TechSpot

Google redirect driving me crazy!

Inactive
By adam34997
Apr 4, 2012
Topic Status:
Not open for further replies.
  1. I have the nasty google redirect virus and its really slowing things down. Please help

    Step 1
    >>I already had avast
    Step 2
    >> Malwarebytes loads ran successfully and log is below
    Step 3
    >>GMER this not produce a log
    Step 4
    >>DDS worked and the data is pasted at the end
    Step 5
    this is the only data I have. Please let me know if anything else can be done.


    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.02.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Adam :: ADAM-HP [administrator]

    4/3/2012 2:29:11 PM
    mbam-log-2012-04-03 (14-29-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194562
    Time elapsed: 2 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Adam at 15:40:38 on 2012-04-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2273 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\StikyNot.exe
    C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\system32\PrintIsolationHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Akamai NetSession Interface] "C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe"
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [<NO NAME>]
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    LSP: mswsock.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{9EB8E72A-4EB8-40D4-ADCC-253888415D00} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{9EB8E72A-4EB8-40D4-ADCC-253888415D00}\E4544574541425 : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
    mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun-x64: [(Default)]
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn\components\WCFirefox3Extn.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}\plugins\npww.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-2-26 98208]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-2-26 109168]
    R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-3-5 1248256]
    R3 ACPIService;Buttons and OSDs ACPI driver gen2;C:\Windows\system32\DRIVERS\OSDACPI.SYS --> C:\Windows\system32\DRIVERS\OSDACPI.SYS [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-8 1153368]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-02 15:37:19 -------- d-----w- C:\Users\Adam\AppData\Roaming\Malwarebytes
    2012-04-02 15:37:15 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-02 15:37:15 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-02 15:37:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-02 02:10:18 -------- d-----w- C:\Program Files (x86)\ESET
    2012-04-02 00:49:03 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-04-02 00:39:55 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-31 23:12:41 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
    2012-03-31 23:11:35 -------- d-----we C:\Windows\system64
    2012-03-31 03:12:53 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C219A03-FD82-498F-8F9F-3BAE8341EF30}\mpengine.dll
    2012-03-14 18:54:18 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-14 18:54:17 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-14 18:54:17 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-14 17:29:40 3145728 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-14 17:29:38 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-14 17:29:38 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-14 14:00:13 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-14 14:00:13 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-14 14:00:13 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-14 14:00:12 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-14 14:00:12 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-14 14:00:12 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-14 14:00:12 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    .
    ==================== Find3M ====================
    .
    2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-02-20 15:00:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2010-10-25 22:48:06 337360 ----a-w- C:\Program Files (x86)\setup.exe
    2010-10-25 22:48:00 8297472 ----a-w- C:\Program Files (x86)\AcroPro.msi
    2010-10-25 22:13:42 2585872 ----a-w- C:\Program Files (x86)\WindowsInstaller-KB893803-v2-x86.exe
    .
    ============= FINISH: 15:41:14.82 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/4/2011 12:44:36 PM
    System Uptime: 4/3/2012 10:53:55 AM (5 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | 2AAE
    Processor: AMD Athlon(tm) II X2 270u Processor | CPU 1 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 353.548 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.669 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP159: 3/13/2012 9:42:07 AM - Windows Update
    RP160: 3/14/2012 2:51:21 PM - Windows Update
    RP161: 3/20/2012 9:05:54 AM - Windows Update
    RP162: 3/23/2012 9:35:42 AM - Windows Update
    RP163: 3/25/2012 1:20:07 AM - HPSF Restore Point
    RP164: 3/27/2012 9:12:57 AM - Windows Update
    RP165: 3/30/2012 9:34:19 AM - Windows Update
    RP166: 3/30/2012 11:12:08 PM - Windows Update
    RP167: 4/1/2012 7:00:07 PM - Windows Backup
    RP168: 4/2/2012 12:21:33 AM - 4/2
    RP169: 4/2/2012 10:58:14 AM - Removed Muse (code name)
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Ad-Aware
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Dreamweaver CS5
    Adobe Media Player
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Software Update
    Audible Download Manager
    AVS Video Converter 8
    Canon IJ Network Tool
    Canon MP Navigator EX 3.0
    Canon MP560 series User Registration
    Canon Utilities My Printer
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    D3DX10
    DVD Menu Pack for HP MediaSmart Video
    GIMP
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Customer Experience Enhancements
    HP MediaSmart DVD
    HP MediaSmart Music
    HP MediaSmart Photo
    HP MediaSmart Video
    HP MediaSmart Webcam
    HP My Display
    HP Odometer
    HP Photo Creations
    HP Setup
    HP Setup Manager
    HP Support Assistant
    HP Support Information
    HP Update
    ImgBurn
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    LightScribe System Software
    Magic ISO Maker v5.4 (build 0239)
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 11.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NetAssistant
    NetAssistant for Firefox
    Outlook Setup Tool
    PictureMover
    PlayReady PC Runtime x86
    PressReader
    QuickBooks
    QuickBooks Premier: Accountant Edition 2011
    QuickTime
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    Recovery Manager
    SDK
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    SMAC 2.7
    Spybot - Search & Destroy
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Vuze
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.00 beta 7 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/3/2012 9:58:33 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    4/3/2012 9:58:19 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
    4/3/2012 9:58:18 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    4/3/2012 9:58:18 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    4/3/2012 9:58:16 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    4/2/2012 11:42:22 AM, Error: Service Control Manager [7023] - The SPService service terminated with the following error: The specified module could not be found.
    4/2/2012 10:51:59 AM, Error: Service Control Manager [7023] - The VMware USB Arbitration Service service terminated with the following error: A device attached to the system is not functioning.
    4/1/2012 8:44:47 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    4/1/2012 8:44:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    4/1/2012 8:44:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    4/1/2012 8:44:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    4/1/2012 8:44:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    4/1/2012 8:44:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    4/1/2012 8:44:11 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/31/2012 11:53:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    3/30/2012 5:58:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    3/30/2012 2:55:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Akamai NetSession Interface service, but this action failed with the following error: An instance of the service is already running.
    3/30/2012 2:55:18 PM, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    3/30/2012 2:41:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xffffba80045f6002, 0x0000000000000002, 0x0000000000000000, 0xfffff880018d4cb8). A dump was saved in: C:\Windows\Minidump\033012-16458-01.dmp. Report Id: 033012-16458-01.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ====================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-04 12:31:34
    -----------------------------
    12:31:34.071 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:31:34.071 Number of processors: 2 586 0x603
    12:31:34.078 ComputerName: ADAM-HP UserName: Adam
    12:31:35.249 Initialize success
    12:31:41.483 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052
    12:31:41.487 Disk 0 Vendor: WDC_WD50 06.0 Size: 476940MB BusType: 11
    12:31:41.506 Disk 0 MBR read successfully
    12:31:41.511 Disk 0 MBR scan
    12:31:41.517 Disk 0 Windows 7 default MBR code
    12:31:41.523 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    12:31:41.533 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462726 MB offset 206848
    12:31:41.566 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14112 MB offset 947869696
    12:31:41.605 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
    12:31:41.613 Disk 0 scanning C:\Windows\system32\drivers
    12:31:46.681 Service scanning
    12:31:59.183 Modules scanning
    12:31:59.201 Disk 0 trace - called modules:
    12:31:59.231 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
    12:31:59.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045ee060]
    12:31:59.566 3 CLASSPNP.SYS[fffff880019d043f] -> nt!IofCallDriver -> [0xfffffa800441d770]
    12:31:59.571 5 amdxata.sys[fffff88000e727a8] -> nt!IofCallDriver -> \Device\00000052[0xfffffa800441b060]
    12:31:59.577 Scan finished successfully
    12:32:12.936 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
    12:32:12.941 The log file has been saved successfully to "C:\Users\Adam\Desktop\aswMBR.txt"




    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  4. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    I ran this before and it keeps finding and removing the same threat. But here is the log



    12:57:39.0417 4188 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
    12:57:39.0872 4188 ============================================================
    12:57:39.0872 4188 Current date / time: 2012/04/04 12:57:39.0872
    12:57:39.0872 4188 SystemInfo:
    12:57:39.0872 4188
    12:57:39.0873 4188 OS Version: 6.1.7601 ServicePack: 1.0
    12:57:39.0873 4188 Product type: Workstation
    12:57:39.0873 4188 ComputerName: ADAM-HP
    12:57:39.0873 4188 UserName: Adam
    12:57:39.0873 4188 Windows directory: C:\Windows
    12:57:39.0873 4188 System windows directory: C:\Windows
    12:57:39.0873 4188 Running under WOW64
    12:57:39.0873 4188 Processor architecture: Intel x64
    12:57:39.0873 4188 Number of processors: 2
    12:57:39.0873 4188 Page size: 0x1000
    12:57:39.0873 4188 Boot type: Normal boot
    12:57:39.0873 4188 ============================================================
    12:57:40.0920 4188 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:57:40.0924 4188 \Device\Harddisk0\DR0:
    12:57:40.0924 4188 MBR used
    12:57:40.0924 4188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    12:57:40.0924 4188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x387C3000
    12:57:40.0924 4188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x387F5800, BlocksNum 0x1B90000
    12:57:41.0008 4188 Initialize success
    12:57:41.0008 4188 ============================================================
    12:57:42.0742 4252 ============================================================
    12:57:42.0742 4252 Scan started
    12:57:42.0743 4252 Mode: Manual;
    12:57:42.0743 4252 ============================================================
    12:57:44.0264 4252 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    12:57:44.0269 4252 1394ohci - ok
    12:57:44.0301 4252 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    12:57:44.0308 4252 ACPI - ok
    12:57:44.0360 4252 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    12:57:44.0361 4252 AcpiPmi - ok
    12:57:44.0387 4252 ACPIService (de7e8d852a806be6091983838bf9697f) C:\Windows\system32\DRIVERS\OSDACPI.SYS
    12:57:44.0388 4252 ACPIService - ok
    12:57:44.0429 4252 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    12:57:44.0434 4252 adp94xx - ok
    12:57:44.0451 4252 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    12:57:44.0454 4252 adpahci - ok
    12:57:44.0464 4252 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    12:57:44.0466 4252 adpu320 - ok
    12:57:44.0491 4252 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    12:57:44.0492 4252 AeLookupSvc - ok
    12:57:44.0527 4252 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
    12:57:44.0528 4252 AERTFilters - ok
    12:57:44.0567 4252 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    12:57:44.0572 4252 AFD - ok
    12:57:44.0600 4252 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    12:57:44.0601 4252 agp440 - ok
    12:57:44.0612 4252 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    12:57:44.0614 4252 ALG - ok
    12:57:44.0647 4252 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    12:57:44.0647 4252 aliide - ok
    12:57:44.0668 4252 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
    12:57:44.0669 4252 AMD External Events Utility - ok
    12:57:44.0682 4252 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    12:57:44.0682 4252 amdide - ok
    12:57:44.0709 4252 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    12:57:44.0710 4252 AmdK8 - ok
    12:57:44.0841 4252 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
    12:57:44.0964 4252 amdkmdag - ok
    12:57:44.0980 4252 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
    12:57:44.0981 4252 amdkmdap - ok
    12:57:44.0997 4252 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    12:57:44.0998 4252 AmdPPM - ok
    12:57:45.0011 4252 amdsata (f747497a0ee5498f79b207f215b3d2d8) C:\Windows\system32\DRIVERS\amdsata.sys
    12:57:45.0012 4252 amdsata - ok
    12:57:45.0029 4252 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    12:57:45.0032 4252 amdsbs - ok
    12:57:45.0049 4252 amdxata (2946d695e158615baaa16248e63c7adb) C:\Windows\system32\DRIVERS\amdxata.sys
    12:57:45.0049 4252 amdxata - ok
    12:57:45.0092 4252 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    12:57:45.0093 4252 AppID - ok
    12:57:45.0118 4252 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    12:57:45.0119 4252 AppIDSvc - ok
    12:57:45.0170 4252 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    12:57:45.0173 4252 Appinfo - ok
    12:57:45.0248 4252 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    12:57:45.0251 4252 Apple Mobile Device - ok
    12:57:45.0280 4252 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    12:57:45.0280 4252 arc - ok
    12:57:45.0292 4252 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    12:57:45.0293 4252 arcsas - ok
    12:57:45.0388 4252 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    12:57:45.0390 4252 aspnet_state - ok
    12:57:45.0420 4252 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    12:57:45.0421 4252 AsyncMac - ok
    12:57:45.0470 4252 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    12:57:45.0470 4252 atapi - ok
    12:57:45.0508 4252 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
    12:57:45.0509 4252 AtiPcie - ok
    12:57:45.0559 4252 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    12:57:45.0567 4252 AudioEndpointBuilder - ok
    12:57:45.0578 4252 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    12:57:45.0583 4252 AudioSrv - ok
    12:57:45.0625 4252 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    12:57:45.0627 4252 AxInstSV - ok
    12:57:45.0661 4252 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    12:57:45.0667 4252 b06bdrv - ok
    12:57:45.0698 4252 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    12:57:45.0701 4252 b57nd60a - ok
    12:57:45.0731 4252 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    12:57:45.0732 4252 BDESVC - ok
    12:57:45.0750 4252 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    12:57:45.0751 4252 Beep - ok
    12:57:45.0774 4252 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    12:57:45.0785 4252 BITS - ok
    12:57:45.0846 4252 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    12:57:45.0847 4252 blbdrive - ok
    12:57:45.0939 4252 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    12:57:45.0942 4252 Bonjour Service - ok
    12:57:45.0972 4252 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    12:57:45.0973 4252 bowser - ok
    12:57:45.0989 4252 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    12:57:45.0989 4252 BrFiltLo - ok
    12:57:46.0003 4252 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    12:57:46.0004 4252 BrFiltUp - ok
    12:57:46.0033 4252 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    12:57:46.0035 4252 Browser - ok
    12:57:46.0055 4252 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    12:57:46.0058 4252 Brserid - ok
    12:57:46.0074 4252 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    12:57:46.0075 4252 BrSerWdm - ok
    12:57:46.0090 4252 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    12:57:46.0091 4252 BrUsbMdm - ok
    12:57:46.0101 4252 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    12:57:46.0102 4252 BrUsbSer - ok
    12:57:46.0121 4252 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    12:57:46.0122 4252 BTHMODEM - ok
    12:57:46.0160 4252 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    12:57:46.0162 4252 bthserv - ok
    12:57:46.0182 4252 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    12:57:46.0183 4252 cdfs - ok
    12:57:46.0242 4252 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    12:57:46.0244 4252 cdrom - ok
    12:57:46.0283 4252 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    12:57:46.0284 4252 CertPropSvc - ok
    12:57:46.0306 4252 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    12:57:46.0306 4252 circlass - ok
    12:57:46.0331 4252 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    12:57:46.0336 4252 CLFS - ok
    12:57:46.0387 4252 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:57:46.0388 4252 clr_optimization_v2.0.50727_32 - ok
    12:57:46.0428 4252 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    12:57:46.0430 4252 clr_optimization_v2.0.50727_64 - ok
    12:57:46.0486 4252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:57:46.0488 4252 clr_optimization_v4.0.30319_32 - ok
    12:57:46.0544 4252 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    12:57:46.0546 4252 clr_optimization_v4.0.30319_64 - ok
    12:57:46.0574 4252 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
    12:57:46.0574 4252 clwvd - ok
    12:57:46.0607 4252 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    12:57:46.0607 4252 CmBatt - ok
    12:57:46.0637 4252 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    12:57:46.0637 4252 cmdide - ok
    12:57:46.0668 4252 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    12:57:46.0673 4252 CNG - ok
    12:57:46.0693 4252 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    12:57:46.0693 4252 Compbatt - ok
    12:57:46.0731 4252 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    12:57:46.0732 4252 CompositeBus - ok
    12:57:46.0742 4252 COMSysApp - ok
    12:57:46.0761 4252 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    12:57:46.0761 4252 crcdisk - ok
    12:57:46.0804 4252 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    12:57:46.0806 4252 CryptSvc - ok
    12:57:46.0845 4252 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    12:57:46.0852 4252 DcomLaunch - ok
    12:57:46.0885 4252 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    12:57:46.0890 4252 defragsvc - ok
    12:57:46.0929 4252 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    12:57:46.0930 4252 DfsC - ok
    12:57:46.0972 4252 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    12:57:46.0979 4252 Dhcp - ok
    12:57:46.0987 4252 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    12:57:46.0988 4252 discache - ok
    12:57:47.0023 4252 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    12:57:47.0024 4252 Disk - ok
    12:57:47.0059 4252 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    12:57:47.0062 4252 Dnscache - ok
    12:57:47.0093 4252 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    12:57:47.0096 4252 dot3svc - ok
    12:57:47.0137 4252 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    12:57:47.0140 4252 Dot4 - ok
    12:57:47.0201 4252 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
    12:57:47.0202 4252 Dot4Print - ok
    12:57:47.0224 4252 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    12:57:47.0224 4252 dot4usb - ok
    12:57:47.0251 4252 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    12:57:47.0253 4252 DPS - ok
    12:57:47.0294 4252 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    12:57:47.0294 4252 drmkaud - ok
    12:57:47.0338 4252 DTSRVC (b1b7de1ea520c84ab689be8c964fb850) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    12:57:47.0340 4252 DTSRVC - ok
    12:57:47.0396 4252 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    12:57:47.0414 4252 DXGKrnl - ok
    12:57:47.0441 4252 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    12:57:47.0443 4252 EapHost - ok
    12:57:47.0525 4252 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    12:57:47.0578 4252 ebdrv - ok
    12:57:47.0610 4252 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    12:57:47.0611 4252 EFS - ok
    12:57:47.0647 4252 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    12:57:47.0655 4252 ehRecvr - ok
    12:57:47.0692 4252 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    12:57:47.0694 4252 ehSched - ok
    12:57:47.0734 4252 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    12:57:47.0744 4252 elxstor - ok
    12:57:47.0780 4252 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    12:57:47.0781 4252 ErrDev - ok
    12:57:47.0816 4252 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    12:57:47.0822 4252 EventSystem - ok
    12:57:47.0842 4252 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    12:57:47.0844 4252 exfat - ok
    12:57:47.0863 4252 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    12:57:47.0866 4252 fastfat - ok
    12:57:47.0906 4252 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    12:57:47.0915 4252 Fax - ok
    12:57:47.0934 4252 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    12:57:47.0935 4252 fdc - ok
    12:57:47.0954 4252 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    12:57:47.0955 4252 fdPHost - ok
    12:57:47.0970 4252 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    12:57:47.0971 4252 FDResPub - ok
    12:57:47.0984 4252 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    12:57:47.0984 4252 FileInfo - ok
    12:57:47.0997 4252 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    12:57:47.0997 4252 Filetrace - ok
    12:57:48.0015 4252 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    12:57:48.0015 4252 flpydisk - ok
    12:57:48.0055 4252 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    12:57:48.0058 4252 FltMgr - ok
    12:57:48.0108 4252 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    12:57:48.0122 4252 FontCache - ok
    12:57:48.0185 4252 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    12:57:48.0186 4252 FontCache3.0.0.0 - ok
    12:57:48.0195 4252 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    12:57:48.0195 4252 FsDepends - ok
    12:57:48.0207 4252 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    12:57:48.0208 4252 Fs_Rec - ok
    12:57:48.0249 4252 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    12:57:48.0251 4252 fvevol - ok
    12:57:48.0277 4252 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    12:57:48.0278 4252 gagp30kx - ok
    12:57:48.0328 4252 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    12:57:48.0328 4252 GEARAspiWDM - ok
    12:57:48.0364 4252 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    12:57:48.0373 4252 gpsvc - ok
    12:57:48.0387 4252 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    12:57:48.0388 4252 hcw85cir - ok
    12:57:48.0440 4252 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    12:57:48.0444 4252 HdAudAddService - ok
    12:57:48.0460 4252 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    12:57:48.0462 4252 HDAudBus - ok
    12:57:48.0481 4252 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    12:57:48.0482 4252 HidBatt - ok
    12:57:48.0500 4252 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    12:57:48.0502 4252 HidBth - ok
    12:57:48.0516 4252 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    12:57:48.0517 4252 HidIr - ok
    12:57:48.0544 4252 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    12:57:48.0546 4252 hidserv - ok
    12:57:48.0562 4252 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    12:57:48.0562 4252 HidUsb - ok
    12:57:48.0595 4252 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    12:57:48.0597 4252 hkmsvc - ok
    12:57:48.0629 4252 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    12:57:48.0632 4252 HomeGroupListener - ok
    12:57:48.0672 4252 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    12:57:48.0675 4252 HomeGroupProvider - ok
    12:57:48.0755 4252 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    12:57:48.0755 4252 HP Support Assistant Service - ok
    12:57:48.0800 4252 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    12:57:48.0803 4252 HPClientSvc - ok
    12:57:48.0820 4252 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    12:57:48.0820 4252 HPDrvMntSvc.exe - ok
    12:57:48.0844 4252 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    12:57:48.0853 4252 hpqwmiex - ok
    12:57:48.0882 4252 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    12:57:48.0883 4252 HpSAMD - ok
    12:57:48.0945 4252 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    12:57:48.0960 4252 HTTP - ok
    12:57:48.0988 4252 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    12:57:48.0989 4252 hwpolicy - ok
    12:57:49.0013 4252 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    12:57:49.0014 4252 i8042prt - ok
    12:57:49.0052 4252 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    12:57:49.0057 4252 iaStorV - ok
    12:57:49.0135 4252 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    12:57:49.0146 4252 idsvc - ok
    12:57:49.0177 4252 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    12:57:49.0178 4252 iirsp - ok
    12:57:49.0210 4252 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    12:57:49.0220 4252 IKEEXT - ok
    12:57:49.0429 4252 IntcAzAudAddService (cb5fd9b681ad43b560490b5283ddc1c1) C:\Windows\system32\drivers\RTKVHD64.sys
    12:57:49.0444 4252 IntcAzAudAddService - ok
    12:57:49.0472 4252 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    12:57:49.0473 4252 intelide - ok
    12:57:49.0503 4252 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    12:57:49.0504 4252 intelppm - ok
    12:57:49.0541 4252 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    12:57:49.0543 4252 IPBusEnum - ok
    12:57:49.0573 4252 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:57:49.0574 4252 IpFilterDriver - ok
    12:57:49.0619 4252 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    12:57:49.0620 4252 IPMIDRV - ok
    12:57:49.0658 4252 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    12:57:49.0659 4252 IPNAT - ok
    12:57:49.0730 4252 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
    12:57:49.0740 4252 iPod Service - ok
    12:57:49.0767 4252 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    12:57:49.0767 4252 IRENUM - ok
    12:57:49.0782 4252 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    12:57:49.0782 4252 isapnp - ok
    12:57:49.0812 4252 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    12:57:49.0816 4252 iScsiPrt - ok
    12:57:49.0831 4252 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    12:57:49.0832 4252 kbdclass - ok
    12:57:49.0858 4252 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    12:57:49.0859 4252 kbdhid - ok
    12:57:49.0885 4252 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    12:57:49.0886 4252 KeyIso - ok
    12:57:49.0900 4252 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    12:57:49.0901 4252 KSecDD - ok
    12:57:49.0917 4252 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    12:57:49.0918 4252 KSecPkg - ok
    12:57:49.0932 4252 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    12:57:49.0932 4252 ksthunk - ok
    12:57:49.0965 4252 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    12:57:49.0970 4252 KtmRm - ok
    12:57:50.0014 4252 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    12:57:50.0018 4252 LanmanServer - ok
    12:57:50.0051 4252 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    12:57:50.0054 4252 LanmanWorkstation - ok
    12:57:50.0173 4252 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    12:57:50.0194 4252 Lavasoft Ad-Aware Service - ok
    12:57:50.0232 4252 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
    12:57:50.0232 4252 Lavasoft Kernexplorer - ok
    12:57:50.0269 4252 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
    12:57:50.0270 4252 Lbd - ok
    12:57:50.0320 4252 LightScribeService (b1e1c8bb1392537e4d415fcdcb93b1d3) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    12:57:50.0321 4252 LightScribeService - ok
    12:57:50.0358 4252 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    12:57:50.0359 4252 lltdio - ok
    12:57:50.0401 4252 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    12:57:50.0406 4252 lltdsvc - ok
    12:57:50.0432 4252 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    12:57:50.0434 4252 lmhosts - ok
    12:57:50.0455 4252 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    12:57:50.0456 4252 LSI_FC - ok
    12:57:50.0474 4252 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    12:57:50.0475 4252 LSI_SAS - ok
    12:57:50.0493 4252 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    12:57:50.0494 4252 LSI_SAS2 - ok
    12:57:50.0507 4252 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    12:57:50.0508 4252 LSI_SCSI - ok
    12:57:50.0530 4252 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    12:57:50.0531 4252 luafv - ok
    12:57:50.0570 4252 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    12:57:50.0573 4252 Mcx2Svc - ok
    12:57:50.0616 4252 mdvrmng (5f22132c9153639762708909f156b33d) C:\Windows\system32\Defrag32.dll
    12:57:50.0617 4252 mdvrmng ( Backdoor.Multi.ZAccess.gen ) - infected
    12:57:50.0617 4252 mdvrmng - detected Backdoor.Multi.ZAccess.gen (0)
    12:57:50.0635 4252 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    12:57:50.0636 4252 megasas - ok
    12:57:50.0657 4252 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    12:57:50.0660 4252 MegaSR - ok
    12:57:50.0736 4252 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    12:57:50.0738 4252 Microsoft Office Groove Audit Service - ok
    12:57:50.0764 4252 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    12:57:50.0767 4252 MMCSS - ok
    12:57:50.0785 4252 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    12:57:50.0785 4252 Modem - ok
    12:57:50.0806 4252 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    12:57:50.0806 4252 monitor - ok
    12:57:50.0845 4252 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    12:57:50.0846 4252 mouclass - ok
    12:57:50.0884 4252 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    12:57:50.0885 4252 mouhid - ok
    12:57:50.0916 4252 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    12:57:50.0917 4252 mountmgr - ok
    12:57:50.0950 4252 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    12:57:50.0952 4252 mpio - ok
    12:57:50.0973 4252 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    12:57:50.0974 4252 mpsdrv - ok
    12:57:51.0008 4252 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    12:57:51.0010 4252 MRxDAV - ok
    12:57:51.0036 4252 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:57:51.0037 4252 mrxsmb - ok
    12:57:51.0076 4252 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:57:51.0079 4252 mrxsmb10 - ok
    12:57:51.0097 4252 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:57:51.0098 4252 mrxsmb20 - ok
    12:57:51.0115 4252 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    12:57:51.0116 4252 msahci - ok
    12:57:51.0153 4252 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    12:57:51.0155 4252 msdsm - ok
    12:57:51.0178 4252 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    12:57:51.0181 4252 MSDTC - ok
    12:57:51.0216 4252 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    12:57:51.0217 4252 Msfs - ok
    12:57:51.0235 4252 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    12:57:51.0235 4252 mshidkmdf - ok
    12:57:51.0246 4252 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    12:57:51.0247 4252 msisadrv - ok
    12:57:51.0281 4252 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    12:57:51.0284 4252 MSiSCSI - ok
    12:57:51.0291 4252 msiserver - ok
    12:57:51.0319 4252 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    12:57:51.0319 4252 MSKSSRV - ok
    12:57:51.0354 4252 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    12:57:51.0354 4252 MSPCLOCK - ok
    12:57:51.0374 4252 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    12:57:51.0374 4252 MSPQM - ok
    12:57:51.0405 4252 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    12:57:51.0409 4252 MsRPC - ok
    12:57:51.0420 4252 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    12:57:51.0420 4252 mssmbios - ok
    12:57:51.0441 4252 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    12:57:51.0441 4252 MSTEE - ok
    12:57:51.0456 4252 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    12:57:51.0457 4252 MTConfig - ok
    12:57:51.0480 4252 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    12:57:51.0481 4252 Mup - ok
    12:57:51.0522 4252 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    12:57:51.0528 4252 napagent - ok
    12:57:51.0566 4252 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    12:57:51.0569 4252 NativeWifiP - ok
    12:57:51.0605 4252 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    12:57:51.0615 4252 NDIS - ok
    12:57:51.0632 4252 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    12:57:51.0633 4252 NdisCap - ok
    12:57:51.0656 4252 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    12:57:51.0657 4252 NdisTapi - ok
    12:57:51.0712 4252 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    12:57:51.0713 4252 Ndisuio - ok
    12:57:51.0751 4252 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    12:57:51.0755 4252 NdisWan - ok
    12:57:51.0790 4252 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    12:57:51.0791 4252 NDProxy - ok
    12:57:51.0832 4252 Net Driver HPZ12 (dc6530a291d4bdf6df399f1f128e7f8f) C:\Windows\system32\HPZinw12.dll
    12:57:51.0834 4252 Net Driver HPZ12 - ok
    12:57:51.0847 4252 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    12:57:51.0848 4252 NetBIOS - ok
    12:57:51.0882 4252 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    12:57:51.0885 4252 NetBT - ok
    12:57:51.0900 4252 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    12:57:51.0902 4252 Netlogon - ok
    12:57:51.0936 4252 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    12:57:51.0941 4252 Netman - ok
    12:57:52.0012 4252 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:57:52.0014 4252 NetMsmqActivator - ok
    12:57:52.0029 4252 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:57:52.0031 4252 NetPipeActivator - ok
    12:57:52.0060 4252 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    12:57:52.0064 4252 netprofm - ok
    12:57:52.0118 4252 netr28x (1982b291df9833fb3adc397ebd310a18) C:\Windows\system32\DRIVERS\netr28x.sys
    12:57:52.0125 4252 netr28x - ok
    12:57:52.0130 4252 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:57:52.0132 4252 NetTcpActivator - ok
    12:57:52.0138 4252 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    12:57:52.0139 4252 NetTcpPortSharing - ok
    12:57:52.0183 4252 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    12:57:52.0185 4252 nfrd960 - ok
    12:57:52.0231 4252 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    12:57:52.0240 4252 NlaSvc - ok
    12:57:52.0262 4252 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    12:57:52.0264 4252 Npfs - ok
    12:57:52.0278 4252 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    12:57:52.0280 4252 nsi - ok
    12:57:52.0292 4252 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    12:57:52.0293 4252 nsiproxy - ok
    12:57:52.0349 4252 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    12:57:52.0373 4252 Ntfs - ok
     
  6. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    12:57:52.0392 4252 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    12:57:52.0392 4252 Null - ok
    12:57:52.0427 4252 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    12:57:52.0428 4252 nvraid - ok
    12:57:52.0465 4252 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    12:57:52.0467 4252 nvstor - ok
    12:57:52.0495 4252 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    12:57:52.0496 4252 nv_agp - ok
    12:57:52.0552 4252 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    12:57:52.0561 4252 odserv - ok
    12:57:52.0592 4252 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    12:57:52.0594 4252 ohci1394 - ok
    12:57:52.0659 4252 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    12:57:52.0661 4252 ose - ok
    12:57:52.0687 4252 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    12:57:52.0693 4252 p2pimsvc - ok
    12:57:52.0711 4252 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    12:57:52.0717 4252 p2psvc - ok
    12:57:52.0739 4252 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    12:57:52.0740 4252 Parport - ok
    12:57:52.0774 4252 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    12:57:52.0774 4252 partmgr - ok
    12:57:52.0790 4252 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    12:57:52.0794 4252 PcaSvc - ok
    12:57:52.0828 4252 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    12:57:52.0830 4252 pci - ok
    12:57:52.0867 4252 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    12:57:52.0867 4252 pciide - ok
    12:57:52.0890 4252 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    12:57:52.0892 4252 pcmcia - ok
    12:57:52.0913 4252 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    12:57:52.0914 4252 pcw - ok
    12:57:52.0961 4252 PdiService (0a098df98ec8facaa30bd7db4c7aea06) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    12:57:52.0963 4252 PdiService - ok
    12:57:52.0994 4252 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    12:57:53.0002 4252 PEAUTH - ok
    12:57:53.0057 4252 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    12:57:53.0059 4252 PerfHost - ok
    12:57:53.0126 4252 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    12:57:53.0161 4252 pla - ok
    12:57:53.0211 4252 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    12:57:53.0218 4252 PlugPlay - ok
    12:57:53.0244 4252 Pml Driver HPZ12 (71f62c51dfdfbc04c83c5c64b2b8058e) C:\Windows\system32\HPZipm12.dll
    12:57:53.0246 4252 Pml Driver HPZ12 - ok
    12:57:53.0270 4252 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    12:57:53.0273 4252 PNRPAutoReg - ok
    12:57:53.0296 4252 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    12:57:53.0300 4252 PNRPsvc - ok
    12:57:53.0320 4252 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    12:57:53.0328 4252 PolicyAgent - ok
    12:57:53.0353 4252 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    12:57:53.0357 4252 Power - ok
    12:57:53.0404 4252 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    12:57:53.0405 4252 PptpMiniport - ok
    12:57:53.0441 4252 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    12:57:53.0441 4252 Processor - ok
    12:57:53.0466 4252 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    12:57:53.0469 4252 ProfSvc - ok
    12:57:53.0493 4252 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    12:57:53.0494 4252 ProtectedStorage - ok
    12:57:53.0530 4252 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    12:57:53.0532 4252 Psched - ok
    12:57:53.0635 4252 QBCFMonitorService (91195091f449699b176fe1305dad40da) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    12:57:53.0636 4252 QBCFMonitorService - ok
    12:57:53.0682 4252 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    12:57:53.0685 4252 QBFCService - ok
    12:57:53.0749 4252 QBVSS (0c7b65c8743442a37152fcfac5f7d16a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    12:57:53.0764 4252 QBVSS - ok
    12:57:53.0888 4252 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    12:57:53.0918 4252 ql2300 - ok
    12:57:53.0951 4252 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    12:57:53.0952 4252 ql40xx - ok
    12:57:53.0978 4252 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    12:57:53.0982 4252 QWAVE - ok
    12:57:54.0002 4252 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    12:57:54.0003 4252 QWAVEdrv - ok
    12:57:54.0021 4252 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    12:57:54.0022 4252 RasAcd - ok
    12:57:54.0057 4252 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    12:57:54.0057 4252 RasAgileVpn - ok
    12:57:54.0077 4252 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    12:57:54.0080 4252 RasAuto - ok
    12:57:54.0114 4252 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:57:54.0115 4252 Rasl2tp - ok
    12:57:54.0146 4252 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    12:57:54.0151 4252 RasMan - ok
    12:57:54.0184 4252 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    12:57:54.0184 4252 RasPppoe - ok
    12:57:54.0205 4252 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    12:57:54.0206 4252 RasSstp - ok
    12:57:54.0247 4252 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    12:57:54.0253 4252 rdbss - ok
    12:57:54.0272 4252 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    12:57:54.0272 4252 rdpbus - ok
    12:57:54.0290 4252 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:57:54.0291 4252 RDPCDD - ok
    12:57:54.0317 4252 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    12:57:54.0318 4252 RDPENCDD - ok
    12:57:54.0332 4252 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    12:57:54.0332 4252 RDPREFMP - ok
    12:57:54.0364 4252 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
    12:57:54.0366 4252 RDPWD - ok
    12:57:54.0405 4252 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    12:57:54.0476 4252 rdyboost - ok
    12:57:54.0633 4252 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    12:57:54.0635 4252 RemoteAccess - ok
    12:57:54.0652 4252 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    12:57:54.0656 4252 RemoteRegistry - ok
    12:57:54.0676 4252 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    12:57:54.0678 4252 RpcEptMapper - ok
    12:57:54.0706 4252 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    12:57:54.0707 4252 RpcLocator - ok
    12:57:54.0745 4252 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    12:57:54.0749 4252 RpcSs - ok
    12:57:54.0764 4252 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    12:57:54.0764 4252 rspndr - ok
    12:57:54.0801 4252 RTL8167 (fcaf9c2c9eadf8f397c3350760ef500f) C:\Windows\system32\DRIVERS\Rt64win7.sys
    12:57:54.0804 4252 RTL8167 - ok
    12:57:54.0834 4252 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    12:57:54.0836 4252 SamSs - ok
    12:57:54.0864 4252 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    12:57:54.0865 4252 sbp2port - ok
    12:57:54.0937 4252 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    12:57:54.0945 4252 SBSDWSCService - ok
    12:57:54.0968 4252 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    12:57:54.0972 4252 SCardSvr - ok
    12:57:55.0011 4252 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    12:57:55.0012 4252 scfilter - ok
    12:57:55.0076 4252 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    12:57:55.0089 4252 Schedule - ok
    12:57:55.0117 4252 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    12:57:55.0118 4252 SCPolicySvc - ok
    12:57:55.0145 4252 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    12:57:55.0149 4252 SDRSVC - ok
    12:57:55.0178 4252 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    12:57:55.0179 4252 secdrv - ok
    12:57:55.0212 4252 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    12:57:55.0215 4252 seclogon - ok
    12:57:55.0232 4252 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    12:57:55.0234 4252 SENS - ok
    12:57:55.0251 4252 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    12:57:55.0253 4252 SensrSvc - ok
    12:57:55.0289 4252 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    12:57:55.0290 4252 Serenum - ok
    12:57:55.0309 4252 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    12:57:55.0310 4252 Serial - ok
    12:57:55.0348 4252 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    12:57:55.0349 4252 sermouse - ok
    12:57:55.0404 4252 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    12:57:55.0407 4252 SessionEnv - ok
    12:57:55.0446 4252 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    12:57:55.0447 4252 sffdisk - ok
    12:57:55.0462 4252 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    12:57:55.0462 4252 sffp_mmc - ok
    12:57:55.0480 4252 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    12:57:55.0481 4252 sffp_sd - ok
    12:57:55.0494 4252 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    12:57:55.0495 4252 sfloppy - ok
    12:57:55.0532 4252 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    12:57:55.0541 4252 SharedAccess - ok
    12:57:55.0577 4252 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    12:57:55.0587 4252 ShellHWDetection - ok
    12:57:55.0612 4252 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    12:57:55.0613 4252 SiSRaid2 - ok
    12:57:55.0632 4252 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    12:57:55.0633 4252 SiSRaid4 - ok
    12:57:55.0660 4252 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    12:57:55.0661 4252 Smb - ok
    12:57:55.0704 4252 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    12:57:55.0706 4252 SNMPTRAP - ok
    12:57:55.0726 4252 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    12:57:55.0727 4252 spldr - ok
    12:57:55.0765 4252 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    12:57:55.0770 4252 Spooler - ok
    12:57:55.0846 4252 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    12:57:55.0870 4252 sppsvc - ok
    12:57:55.0888 4252 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    12:57:55.0890 4252 sppuinotify - ok
    12:57:55.0924 4252 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    12:57:55.0930 4252 srv - ok
    12:57:55.0981 4252 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    12:57:55.0986 4252 srv2 - ok
    12:57:56.0001 4252 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    12:57:56.0003 4252 srvnet - ok
    12:57:56.0025 4252 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    12:57:56.0029 4252 SSDPSRV - ok
    12:57:56.0045 4252 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    12:57:56.0048 4252 SstpSvc - ok
    12:57:56.0065 4252 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    12:57:56.0066 4252 stexstor - ok
    12:57:56.0102 4252 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
    12:57:56.0102 4252 StillCam - ok
    12:57:56.0149 4252 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    12:57:56.0157 4252 stisvc - ok
    12:57:56.0184 4252 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    12:57:56.0184 4252 swenum - ok
    12:57:56.0201 4252 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    12:57:56.0209 4252 swprv - ok
    12:57:56.0272 4252 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    12:57:56.0307 4252 SysMain - ok
    12:57:56.0340 4252 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    12:57:56.0343 4252 TabletInputService - ok
    12:57:56.0376 4252 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    12:57:56.0382 4252 TapiSrv - ok
    12:57:56.0402 4252 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    12:57:56.0404 4252 TBS - ok
    12:57:56.0461 4252 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    12:57:56.0494 4252 Tcpip - ok
    12:57:56.0533 4252 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    12:57:56.0545 4252 TCPIP6 - ok
    12:57:56.0585 4252 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    12:57:56.0586 4252 tcpipreg - ok
    12:57:56.0618 4252 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    12:57:56.0619 4252 TDPIPE - ok
    12:57:56.0636 4252 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    12:57:56.0637 4252 TDTCP - ok
    12:57:56.0668 4252 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    12:57:56.0669 4252 tdx - ok
    12:57:56.0699 4252 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    12:57:56.0700 4252 TermDD - ok
    12:57:56.0726 4252 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    12:57:56.0735 4252 TermService - ok
    12:57:56.0754 4252 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    12:57:56.0756 4252 Themes - ok
    12:57:56.0797 4252 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    12:57:56.0799 4252 THREADORDER - ok
    12:57:56.0819 4252 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    12:57:56.0822 4252 TrkWks - ok
    12:57:56.0869 4252 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    12:57:56.0870 4252 TrustedInstaller - ok
    12:57:56.0909 4252 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:57:56.0910 4252 tssecsrv - ok
    12:57:56.0953 4252 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    12:57:56.0953 4252 TsUsbFlt - ok
    12:57:56.0999 4252 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    12:57:57.0001 4252 tunnel - ok
    12:57:57.0027 4252 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    12:57:57.0028 4252 uagp35 - ok
    12:57:57.0050 4252 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    12:57:57.0054 4252 udfs - ok
    12:57:57.0074 4252 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    12:57:57.0077 4252 UI0Detect - ok
    12:57:57.0116 4252 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    12:57:57.0117 4252 uliagpkx - ok
    12:57:57.0156 4252 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    12:57:57.0156 4252 umbus - ok
    12:57:57.0170 4252 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    12:57:57.0171 4252 UmPass - ok
    12:57:57.0191 4252 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    12:57:57.0197 4252 upnphost - ok
    12:57:57.0230 4252 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    12:57:57.0231 4252 USBAAPL64 - ok
    12:57:57.0248 4252 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    12:57:57.0249 4252 usbccgp - ok
    12:57:57.0283 4252 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    12:57:57.0284 4252 usbcir - ok
    12:57:57.0293 4252 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    12:57:57.0293 4252 usbehci - ok
    12:57:57.0329 4252 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
    12:57:57.0329 4252 usbfilter - ok
    12:57:57.0351 4252 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    12:57:57.0355 4252 usbhub - ok
    12:57:57.0367 4252 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    12:57:57.0368 4252 usbohci - ok
    12:57:57.0395 4252 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    12:57:57.0395 4252 usbprint - ok
    12:57:57.0421 4252 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    12:57:57.0422 4252 usbscan - ok
    12:57:57.0456 4252 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:57:57.0457 4252 USBSTOR - ok
    12:57:57.0471 4252 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    12:57:57.0472 4252 usbuhci - ok
    12:57:57.0500 4252 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    12:57:57.0502 4252 usbvideo - ok
    12:57:57.0532 4252 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    12:57:57.0535 4252 UxSms - ok
    12:57:57.0559 4252 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    12:57:57.0561 4252 VaultSvc - ok
    12:57:57.0577 4252 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    12:57:57.0578 4252 vdrvroot - ok
    12:57:57.0620 4252 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    12:57:57.0627 4252 vds - ok
    12:57:57.0660 4252 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    12:57:57.0661 4252 vga - ok
    12:57:57.0676 4252 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    12:57:57.0677 4252 VgaSave - ok
    12:57:57.0700 4252 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    12:57:57.0703 4252 vhdmp - ok
    12:57:57.0733 4252 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    12:57:57.0733 4252 viaide - ok
    12:57:57.0755 4252 VMnetAdapter - ok
    12:57:57.0769 4252 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    12:57:57.0771 4252 volmgr - ok
    12:57:57.0809 4252 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    12:57:57.0813 4252 volmgrx - ok
    12:57:57.0851 4252 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    12:57:57.0854 4252 volsnap - ok
    12:57:57.0880 4252 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    12:57:57.0881 4252 vsmraid - ok
    12:57:57.0949 4252 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    12:57:57.0981 4252 VSS - ok
    12:57:57.0995 4252 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    12:57:57.0996 4252 vwifibus - ok
    12:57:58.0017 4252 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    12:57:58.0018 4252 vwififlt - ok
    12:57:58.0051 4252 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    12:57:58.0058 4252 W32Time - ok
    12:57:58.0079 4252 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    12:57:58.0079 4252 WacomPen - ok
    12:57:58.0114 4252 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    12:57:58.0115 4252 WANARP - ok
    12:57:58.0127 4252 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    12:57:58.0128 4252 Wanarpv6 - ok
    12:57:58.0207 4252 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    12:57:58.0242 4252 WatAdminSvc - ok
    12:57:58.0302 4252 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    12:57:58.0328 4252 wbengine - ok
    12:57:58.0350 4252 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    12:57:58.0355 4252 WbioSrvc - ok
    12:57:58.0390 4252 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    12:57:58.0397 4252 wcncsvc - ok
    12:57:58.0412 4252 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    12:57:58.0415 4252 WcsPlugInService - ok
    12:57:58.0437 4252 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    12:57:58.0437 4252 Wd - ok
    12:57:58.0464 4252 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    12:57:58.0471 4252 Wdf01000 - ok
    12:57:58.0492 4252 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    12:57:58.0495 4252 WdiServiceHost - ok
    12:57:58.0500 4252 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    12:57:58.0503 4252 WdiSystemHost - ok
    12:57:58.0540 4252 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    12:57:58.0546 4252 WebClient - ok
    12:57:58.0568 4252 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    12:57:58.0573 4252 Wecsvc - ok
    12:57:58.0588 4252 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    12:57:58.0591 4252 wercplsupport - ok
    12:57:58.0616 4252 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    12:57:58.0619 4252 WerSvc - ok
    12:57:58.0643 4252 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    12:57:58.0644 4252 WfpLwf - ok
    12:57:58.0658 4252 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    12:57:58.0659 4252 WIMMount - ok
    12:57:58.0667 4252 WinHttpAutoProxySvc - ok
    12:57:58.0714 4252 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    12:57:58.0717 4252 Winmgmt - ok
    12:57:58.0775 4252 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    12:57:58.0810 4252 WinRM - ok
    12:57:58.0851 4252 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    12:57:58.0862 4252 Wlansvc - ok
    12:57:58.0951 4252 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    12:57:58.0965 4252 wlidsvc - ok
    12:57:59.0000 4252 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    12:57:59.0000 4252 WmiAcpi - ok
    12:57:59.0026 4252 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    12:57:59.0029 4252 wmiApSrv - ok
    12:57:59.0047 4252 WMPNetworkSvc - ok
    12:57:59.0075 4252 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    12:57:59.0078 4252 WPCSvc - ok
    12:57:59.0104 4252 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    12:57:59.0107 4252 WPDBusEnum - ok
    12:57:59.0122 4252 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    12:57:59.0123 4252 ws2ifsl - ok
    12:57:59.0148 4252 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    12:57:59.0149 4252 WSDPrintDevice - ok
    12:57:59.0155 4252 WSearch - ok
    12:57:59.0228 4252 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    12:57:59.0273 4252 wuauserv - ok
    12:57:59.0307 4252 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    12:57:59.0309 4252 WudfPf - ok
    12:57:59.0326 4252 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:57:59.0328 4252 WUDFRd - ok
    12:57:59.0366 4252 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    12:57:59.0370 4252 wudfsvc - ok
    12:57:59.0396 4252 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    12:57:59.0403 4252 WwanSvc - ok
    12:57:59.0429 4252 MBR (0x1B8) (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
    12:57:59.0486 4252 \Device\Harddisk0\DR0 - ok
    12:57:59.0490 4252 Boot (0x1200) (8b05c54413af6f186dc25575d2c8cbfe) \Device\Harddisk0\DR0\Partition0
    12:57:59.0492 4252 \Device\Harddisk0\DR0\Partition0 - ok
    12:57:59.0506 4252 Boot (0x1200) (1a3b96d9cb41e651a1749ac924a68720) \Device\Harddisk0\DR0\Partition1
    12:57:59.0508 4252 \Device\Harddisk0\DR0\Partition1 - ok
    12:57:59.0539 4252 Boot (0x1200) (4afc0feaaa98f6cbf82a99d22a405f0b) \Device\Harddisk0\DR0\Partition2
    12:57:59.0540 4252 \Device\Harddisk0\DR0\Partition2 - ok
    12:57:59.0540 4252 ============================================================
    12:57:59.0540 4252 Scan finished
    12:57:59.0540 4252
    ============================================================
    12:57:59.0553 2876 Detected object count: 1
    12:57:59.0553 2876 Actual detected object count: 1
    12:58:13.0294 2876 C:\Windows\system32\Defrag32.dll - copied to quarantine
    12:58:13.0294 2876 HKLM\SYSTEM\ControlSet001\services\mdvrmng - will be deleted on reboot
    12:58:13.0405 2876 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured
    12:58:13.0441 2876 C:\Windows\system32\Defrag32.dll - will be deleted on reboot
    12:58:13.0441 2876 mdvrmng ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
    12:58:15.0753 4900 Deinitialize success
     
  7. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Post new aswMBR log.
     
  8. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-04 13:07:42
    -----------------------------
    13:07:42.538 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:07:42.538 Number of processors: 2 586 0x603
    13:07:42.539 ComputerName: ADAM-HP UserName: Adam
    13:07:43.586 Initialize success
    13:07:48.129 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052
    13:07:48.134 Disk 0 Vendor: WDC_WD50 06.0 Size: 476940MB BusType: 11
    13:07:48.153 Disk 0 MBR read successfully
    13:07:48.158 Disk 0 MBR scan
    13:07:48.164 Disk 0 Windows 7 default MBR code
    13:07:48.169 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    13:07:48.176 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462726 MB offset 206848
    13:07:48.212 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14112 MB offset 947869696
    13:07:48.258 SubSystem.Windows: C:\Windows\system32\consrv.dll **SUSPICIOUS**
    13:07:48.266 Disk 0 scanning C:\Windows\system32\drivers
    13:07:53.408 Service scanning
    13:08:05.316 Modules scanning
    13:08:05.334 Disk 0 trace - called modules:
    13:08:05.360 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
    13:08:05.373 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045ea6c0]
    13:08:05.385 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80036ebb80]
    13:08:05.392 5 amdxata.sys[fffff880011047a8] -> nt!IofCallDriver -> \Device\00000052[0xfffffa80045728f0]
    13:08:05.397 Scan finished successfully
    13:08:18.563 Disk 0 MBR has been saved successfully to "C:\Users\Adam\Desktop\MBR.dat"
    13:08:18.569 The log file has been saved successfully to "C:\Users\Adam\Desktop\new.txt"


     
  9. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
     
  10. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    it says there no infections found

    Thanks for your help so far but I am off to the golf course.

    I will reply to your next step tonight and thanks so much!
     
  11. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Good luck with the game :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
     
  12. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    Feels like it is already running faster! Log is below

    ComboFix 12-04-04.02 - Adam 04/04/2012 20:00:51.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2381 [GMT -4:00]
    Running from: c:\users\Adam\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Setup.exe
    c:\program files (x86)\WindowsInstaller-KB893803-v2-x86.exe
    C:\Thumbs.db
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    c:\windows\system32\consrv.dll
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 15:37 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
    2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-02 00:39 . 2012-04-04 16:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-31 03:12 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C219A03-FD82-498F-8F9F-3BAE8341EF30}\mpengine.dll
    2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\axsefda]
    2012-04-04 01:54 10752 ----a-w- c:\windows\System32\config\systemprofile\AppData\Local\axsefda.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
    S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-10-13 17152]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - LAVASOFT_KERNEXPLORER
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-04-01 c:\windows\Tasks\HPCeeScheduleForAdam.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "combofix"="c:\combofix\CF23986.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    adiusbaw
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: mswsock.dll
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - user.js: general.useragent.extra.brc -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    SafeBoot-09984986.sys
    SafeBoot-14628097.sys
    SafeBoot-16993586.sys
    SafeBoot-25932418.sys
    SafeBoot-46694671.sys
    SafeBoot-49521943.sys
    SafeBoot-68439577.sys
    SafeBoot-91797076.sys
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\03\0c\13-5u"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-04 20:31:02 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-05 00:31
    .
    Pre-Run: 380,082,655,232 bytes free
    Post-Run: 379,556,847,616 bytes free
    .
    - - End Of File - - 2B4281846F7A970651A4E2B5A2A581F0
     
  13. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    How is redirection?

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\System32\config\systemprofile\AppData\Local\axsefda.dll
    
    DDS::
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    
    Driver::
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\axsefda]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  14. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    Before I did the last step I saw google redirect once. I have yet to see it again since the last step. Log below

    ComboFix 12-04-04.02 - Adam 04/05/2012 9:46.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2082 [GMT -4:00]
    Running from: c:\users\Adam\Desktop\ComboFix.exe
    Command switches used :: c:\users\Adam\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\System32\config\systemprofile\AppData\Local\axsefda.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Setup.exe
    c:\program files (x86)\WindowsInstaller-KB893803-v2-x86.exe
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\cfg.ini
    c:\windows\system32\consrv.dll
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\System64
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-05 to 2012-04-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-05 13:57 . 2012-04-05 13:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-05 13:30 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60A6E8E2-193F-4707-8CAB-1CA2D1FDF08F}\mpengine.dll
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\users\Adam\AppData\Roaming\Malwarebytes
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-02 15:37 . 2012-04-02 15:37 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 15:37 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 02:10 . 2012-04-02 18:09 -------- d-----w- c:\program files (x86)\ESET
    2012-04-02 00:49 . 2012-04-02 18:17 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-04-02 00:39 . 2012-04-04 16:58 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-14 18:54 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-03-14 18:54 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-03-14 17:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 17:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 17:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-14 14:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 14:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 14:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 14:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-14 14:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-14 14:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-23 13:18 . 2011-03-04 17:59 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-02-20 15:00 . 2011-05-17 14:02 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-30 03:36 . 2012-01-30 03:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-01-30 03:36 . 2012-01-30 03:36 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-01-30 03:36 . 2012-01-30 03:36 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-01-30 03:36 . 2012-01-30 03:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-01-30 03:36 . 2012-01-30 03:36 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-01-30 03:36 . 2012-01-30 03:36 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-01-30 03:36 . 2012-01-30 03:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-01-30 03:36 . 2012-01-30 03:36 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-01-30 03:36 . 2012-01-30 03:36 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-01-30 03:36 . 2012-01-30 03:36 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-01-30 03:36 . 2012-01-30 03:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-01-30 03:36 . 2012-01-30 03:36 448512 ----a-w- c:\windows\system32\html.iec
    2012-01-30 03:36 . 2012-01-30 03:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-01-30 03:36 . 2012-01-30 03:36 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-01-30 03:36 . 2012-01-30 03:36 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-01-30 03:36 . 2012-01-30 03:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-01-30 03:36 . 2012-01-30 03:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2010-10-25 22:48 . 2011-05-02 16:57 8297472 ----a-w- c:\program files (x86)\AcroPro.msi
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
    "Akamai NetSession Interface"="c:\users\Adam\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-12-01 121456]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    R1 elclgcno;elclgcno;c:\windows\system32\drivers\elclgcno.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
    S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-11-21 1248256]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-30 c:\windows\Tasks\HPCeeScheduleForADAM-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-04-01 c:\windows\Tasks\HPCeeScheduleForAdam.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "combofix"="c:\combofix\CF22037.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    adiusbaw
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: mswsock.dll
    Trusted Zone: intuit.com\ttlc
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - user.js: general.useragent.extra.brc -
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\03\0c\13-5u"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-05 10:10:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-05 14:10
    ComboFix2.txt 2012-04-05 00:31
    .
    Pre-Run: 379,233,320,960 bytes free
    Post-Run: 378,613,764,096 bytes free
    .
    - - End Of File - - F533A575A24975D7D7AD6F463755312C
     
  15. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Looks good.

    Keep me posted about computer behavior.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    Prior to running the last step, I was still getting the redirect sometimes. Logs below

    OTL logfile created on: 4/6/2012 9:19:05 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Adam\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 57.54% Memory free
    7.50 Gb Paging File | 5.85 Gb Available in Paging File | 77.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.88 Gb Total Space | 353.03 Gb Free Space | 78.12% Space Free | Partition Type: NTFS
    Drive D: | 13.78 Gb Total Space | 1.67 Gb Free Space | 12.11% Space Free | Partition Type: NTFS

    Computer Name: ADAM-HP | User Name: Adam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/04/06 09:17:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
    PRC - [2012/03/18 17:13:59 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe
    PRC - [2011/11/20 23:08:05 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2011/11/04 17:27:48 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2011/11/03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    PRC - [2011/11/03 13:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/12/01 16:12:58 | 000,440,944 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
    PRC - [2010/12/01 16:12:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    PRC - [2010/09/03 21:13:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
    PRC - [2010/04/16 19:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
    PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/20 14:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/18 17:13:59 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/02/20 11:00:49 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
    MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
    MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
    MOD - [2010/05/25 12:29:32 | 000,014,856 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/08/05 23:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/05/12 02:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/11/17 07:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\kraidsvc.dll -- (adiusbaw)
    SRV - [2011/11/20 23:08:05 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2011/11/04 17:27:48 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2011/11/03 13:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/12/01 16:12:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
    SRV - [2010/04/16 19:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/11/03 13:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
    DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/11 18:37:32 | 000,408,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/09/03 21:13:32 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/07/21 23:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2010/05/12 02:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/05/12 01:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/03/10 11:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2010/02/06 00:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/02/06 00:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/17 22:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2011/10/12 23:49:27 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\SearchScopes\{EE4B9390-6134-45F5-B9A8-88394F8C89CB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=crm&q={searchTerms}&locale=&apn_ptnrs=HP&apn_dtid=YYYYYYCLUS&apn_uid=a2a4b726-e554-4faa-b0e3-f92d4f31e8df&apn_sauid=C37EAEEF-90C0-4322-9E19-B74785D2DBDF&
    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.1
    FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
    FF - prefs.js..extensions.enabledItems: {ba2430e0-5b72-4cac-bc9e-7d1aaca75d3d}:1.6.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/13 16:12:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/02 14:19:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/13 16:12:36 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\Adam\AppData\Roaming\NetAssistant\ [2011/10/18 18:01:37 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Adam\AppData\Roaming\IDM\idmmzcc3

    [2011/03/04 14:14:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions
    [2012/04/02 11:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\extensions
    [2011/05/04 09:40:10 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
    [2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\searchplugins\askcom.xml
    [2012/04/01 20:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    () (No name found) -- C:\USERS\ADAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9YL6VUNS.DEFAULT\EXTENSIONS\{BA2430E0-5B72-4CAC-BC9E-7D1AACA75D3D}.XPI
    () (No name found) -- C:\USERS\ADAM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9YL6VUNS.DEFAULT\EXTENSIONS\FASTERFOX_LITE@BIGREDBRENT.XPI
    [2012/03/18 17:13:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/08/24 05:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    Hosts file not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000..\Run: [Akamai NetSession Interface] C:\Users\Adam\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
    O15 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EB8E72A-4EB8-40D4-ADCC-253888415D00}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: adiusbaw - C:\Windows\SysNative\kraidsvc.dll (Oak Technology Inc.)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/06 09:17:00 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
    [2012/04/05 15:12:27 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/05 15:07:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/04/05 14:52:48 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/04/04 19:58:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/04 19:58:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/04 19:58:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/04 19:58:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/04 19:58:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/04 19:52:32 | 004,456,875 | R--- | C] (Swearware) -- C:\Users\Adam\Desktop\ComboFix.exe
    [2012/04/04 13:15:32 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Adam\Desktop\FixTDSS(1).exe
    [2012/04/04 12:56:43 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\TDSSKiller.exe
    [2012/04/04 12:32:41 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Adam\Desktop\boot_cleaner.exe
    [2012/04/04 12:30:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Adam\Desktop\aswMBR.exe
    [2012/04/04 11:55:17 | 002,072,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\123.exe
    [2012/04/03 15:40:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Adam\Desktop\dds.scr
    [2012/04/02 11:37:19 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Roaming\Malwarebytes
    [2012/04/02 11:37:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/02 11:37:15 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/04/02 11:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/04/02 11:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/01 22:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/04/01 20:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2012/04/01 20:39:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/01 19:36:31 | 000,000,000 | R--D | C] -- C:\Users\Adam\Searches
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
     
  17. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    ========== Files - Modified Within 30 Days ==========

    [2012/04/06 09:17:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
    [2012/04/06 09:12:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/06 09:12:42 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/06 09:05:29 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
    [2012/04/06 09:05:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/06 09:05:21 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/05 21:57:46 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
    [2012/04/05 21:57:46 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
    [2012/04/05 12:04:49 | 000,022,275 | ---- | M] () -- C:\Users\Adam\Desktop\1.pdf
    [2012/04/05 09:40:12 | 000,783,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/04/05 09:40:12 | 000,663,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/04/05 09:40:12 | 000,122,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/04/04 19:52:42 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\ComboFix.exe
    [2012/04/04 13:15:34 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Adam\Desktop\FixTDSS(1).exe
    [2012/04/04 13:08:18 | 000,000,512 | ---- | M] () -- C:\Users\Adam\Desktop\MBR.dat
    [2012/04/04 12:31:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Adam\Desktop\aswMBR.exe
    [2012/04/03 15:40:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\dds.scr
    [2012/04/03 15:11:41 | 000,302,592 | ---- | M] () -- C:\Users\Adam\Desktop\qubg20ro.exe
    [2012/04/03 13:43:02 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\TDSSKiller.exe
    [2012/04/03 13:43:02 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\123.exe
    [2012/04/02 11:37:16 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/01 14:33:18 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdam.job
    [2012/03/30 17:51:12 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForADAM-HP$.job
    [2012/03/14 20:43:09 | 000,439,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/05 15:06:55 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
    [2012/04/05 12:04:49 | 000,022,275 | ---- | C] () -- C:\Users\Adam\Desktop\1.pdf
    [2012/04/04 19:58:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/04 19:58:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/04 19:58:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/04 19:58:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/04 19:58:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/04 12:32:12 | 000,000,512 | ---- | C] () -- C:\Users\Adam\Desktop\MBR.dat
    [2012/04/03 15:11:37 | 000,302,592 | ---- | C] () -- C:\Users\Adam\Desktop\qubg20ro.exe
    [2012/04/02 11:37:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/01 20:30:18 | 000,001,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/01/03 19:48:26 | 000,007,623 | ---- | C] () -- C:\Users\Adam\AppData\Local\Resmon.ResmonCfg
    [2011/11/20 12:29:17 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2011/10/24 11:56:38 | 000,199,720 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/10/16 12:29:57 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
    [2011/10/16 12:29:57 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
    [2011/07/16 22:21:06 | 000,001,854 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\GhostObjGAFix.xml
    [2011/05/02 12:57:43 | 008,297,472 | ---- | C] () -- C:\Program Files (x86)\AcroPro.msi
    [2011/05/02 12:57:43 | 000,076,288 | ---- | C] () -- C:\Program Files (x86)\1031.mst
    [2011/05/02 12:57:43 | 000,074,752 | ---- | C] () -- C:\Program Files (x86)\1036.mst
    [2011/05/02 12:57:43 | 000,003,584 | ---- | C] () -- C:\Program Files (x86)\1033.mst
    [2011/05/02 12:57:43 | 000,001,772 | ---- | C] () -- C:\Program Files (x86)\ABCPY.INI
    [2011/05/02 12:57:43 | 000,000,347 | ---- | C] () -- C:\Program Files (x86)\Setup.ini
    [2011/05/02 12:56:48 | 481,143,404 | ---- | C] () -- C:\Program Files (x86)\Data1.cab
    [2011/03/27 20:04:07 | 000,001,814 | ---- | C] () -- C:\Program Files (x86)\Microsoft Office - Shortcut.lnk
    [2011/03/04 17:13:18 | 000,058,935 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011/03/04 15:52:24 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0346.old
    [2011/02/26 05:03:14 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/02/26 04:25:02 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2011/02/26 04:13:25 | 000,781,226 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/26 04:06:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/09/24 19:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

    ========== LOP Check ==========

    [2012/01/29 23:41:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\4Team
    [2012/02/08 14:45:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Azureus
    [2011/03/04 15:00:03 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\BitComet
    [2011/03/04 15:18:39 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Blio
    [2011/05/15 22:57:48 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Canon
    [2011/03/31 16:37:18 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/12/06 22:03:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DAEMON Tools Lite
    [2011/03/04 15:06:30 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\DMCache
    [2012/02/23 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\gtk-2.0
    [2011/12/06 22:27:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\ImgBurn
    [2011/10/18 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\NetAssistant
    [2011/03/04 13:51:52 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PictureMover
    [2011/03/04 17:15:16 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\QuickScan
    [2011/10/31 10:41:12 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Spotify
    [2011/11/19 23:32:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\WinBatch
    [2011/04/10 18:11:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\WindSolutions
    [2012/03/01 09:55:02 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2011/12/06 23:11:53 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2012/04/06 09:05:21 | 000,069,146 | ---- | M] () -- C:\aaw7boot.log
    [2009/07/24 15:22:29 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/04/05 15:12:26 | 000,022,343 | ---- | M] () -- C:\ComboFix.txt
    [2012/04/06 09:05:21 | 3019,350,016 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/26 05:07:52 | 000,000,000 | RHS- | M] () -- C:\OS
    [2012/04/06 09:05:21 | 4025,802,752 | -HS- | M] () -- C:\pagefile.sys
    [2012/04/01 20:46:06 | 000,000,361 | ---- | M] () -- C:\rkill.log
    [2012/04/01 20:40:33 | 000,130,734 | ---- | M] () -- C:\TDSSKiller.2.7.23.0_01.04.2012_20.38.38_log.txt
    [2012/04/02 10:42:25 | 000,003,232 | ---- | M] () -- C:\TDSSKiller.2.7.24.0_02.04.2012_10.42.07_log.txt
    [2012/04/02 10:44:25 | 000,129,942 | ---- | M] () -- C:\TDSSKiller.2.7.24.0_02.04.2012_10.43.31_log.txt
    [2012/04/02 14:06:26 | 000,127,286 | ---- | M] () -- C:\TDSSKiller.2.7.24.0_02.04.2012_14.04.42_log.txt
    [2012/04/02 14:16:09 | 000,126,422 | ---- | M] () -- C:\TDSSKiller.2.7.24.0_02.04.2012_14.14.10_log.txt
    [2012/04/02 17:42:34 | 000,125,006 | ---- | M] () -- C:\TDSSKiller.2.7.24.0_02.04.2012_17.42.03_log.txt
    [2012/04/02 21:32:36 | 000,124,988 | ---- | M] () -- C:\TDSSKiller.2.7.24.0_02.04.2012_21.31.48_log.txt
    [2012/04/03 09:56:11 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.24.0_03.04.2012_09.56.05_log.txt
    [2012/04/03 09:59:29 | 000,123,648 | ---- | M] () -- C:\TDSSKiller.2.7.24.0_03.04.2012_09.58.52_log.txt
    [2012/04/04 11:54:56 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.24.0_04.04.2012_11.54.51_log.txt
    [2012/04/03 09:57:31 | 000,124,994 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_03.04.2012_09.56.42_log.txt
    [2012/04/04 12:03:38 | 000,125,158 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_04.04.2012_11.55.32_log.txt
    [2012/04/04 12:58:15 | 000,124,998 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_04.04.2012_12.57.39_log.txt
    [2012/04/04 13:04:43 | 000,003,232 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_04.04.2012_13.00.02_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/23 04:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/10/25 18:47:38 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\1031.mst
    [2010/10/25 18:47:38 | 000,003,584 | ---- | M] () -- C:\Program Files (x86)\1033.mst
    [2010/10/25 18:47:38 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\1036.mst
    [2010/10/25 18:13:40 | 000,001,772 | ---- | M] () -- C:\Program Files (x86)\ABCPY.INI
    [2010/10/25 18:48:00 | 008,297,472 | ---- | M] () -- C:\Program Files (x86)\AcroPro.msi
    [2010/10/25 18:47:20 | 481,143,404 | ---- | M] () -- C:\Program Files (x86)\Data1.cab
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2011/03/27 20:04:07 | 000,001,814 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office - Shortcut.lnk
    [2010/10/25 18:13:46 | 000,000,347 | ---- | M] () -- C:\Program Files (x86)\Setup.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/01/29 23:45:00 | 000,000,221 | -HS- | M] () -- C:\Users\Adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/03 13:43:02 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\123.exe
    [2012/04/04 12:31:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Adam\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Adam\Desktop\boot_cleaner.exe
    [2012/04/04 19:52:42 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Adam\Desktop\ComboFix.exe
    [2012/04/04 13:15:34 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Adam\Desktop\FixTDSS(1).exe
    [2012/04/06 09:17:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Desktop\OTL.exe
    [2012/04/03 15:11:41 | 000,302,592 | ---- | M] () -- C:\Users\Adam\Desktop\qubg20ro.exe
    [2012/04/03 13:43:02 | 002,072,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Adam\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/30 17:51:12 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForADAM-HP$.job
    [2012/04/01 14:33:18 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdam.job
    [2012/04/06 09:05:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/01 09:55:02 | 000,032,540 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/06/27 21:52:17 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/06/27 21:52:17 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/06/27 21:52:17 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/06/27 21:52:17 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/06/27 21:52:17 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011/06/27 21:52:17 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >
     
  18. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/16 11:27:24 | 000,000,402 | -HS- | M] () -- C:\Users\Adam\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/11/14 13:56:46 | 000,058,935 | ---- | M] () -- C:\ProgramData\bdinstall.bin
    [2011/05/15 22:25:37 | 000,009,055 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Files - Unicode (All) ==========
    [2011/11/14 13:56:55 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
    [2011/11/14 13:56:06 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

    < End of report >

    OTL Extras logfile created on: 4/6/2012 9:19:05 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Adam\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 57.54% Memory free
    7.50 Gb Paging File | 5.85 Gb Available in Paging File | 77.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.88 Gb Total Space | 353.03 Gb Free Space | 78.12% Space Free | Partition Type: NTFS
    Drive D: | 13.78 Gb Total Space | 1.67 Gb Free Space | 12.11% Space Free | Partition Type: NTFS

    Computer Name: ADAM-HP | User Name: Adam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = jsfile] -- Reg Error: Value error. File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .js [@ = jsfile] -- Reg Error: Value error. File not found

    [HKEY_USERS\S-1-5-21-649968626-1217438032-2407564498-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [open] -- Reg Error: Value error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    jsfile [open] -- Reg Error: Value error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{88B6E7E4-2D44-9C8D-1B7E-1131C8B0D111}" = ccc-utility64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E2D662AD-3FE3-26C5-5540-90E4974EF412}" = ATI Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
    "CCleaner" = CCleaner
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{05CA9AF2-E06D-3991-887C-FC5822D5468A}" = CCC Help Chinese Standard
    "{07BF9DB6-69AE-4070-EFBC-44C5BB3E10D2}" = CCC Help Finnish
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
    "{104BEA41-8EC0-B483-04AA-FAB143CBBCAE}" = Catalyst Control Center Core Implementation
    "{11E0AC7D-6823-4F67-865F-EE1C13D28C38}" = QuickBooks Premier: Accountant Edition 2011
    "{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1D4B453A-6C34-FEDF-4B69-C026E2E58655}" = CCC Help Danish
    "{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F4DDC90-5923-4E49-A4C7-F3CCC954DCA0}" = HP My Display
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{338556DF-B61E-26A0-4DF9-F95658B3454B}" = CCC Help Czech
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{37220538-53F8-728A-C7EA-92ABD78CA94B}" = Catalyst Control Center Graphics Full Existing
    "{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3DAB1C09-2B6C-4FEE-2B95-EABAAF7002FB}" = CCC Help Portuguese
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{4513B67A-61E4-D7BF-6381-657581C9097C}" = CCC Help Korean
    "{46BBA993-5554-42E7-8042-E760D92A580A}" = GIMP
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{5031851B-1BC3-EAB0-AC16-7D5FF880502C}" = Catalyst Control Center Localization All
    "{5924CA2E-D145-87A2-CB65-39313C0D825C}" = Catalyst Control Center Graphics Previews Vista
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{67AAEC8B-9A0C-154E-21F8-0AEF4A05E98D}" = CCC Help Chinese Traditional
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{6FA22C59-53A4-6C24-4E2B-8024838F1016}" = CCC Help German
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{713578E2-16BA-B3C5-A1D3-147F4BD6CE14}" = CCC Help French
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{777E6DA6-2487-4A56-0FAB-07C9F82B9C18}" = CCC Help English
    "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
    "{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{858CA5A0-9A7E-3D84-679F-5934B22255A8}" = CCC Help Spanish
    "{88E2586F-E0D5-A3E3-B84F-4CC6E86F4D23}" = Catalyst Control Center Graphics Full New
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D016DB5-8672-0757-F228-32BF04278665}" = Catalyst Control Center Graphics Light
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
    "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
    "{95251A23-7B7A-BFA7-C812-9A0E4EC04120}" = CCC Help Japanese
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B51638F-A1F3-05B5-46A1-B54A025766E1}" = CCC Help Dutch
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A6D0B261-9CF1-1C7E-5A5C-6D42EE9AE9E6}" = CCC Help Italian
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB92BB15-CF56-0490-64D9-06DD82522CC5}" = CCC Help Turkish
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B1588559-57A0-5948-0A3F-F768AC350F29}" = CCC Help Thai
    "{B191C95B-7E4A-6419-F332-307810CE4FA5}" = ccc-core-static
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4DFE240-836F-3EA4-B764-BE778EB7B86B}" = CCC Help Norwegian
    "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
    "{BD30FF0E-FFD3-8200-68F1-7772F0C091DD}" = CCC Help Russian
    "{C1441CC5-D9DC-C781-F5FC-B7CA0FBA0914}" = CCC Help Greek
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CBF9CADC-3F81-44E4-3B0F-B0E288D0FBEC}" = Catalyst Control Center InstallProxy
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EB235F08-D1FC-D35F-BD8A-84C232184AF2}" = CCC Help Hungarian
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EB69F7A5-778B-2F95-1FFD-949157FB94CA}" = CCC Help Polish
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6A4B871-A06A-0EB2-DA8F-BD26CA4B7D90}" = CCC Help Swedish
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FD71E2F7-B9FC-4072-88DB-AC19E2464D82}" = LightScribe System Software
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Akamai" = Akamai NetSession Interface Service
    "AudibleDownloadManager" = Audible Download Manager
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "Canon MP560 series User Registration" = Canon MP560 series User Registration
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CanonMyPrinter" = Canon Utilities My Printer
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HP Photo Creations" = HP Photo Creations
    "ImgBurn" = ImgBurn
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
    "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
    "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "outlookset" = Outlook Setup Tool
    "SMAC 2.7" = SMAC 2.7
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 beta 7 (32-bit)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-649968626-1217438032-2407564498-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "NetAssistant 3.6.5" = NetAssistant for Firefox

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/22/2012 11:17:47 PM | Computer Name = Adam-HP | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 1/22/2012 11:17:47 PM | Computer Name = Adam-HP | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 1/23/2012 6:23:51 PM | Computer Name = Adam-HP | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 1/23/2012 6:23:51 PM | Computer Name = Adam-HP | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 1/23/2012 6:23:51 PM | Computer Name = Adam-HP | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 1/23/2012 6:25:17 PM | Computer Name = Adam-HP | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 1/23/2012 6:25:17 PM | Computer Name = Adam-HP | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 1/23/2012 6:25:17 PM | Computer Name = Adam-HP | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
    Hand

    Error - 1/23/2012 6:43:58 PM | Computer Name = Adam-HP | Source = QuickBooks | ID = 4
    Description = An unexpected error has occured in "QuickBooks Accountant 2011": PrintCheck
    returned failure resu

    Error - 1/23/2012 11:33:01 PM | Computer Name = Adam-HP | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    [ Hewlett-Packard Events ]
    Error - 3/3/2012 4:05:00 PM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 3/3/2012 4:05:00 PM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 3/10/2012 4:16:41 PM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 3/10/2012 4:16:41 PM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 3/18/2012 12:46:33 PM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 3/18/2012 12:46:37 PM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 3/24/2012 3:21:23 PM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common
    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 3/24/2012 3:21:24 PM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    Error - 3/25/2012 1:32:53 AM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 3/31/2012 3:19:18 PM | Computer Name = Adam-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
    of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
    dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3839 Ram Utilization: 40 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
    Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

    [ OSession Events ]
    Error - 3/11/2011 12:07:49 PM | Computer Name = Adam-HP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/12/2011 1:42:35 PM | Computer Name = Adam-HP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 5/7/2011 10:08:19 AM | Computer Name = Adam-HP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1824
    seconds with 300 seconds of active time. This session ended with a crash.

    Error - 6/12/2011 12:37:55 PM | Computer Name = Adam-HP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3382
    seconds with 1680 seconds of active time. This session ended with a crash.

    Error - 6/29/2011 11:23:30 PM | Computer Name = Adam-HP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 7/3/2011 12:31:58 PM | Computer Name = Adam-HP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 8/23/2011 11:04:11 PM | Computer Name = Adam-HP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/28/2012 7:01:51 PM | Computer Name = Adam-HP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 4/6/2012 9:05:27 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7001
    Description = The Windows Firewall service depends on the Windows Firewall Authorization
    Driver service which failed to start because of the following error: %%183

    Error - 4/6/2012 9:05:28 AM | Computer Name = Adam-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 4/6/2012 9:05:29 AM | Computer Name = Adam-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 4/6/2012 9:05:30 AM | Computer Name = Adam-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 4/6/2012 9:05:31 AM | Computer Name = Adam-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 4/6/2012 9:05:38 AM | Computer Name = Adam-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 4/6/2012 9:05:48 AM | Computer Name = Adam-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 4/6/2012 9:05:48 AM | Computer Name = Adam-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 4/6/2012 9:05:48 AM | Computer Name = Adam-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
    Description = There was an error while attempting to read the local hosts file.

    Error - 4/6/2012 9:05:53 AM | Computer Name = Adam-HP | Source = Service Control Manager | ID = 7024
    Description = The HomeGroup Listener service terminated with service-specific error
    %%-2147023143.


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    You have a "hosts" file missing.

    Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
    Follow all prompts.

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :dir
      C:\WINDOWS\SYSTEM32\DRIVERS\ETC
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  20. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    SystemLook 30.07.11 by jpshortstuff
    Log created at 12:03 on 06/04/2012 by Adam
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

    ========== dir ==========

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

    ---Files---
    hosts --a---- 833 bytes [15:58 06/04/2012] [20:11 22/12/2011]
    hosts.20111115-162143.backup --a---- 854 bytes [21:21 15/11/2011] [22:58 09/04/2011]
    hosts.20111213-121944.backup -ra---- 438189 bytes [02:34 14/07/2009] [21:21 15/11/2011]
    hosts.20120302-185628.backup -ra---- 438189 bytes [02:34 14/07/2009] [17:19 13/12/2011]
    lmhosts.sam --a---- 3683 bytes [02:35 14/07/2009] [21:00 10/06/2009]
    networks --a---- 407 bytes [02:34 14/07/2009] [21:00 10/06/2009]
    protocol --a---- 1358 bytes [02:34 14/07/2009] [21:00 10/06/2009]
    services --a---- 17463 bytes [02:34 14/07/2009] [21:00 10/06/2009]

    ---Folders---
    None found.

    -= EOF =-
     
  21. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    How is redirection now?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      [2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\9yl6vuns.default\sea rchplugins\askcom.xml
      O3 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O4 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
      O15 - HKU\S-1-5-21-649968626-1217438032-2407564498-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      [2012/04/06 09:05:29 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
      @Alternate Data Stream - 160 bytes -> C:\ProgramData\Temp:DFC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
    C:\Windows\assembly\temp\U\80000032.@ a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
    Operating memory a variant of Win32/Sirefef.DN trojan
     
  23. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    ...and what about other steps? Going backward with my instructions?
     
  24. adam34997

    adam34997 TS Rookie Topic Starter Posts: 37

    I did follow all the steps but forgot to post all of them. I am still getting redirected :(

    Should I just reformat?

    Logs below

    SystemLook 30.07.11 by jpshortstuff
    Log created at 12:03 on 06/04/2012 by Adam
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

    ========== dir ==========

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

    ---Files---
    hosts --a---- 833 bytes [15:58 06/04/2012] [20:11 22/12/2011]
    hosts.20111115-162143.backup --a---- 854 bytes [21:21 15/11/2011] [22:58 09/04/2011]
    hosts.20111213-121944.backup -ra---- 438189 bytes [02:34 14/07/2009] [21:21 15/11/2011]
    hosts.20120302-185628.backup -ra---- 438189 bytes [02:34 14/07/2009] [17:19 13/12/2011]
    lmhosts.sam --a---- 3683 bytes [02:35 14/07/2009] [21:00 10/06/2009]
    networks --a---- 407 bytes [02:34 14/07/2009] [21:00 10/06/2009]
    protocol --a---- 1358 bytes [02:34 14/07/2009] [21:00 10/06/2009]
    services --a---- 17463 bytes [02:34 14/07/2009] [21:00 10/06/2009]

    ---Folders---
    None found.

    -= EOF =-

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Spybot - Search & Destroy
    Java(TM) 6 Update 31
    Out of date Java installed!
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe
    Spybot Teatimer.exe is disabled!
    windows defender MpCmdRun.exe
    ``````````End of Log````````````


    Farbar Service Scanner Version: 01-03-2012
    Ran by Adam (administrator) on 06-04-2012 at 12:40:05
    Running from "C:\Users\Adam\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
    C:\Windows\assembly\temp\U\80000032.@ a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
    Operating memory a variant of Win32/Sirefef.DN trojan
     
  25. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Which browser is getting redirected?

    It looks like your Windows firewall is turned off.
    Can you turn it on?
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.