)
Microsoft Forefront Client Security Antimalware Service (Version: 1.5.1996.1)
Microsoft Forefront Client Security State Assessment Service (Version: 1.0.1703.0)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Communicator 2005 (Version: 1.0.559.0)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Visio 2010 (Version: 14.0.4763.1000)
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Operations Manager 2005 Agent (Version: 5.0.2911.0)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (Version: 9.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visio Professional 2010 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4.0 redistributable (Version: 4.0.0.0)
Nitro PDF Reader (Version: 1.4.0.11)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Pharos
Presto! BizCard 5 (Version: 5.60.04.9085)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.73.80.64)
RealPlayer
RollerCoaster Tycoon Deluxe (Version: 1.00.000)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Business (Version: 10.1)
Roxio Creator Business v10 (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.1.055)
SAP Business Explorer (Version: 7.20)
SAP GUI for Windows 7.20 (Version: 7.20 Compilation 1)
Skype™ 5.10 (Version: 5.10.116)
SmartDraw 2010 (Version: 18.12)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Spotify (Version: 0.5.2)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.6.1014)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Validity Sensors software (Version: 2.7.503)
vcredist_x86 (Version: 1.0.0)
VLC media player 1.1.5 (Version: 1.1.5)
WD Anywhere Backup
WD Drive Manager (x86) (Version: 2.107)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
WPF Toolkit June 2009 (Version 3.5.40619.1) (Version: 3.5.40619.1)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 3036.27 MB
Available physical RAM: 1847.82 MB
Total Pagefile: 6070.81 MB
Available Pagefile: 4679.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.98 MB

========================= Partitions: =====================================

1 Drive c: (OSDisk) (Fixed) (Total:230.59 GB) (Free:105.64 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.99 GB) FAT32

========================= Users: ========================================

User accounts for \\2CE929CQCT

Administrator Guest Matthew
sysadmin

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

#25
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please restart in Safe mode with networking:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

Try your searches now and let me know results.
  • 0

Advertisements


#26
Wilbur13

Wilbur13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi, it appears that the searches work fine with Firefox when I run it in safe mode. I tried Yahoo and Google and neither one redirected me after many tries.
  • 0

#27
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Wilbur13,

OK. Now we need to find out what is causing redirects in Normal mode.

Please click on Start and then to Run
Type in msconfig and press Enter
Now click on Startups
Then uncheck everything and press Apply button.
Restart your system now
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

If you don't get redirected then try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
Post back with the results
  • 0

#28
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP