TechSpot

Google redirect malware

By hiker1092
Jul 25, 2012
  1. My Google searches are redirected. Prior to coming here for help I ran TFC and then scanned with MBAM and AVG both normally and from Safe Mode. Neither scanner detected an infection. Appropriate logs follow.

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.25.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Willis :: WILLIS-OFFICE [administrator]

    7/25/2012 12:45:49 PM
    mbam-log-2012-07-25 (12-45-49).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 194220
    Time elapsed: 14 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-25 13:15:56
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75L9A0 rev.02.03E02
    Running: by0dqbu7.exe; Driver: C:\Users\Willis\AppData\Local\Temp\uwrdipow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Willis at 13:25:01 on 2012-07-25
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1790.276 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Nortel Networks\NvcRpcSvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    uRun: [googletalk] c:\users\willis\appdata\roaming\google\google talk\googletalk.exe /autostart
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    Trusted Zone: pg.com\inetwiki
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pg.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webaccess.pg.com/dana-cached/sc/JuniperSetupClient.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{09AD4C78-C83B-4A7F-9004-05653C9D1CED} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{0C79CF7E-F85D-4553-A167-C21EDEB3AB1F} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{A79E083E-E9BB-492E-920F-1226159BBD5E} : DhcpNameServer = 192.168.2.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\willis\appdata\roaming\mozilla\firefox\profiles\y2j1q24q.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\willis\appdata\roaming\mozilla\firefox\profiles\y2j1q24q.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\users\willis\appdata\roaming\mozilla\firefox\profiles\y2j1q24q.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
    FF - plugin: c:\users\willis\appdata\roaming\mozilla\firefox\profiles\y2j1q24q.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 NvcRpcServer;Nortel CVC Service;c:\program files\nortel networks\NvcRpcSvr.exe [2009-10-16 71176]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-10-16 31784]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-8-12 1009152]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys [2010-1-6 187776]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-10-20 39048]
    S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-10-16 148232]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
    S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
    .
    =============== Created Last 30 ================
    .
    2012-07-14 12:58:27 -------- d-----w- c:\users\willis\appdata\local\LogMeIn
    2012-07-14 12:58:27 -------- d-----w- c:\programdata\LogMeIn
    2012-07-11 10:47:51 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 10:40:07 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-11 10:39:23 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 10:39:23 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 10:39:21 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 10:39:21 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 10:39:21 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-03 20:54:09 -------- d-----w- c:\programdata\YTD Video Downloader
    2012-07-02 10:37:11 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-07-02 10:37:11 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-06-27 12:45:18 -------- d-----w- c:\users\willis\appdata\local\ElevatedDiagnostics
    2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
    .
    ==================== Find3M ====================
    .
    2012-07-17 00:51:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-17 00:51:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-14 23:33:42 59 ----a-w- c:\windows\wpd99.drv
    2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 13:26:12.25 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 8/12/2009 4:53:29 PM
    System Uptime: 7/25/2012 11:01:08 AM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0F896N
    Processor: AMD Sempron(tm) Processor LE-1300 | AM2 | 2300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 165.414 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 7.427 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: PSC 2355
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_HP&PROD_PSC_2355&REV_1.00#7&2E11EB7C&0&MY51KF500MKJ&0#
    Manufacturer: HP
    Name: F:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_HP&PROD_PSC_2355&REV_1.00#7&2E11EB7C&0&MY51KF500MKJ&0#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    RP1064: 6/25/2012 9:14:54 AM - Scheduled Checkpoint
    RP1065: 6/26/2012 10:14:15 AM - Scheduled Checkpoint
    RP1066: 6/27/2012 7:04:31 AM - Scheduled Checkpoint
    RP1067: 6/27/2012 8:54:02 AM - Restore Operation
    RP1068: 6/28/2012 9:53:36 AM - Scheduled Checkpoint
    RP1069: 6/29/2012 10:24:41 AM - Scheduled Checkpoint
    RP1070: 6/30/2012 12:14:35 PM - Scheduled Checkpoint
    RP1071: 7/1/2012 11:02:28 AM - Scheduled Checkpoint
    RP1072: 7/2/2012 9:03:34 AM - Scheduled Checkpoint
    RP1073: 7/3/2012 12:38:35 PM - Scheduled Checkpoint
    RP1074: 7/4/2012 8:48:18 AM - Scheduled Checkpoint
    RP1075: 7/5/2012 7:40:46 AM - Scheduled Checkpoint
    RP1076: 7/6/2012 9:25:15 AM - Scheduled Checkpoint
    RP1077: 7/7/2012 8:40:29 AM - Scheduled Checkpoint
    RP1078: 7/8/2012 8:48:40 AM - Scheduled Checkpoint
    RP1079: 7/9/2012 10:22:00 AM - Scheduled Checkpoint
    RP1080: 7/10/2012 8:03:08 AM - Scheduled Checkpoint
    RP1081: 7/11/2012 6:40:14 AM - Windows Update
    RP1082: 7/12/2012 9:08:01 AM - Scheduled Checkpoint
    RP1083: 7/13/2012 7:36:27 AM - Scheduled Checkpoint
    RP1084: 7/14/2012 8:48:15 AM - Scheduled Checkpoint
    RP1085: 7/15/2012 8:54:11 AM - Scheduled Checkpoint
    RP1086: 7/16/2012 8:48:02 AM - Scheduled Checkpoint
    RP1087: 7/17/2012 8:10:03 AM - Scheduled Checkpoint
    RP1088: 7/18/2012 7:32:34 AM - Scheduled Checkpoint
    RP1089: 7/19/2012 8:22:43 AM - Scheduled Checkpoint
    RP1090: 7/20/2012 7:52:27 AM - Scheduled Checkpoint
    RP1091: 7/21/2012 10:21:35 AM - Scheduled Checkpoint
    RP1092: 7/22/2012 10:51:45 AM - Scheduled Checkpoint
    RP1093: 7/23/2012 8:23:32 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV and Media Player 3.1.1.12
    ArcSoft ShowBiz
    Arizona Topo Map
    ATI Catalyst Control Center
    AVG 2012
    AVG PC Tuneup 2011
    Bonjour
    Brother MFC-7840W
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Choice Guard
    Compatibility Pack for the 2007 Office system
    ConvertHelper 2.2
    Coupon Printer for Windows
    Dell-eBay
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    DeLorme Street Atlas USA 2005
    DeLorme Street Atlas USA 2005 Data
    Digital Voice Editor 3
    Driver Install 32-Bit
    ESET Online Scanner v3
    EzGrabber
    Family Tree Heritage
    FLV Player 2.0 (build 25)
    Garmin Communicator Plugin
    Garmin Lifetime Updater
    Garmin MapSource
    Garmin Training Center
    Garmin USB Drivers
    Garmin WebUpdater
    Google Talk (remove only)
    GoToAssist 8.0.0.514
    GoToMeeting 4.5.0.457
    Hawaii Topo Map
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iSEEK AnswerWorks English Runtime
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) 6 Update 31
    Juniper Networks Setup Client
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office File Validation Add-In
    Microsoft Office Live Meeting 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 13.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    Nortel Networks Contivity VPN Client
    OGA Notifier 2.0.0048.0
    Palm Desktop
    PDF-XChange 3
    Pdf995
    Platform
    PowerDVD DX
    Quicken 2012
    QuickTime
    QuickVerse 2007 Bible Suite
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Secunia PSI (2.0.0.3003)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skins
    Solus Basic for Palm Computing
    Street Atlas USA 2005
    synedra View Personal 3.1.0.6
    TerraGo Toolbar
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VIA Platform Device Manager
    VuePrint
    WebEx
    WebEx Recorder and Player
    Winamp
    Winamp Detector Plug-in
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    WinZip 14.5
    WOT for Internet Explorer
    YTD Video Downloader 3.9
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/25/2012 11:03:00 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    7/24/2012 8:07:25 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    7/24/2012 8:06:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
    7/24/2012 8:06:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    7/24/2012 8:05:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    7/24/2012 8:05:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    7/24/2012 8:05:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    7/24/2012 8:05:15 PM, Error: EventLog [6008] - The previous system shutdown at 11:55:18 AM on 7/24/2012 was unexpected.
    7/23/2012 8:49:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    7/22/2012 7:19:39 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A79E083E-E9BB-492E-920F-1226159BBD5E} because another computer on the network has the same name. The server could not start.
    7/20/2012 2:06:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    Which browser is getting redirected?

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Thank you very much for your help.

    Firefox is being redirected. Once I detected this I quit using the computer other than trying to fix the infection. I don't THINK IE is being redirected, but I haven't thoroughly tested to confirm.

    Since I am not using the infected computer for browsing (other than reading and responding to this thread and clicking the links you provide), I will have little input about its performance, unless you ask me to test something.

    When I finished the RogueKiller scan and tried to close it, I received a message saying no elements had been deleted and do I really want to quit. I chose "no" and it stayed open. Since your instructions did not specifically state to close RogueKiller, I ran aswMBR with RogueKiller still open. Shall I close both now?

    Logs follow.

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User: Willis [Admin rights]
    Mode: Scan -- Date: 07/25/2012 14:05:50

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : Root.MBR ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 023e051dcbcf6e9a78928111d2a84b4d
    [BSP] b95df3ea71260e28530813b8b2300a83 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
    User = LL1 ... OK!
    User != LL2 ... KO!
    --- LL2 ---
    [MBR] 9084f9c43fee8868d9c812905ea2fbf5
    [BSP] b95df3ea71260e28530813b8b2300a83 : Windows Vista MBR Code
    Partition table:
    1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo

    +++++ PhysicalDrive1: HP PSC 2355 USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-25 14:06:20
    -----------------------------
    14:06:20.446 OS Version: Windows 6.0.6002 Service Pack 2
    14:06:20.446 Number of processors: 1 586 0x7F02
    14:06:20.447 ComputerName: WILLIS-OFFICE UserName: Willis
    14:06:22.218 Initialize success
    14:18:46.393 AVAST engine defs: 12072500
    14:19:15.349 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    14:19:15.357 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
    14:19:15.369 Disk 0 MBR read successfully
    14:19:15.378 Disk 0 MBR scan
    14:19:15.395 Disk 0 Windows VISTA default MBR code
    14:19:15.407 Disk 0 MBR hidden
    14:19:15.417 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    14:19:15.462 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
    14:19:15.488 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
    14:19:15.497 Disk 0 scanning sectors +625140400
    14:19:15.570 Disk 0 scanning C:\Windows\system32\drivers
    14:19:26.573 Service scanning
    14:19:53.960 Modules scanning
    14:19:57.898 Disk 0 trace - called modules:
    14:19:57.920 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8613d4b1]<<
    14:19:57.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8566fac8]
    14:19:57.944 3 CLASSPNP.SYS[82bab8b3] -> nt!IofCallDriver -> [0x84e1a6d8]
    14:19:57.956 5 acpi.sys[806136bc] -> nt!IofCallDriver -> [0x8407ab98]
    14:19:57.968 \Driver\atapi[0x86012638] -> IRP_MJ_CREATE -> 0x8613d4b1
    14:20:00.557 AVAST engine scan C:\Windows
    14:20:04.907 AVAST engine scan C:\Windows\system32
    14:24:10.999 AVAST engine scan C:\Windows\system32\drivers
    14:24:25.766 AVAST engine scan C:\Users\Willis
    15:06:17.468 AVAST engine scan C:\ProgramData
    15:08:14.448 Scan finished successfully
    15:27:27.998 Disk 0 MBR has been saved successfully to "C:\Users\Willis\Desktop\MBR.dat"
    15:27:28.007 The log file has been saved successfully to "C:\Users\Willis\Desktop\aswMBR.txt"
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I want you to check if IE is OK.

    Next....

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    IE DOES redirect. It is NOT okay. I performed a Google search in IE, clicked on a result, and when I saw the browser being redirected I immediately closed the window. A few moments later an AVG dialog box appeared stating:

    Threat was blocked!
    File name: www1.ub7vira5.kein.hk/I.html
    Threat name: Exploit JavaScript Obfuscation (type 1937) (More info)

    Per your instructions I will remove AVG with AppRemover before running ComboFix. Would you recommend I install Avast! after the scan, rather than AVG?
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I'm not a big fan of AVG :)
     
  7. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Avast! installed.

    Computer seems very slow to open applications. Hard drive light flickers a lot and light on wireless device flickers a lot.

    Note above that IE did redirect when I last checked. I have not checked since ComboFix ran and Avast! installed.

    ComboFix 12-07-26.03 - Willis 07/25/2012 17:09:50.2.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1790.1105 [GMT -4:00]
    Running from: c:\users\Willis\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-25 21:17 . 2012-07-25 21:18 -------- d-----w- c:\users\Willis\AppData\Local\temp
    2012-07-25 21:17 . 2012-07-25 21:17 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-07-25 21:17 . 2012-07-25 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-14 12:58 . 2012-07-14 12:58 -------- d-----w- c:\users\Willis\AppData\Local\LogMeIn
    2012-07-14 12:58 . 2012-07-14 12:58 -------- d-----w- c:\programdata\LogMeIn
    2012-07-11 10:47 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 10:40 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-11 10:39 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 10:39 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 10:39 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 10:39 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 10:39 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-03 20:54 . 2012-07-03 20:54 -------- d-----w- c:\programdata\YTD Video Downloader
    2012-07-02 10:37 . 2012-07-02 10:37 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-07-02 10:37 . 2012-07-02 10:37 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-06-27 12:45 . 2012-06-27 12:45 -------- d-----w- c:\users\Willis\AppData\Local\ElevatedDiagnostics
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-17 00:51 . 2012-04-04 10:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-17 00:51 . 2011-05-15 10:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 17:46 . 2011-06-14 15:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
    2012-06-02 22:19 . 2012-06-21 09:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 09:50 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 09:49 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 09:49 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 09:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 09:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 09:49 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 09:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:12 . 2012-06-21 09:49 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-01 14:03 . 2012-06-13 10:18 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-02 10:37 . 2011-05-15 11:16 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "googletalk"="c:\users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-5-28 1320288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "wave2"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
    2011-12-15 15:40 1446248 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
    2008-08-13 19:34 1891416 ----a-w- c:\program files\Garmin\gStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
    2009-04-28 02:50 17145856 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    2007-07-12 16:43 226904 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-04-24 16:05 250192 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
    2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2008-08-29 22:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2399249089-2145050994-3997310361-1000]
    "EnableNotificationsRef"=dword:00000003
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: pg.com\inetwiki
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-25 17:17
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
    f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:f0,19,ae,be,2e,ce,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,cf,b9,65,06,8d,db,44,ad,0b,37,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,cf,b9,65,06,8d,db,44,ad,0b,37,\
    .
    Completion time: 2012-07-25 17:21:14
    ComboFix-quarantined-files.txt 2012-07-25 21:21
    .
    Pre-Run: 179,069,100,032 bytes free
    Post-Run: 179,122,028,544 bytes free
    .
    - - End Of File - - D10BDB0D44380F24849D3865322D1B85
     
  8. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Avast! just detected and moved search[1].htm from C:\Windows\...\Temporary Internet Files\Content.EI5\2Q14GZKH to the Virus Chest, classifying it as HTML:RedirME-Inf [Trj]. As I was writing this it did the same thing again (7 minutes later).
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I don't see much there.

    Is IE still getting redirected?
    If so, open IE go Tools>Internet options>Advanced tab and click on "Reset" button.
    Restart IE and let me know how it goes.

    Also check if Firefox has same issue.

    Next....

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Much to report.

    Neither IE nor FF now redirect from Google. Instead when I click a search hit Avast! pops up a notice saying:
    Malicious URL Blocked
    Object: http://.../?affiliate=.......(too much for me to catch)
    Infection: URL:Mal
    Process: C:\Program Files\Internet Explorer\iexplore.com (or Firefox.exe when running FF)

    Then nothing loads. The page stays at the Google search results page.

    Also Avast! periodically (unrelated to Google searches) pops up a notice saying:
    Malicious URL Blocked
    Object: http://.../click.php?id=psAEyy1sH60......(too much for me to catch, and is different every time)
    Infection: URL: Mal
    Process: C:\Windows\system32\svchost.exe

    These are popping up as I type this.

    I did run the OTL scan and results follow.

    OTL logfile created on: 7/25/2012 7:02:57 PM - Run 1
    OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Willis\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 51.81% Memory free
    3.74 Gb Paging File | 2.88 Gb Available in Paging File | 76.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 166.26 Gb Free Space | 58.67% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 7.43 Gb Free Space | 50.70% Space Free | Partition Type: NTFS
    Drive S: | 232.88 Gb Total Space | 158.58 Gb Free Space | 68.10% Space Free | Partition Type: NTFS

    Computer Name: WILLIS-OFFICE | User Name: Willis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/25 18:58:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
    PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/11 02:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\DELL\DellDock\DockLogin.exe
    PRC - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe
    PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/01/13 04:07:44 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/07/02 06:37:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/08/20 09:08:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\DELL\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe -- (NvcRpcServer)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Willis\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/01/06 19:40:20 | 000,187,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CxPlrCap.sys -- (CXPLRCAP)
    DRV - [2009/04/28 11:24:58 | 001,009,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2009/01/13 04:12:14 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
    DRV - [2009/01/13 04:07:38 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2009/01/13 04:07:38 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2008/01/20 22:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/11/12 10:03:08 | 000,468,480 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
    DRV - [2007/04/09 14:27:50 | 000,031,784 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eacfilt.sys -- (Eacfilt)
    DRV - [2007/04/09 14:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECSHM)
    DRV - [2007/04/09 14:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECEXT)
    DRV - [2006/09/07 00:34:58 | 000,347,776 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
    DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IcdUsb2.sys -- (ICDUSB2)
    DRV - [2002/06/27 22:00:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {3A39113F-E2D7-499D-8DA6-FD53774238B3}
    IE - HKLM\..\SearchScopes\{3A39113F-E2D7-499D-8DA6-FD53774238B3}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 58 4F 29 17 6D 0C 2D 45 96 68 6F 85 3C 4B D6 E1 [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 58 4F 29 17 6D 0C 2D 45 96 68 6F 85 3C 4B D6 E1 [binary data]
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes,DefaultScope = {57306A27-789F-455F-B9F4-31F620CD55BE}
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes\{57306A27-789F-455F-B9F4-31F620CD55BE}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes\{61AFBF45-6974-4355-B63D-FDBAABB1DF81}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&I=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/25 17:40:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/02 06:37:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/16 03:19:29 | 000,000,000 | ---D | M]

    [2010/09/09 19:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Extensions
    [2010/09/09 19:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
    [2012/07/20 18:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions
    [2011/12/25 11:22:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2010/05/11 12:10:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/05/27 20:45:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/03/29 19:25:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/11/11 08:14:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(246)
    [2012/07/20 11:18:53 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\LogMeInClient@logmein.com
    [2012/04/26 09:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/02 06:37:11 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/03/27 18:15:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2012/04/20 22:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/04/20 22:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 22:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/04/20 22:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/04/20 22:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/04/20 22:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/01/08 18:23:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000..\Run: [googletalk] C:\Users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 215
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..Trusted Domains: pg.com ([inetwiki] http in Trusted sites)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pg.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab (GpcContainer Class)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webaccess.pg.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09AD4C78-C83B-4A7F-9004-05653C9D1CED}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C79CF7E-F85D-4553-A167-C21EDEB3AB1F}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79E083E-E9BB-492E-920F-1226159BBD5E}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Willis\Pictures\Miscellaneous\earth adjusted.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Willis\Pictures\Miscellaneous\earth adjusted.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/25 18:58:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
    [2012/07/25 17:42:24 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/07/25 17:42:24 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/07/25 17:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/07/25 17:42:22 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/07/25 17:42:21 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/07/25 17:42:19 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/07/25 17:42:19 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/07/25 17:40:10 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/25 17:40:08 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/07/25 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/07/25 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/25 17:21:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/25 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\temp
    [2012/07/25 17:20:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/25 17:05:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/25 17:05:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/25 17:05:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/25 17:05:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/25 13:41:20 | 000,000,000 | ---D | C] -- C:\Users\Willis\Desktop\TechSpot CleanUp 2012 07
    [2012/07/18 05:56:40 | 000,000,000 | ---D | C] -- C:\Users\Willis\Desktop\ReSource
    [2012/07/14 08:58:27 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\LogMeIn
    [2012/07/14 08:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
    [2012/07/03 16:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
    [2012/06/27 08:45:18 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\ElevatedDiagnostics
    [2009/08/19 13:33:56 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Willis\AppData\Roaming\DataSafeDotNet.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/07/25 18:58:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
    [2012/07/25 18:43:57 | 000,673,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/25 18:43:57 | 000,128,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/25 18:36:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/25 18:36:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/25 18:35:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/25 18:34:43 | 1878,122,496 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/25 17:42:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/07/25 12:44:37 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/22 17:21:22 | 000,000,716 | ---- | M] () -- C:\Users\Willis\Desktop\Dates 11.lnk
    [2012/07/18 20:51:45 | 024,915,382 | ---- | M] () -- C:\Users\Willis\Desktop\Roehm_Katalog_2010_hi.pdf
    [2012/07/17 07:20:44 | 000,000,786 | ---- | M] () -- C:\Users\Willis\Desktop\Labels.lnk
    [2012/07/14 19:49:13 | 000,788,480 | ---- | M] () -- C:\Users\Willis\Documents\Sturdivant201207.aq
    [2012/07/14 19:49:13 | 000,003,476 | -H-- | M] () -- C:\Users\Willis\Documents\Sturdivant201207.aqalpha
    [2012/07/14 19:33:44 | 000,020,107 | ---- | M] () -- C:\Users\Willis\Desktop\ADAMSCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 19:33:42 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
    [2012/07/14 19:32:46 | 000,154,620 | ---- | M] () -- C:\Users\Willis\Desktop\HAMILTONCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 19:29:02 | 000,034,521 | ---- | M] () -- C:\Users\Willis\Desktop\CLERMONTCountyGoldenBuckeyeMerchants-1.pdf
    [2012/07/14 19:27:01 | 000,034,349 | ---- | M] () -- C:\Users\Willis\Desktop\WARRENCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 08:55:19 | 000,027,520 | ---- | M] () -- C:\Users\Willis\AppData\Local\dt.dat
    [2012/07/12 19:09:45 | 026,581,783 | ---- | M] () -- C:\Users\Willis\Desktop\CDNN2012-3.pdf
    [2012/07/12 12:44:06 | 003,013,796 | ---- | M] () -- C:\Users\Willis\Desktop\REPORT_FINAL_071212.pdf
    [2012/07/11 15:28:12 | 000,000,000 | -H-- | M] () -- C:\Users\Willis\Documents\Default.rdp
    [2012/07/11 07:22:43 | 000,349,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/09 19:27:04 | 000,000,806 | ---- | M] () -- C:\Users\Willis\Desktop\70 Poster B.lnk
    [2012/07/09 19:26:45 | 000,000,924 | ---- | M] () -- C:\Users\Willis\Desktop\81 Poster B.lnk
    [2012/07/08 07:43:23 | 000,788,480 | ---- | M] () -- C:\Users\Willis\Documents\WillDad11.aq
    [2012/07/08 07:43:23 | 000,003,476 | -H-- | M] () -- C:\Users\Willis\Documents\WillDad11.aqalpha
    [2012/07/08 07:31:55 | 000,033,636 | ---- | M] () -- C:\Users\Willis\Desktop\PJS July.pdf
    [2012/07/04 07:10:00 | 000,252,041 | ---- | M] () -- C:\Users\Willis\Desktop\pg833.epub
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/06/25 19:48:53 | 042,705,238 | ---- | M] () -- C:\Users\Willis\Desktop\FFSetup295.zip

    ========== Files Created - No Company Name ==========

    [2012/07/25 17:05:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/25 17:05:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/25 17:05:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/25 17:05:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/25 17:05:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/25 12:44:37 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/24 20:09:01 | 1878,122,496 | -HS- | C] () -- C:\hiberfil.sys
    [2012/07/18 20:51:45 | 024,915,382 | ---- | C] () -- C:\Users\Willis\Desktop\Roehm_Katalog_2010_hi.pdf
    [2012/07/17 07:20:44 | 000,000,786 | ---- | C] () -- C:\Users\Willis\Desktop\Labels.lnk
    [2012/07/14 19:33:42 | 000,020,107 | ---- | C] () -- C:\Users\Willis\Desktop\ADAMSCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 19:32:42 | 000,154,620 | ---- | C] () -- C:\Users\Willis\Desktop\HAMILTONCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 19:29:00 | 000,034,521 | ---- | C] () -- C:\Users\Willis\Desktop\CLERMONTCountyGoldenBuckeyeMerchants-1.pdf
    [2012/07/14 19:25:36 | 000,034,349 | ---- | C] () -- C:\Users\Willis\Desktop\WARRENCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 08:55:19 | 000,027,520 | ---- | C] () -- C:\Users\Willis\AppData\Local\dt.dat
    [2012/07/12 19:08:31 | 026,581,783 | ---- | C] () -- C:\Users\Willis\Desktop\CDNN2012-3.pdf
    [2012/07/12 12:44:06 | 003,013,796 | ---- | C] () -- C:\Users\Willis\Desktop\REPORT_FINAL_071212.pdf
    [2012/07/11 15:28:12 | 000,000,000 | -H-- | C] () -- C:\Users\Willis\Documents\Default.rdp
    [2012/07/08 07:43:48 | 000,003,476 | -H-- | C] () -- C:\Users\Willis\Documents\Sturdivant201207.aqalpha
    [2012/07/08 07:42:07 | 000,788,480 | ---- | C] () -- C:\Users\Willis\Documents\Sturdivant201207.aq
    [2012/07/08 07:31:56 | 000,033,636 | ---- | C] () -- C:\Users\Willis\Desktop\PJS July.pdf
    [2012/07/07 06:59:31 | 000,000,924 | ---- | C] () -- C:\Users\Willis\Desktop\81 Poster B.lnk
    [2012/07/07 06:59:01 | 000,000,806 | ---- | C] () -- C:\Users\Willis\Desktop\70 Poster B.lnk
    [2012/07/04 07:10:00 | 000,252,041 | ---- | C] () -- C:\Users\Willis\Desktop\pg833.epub
    [2012/06/25 19:46:49 | 042,705,238 | ---- | C] () -- C:\Users\Willis\Desktop\FFSetup295.zip
    [2012/04/11 16:59:30 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
    [2012/01/14 11:31:59 | 000,380,928 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
    [2012/01/14 11:31:59 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2012/01/14 11:31:59 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ThumbExtract.dll
    [2011/10/11 21:54:25 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDMain.INI
    [2011/10/11 21:53:26 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDPMSV.INI
    [2011/07/21 19:20:05 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI
    [2011/03/20 13:05:22 | 000,000,658 | ---- | C] () -- C:\Windows\ULead32.ini
    [2011/03/01 11:14:14 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
    [2011/02/27 18:35:45 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
    [2011/02/21 10:03:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/09/25 19:15:31 | 000,000,680 | ---- | C] () -- C:\Users\Willis\AppData\Local\d3d9caps.dat
    [2010/03/25 16:58:44 | 000,003,678 | ---- | C] () -- C:\Users\Willis\.ganttproject
    [2009/08/25 07:08:43 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
    [2009/08/19 22:10:15 | 000,038,912 | ---- | C] () -- C:\Users\Willis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/19 20:23:32 | 000,003,482 | ---- | C] () -- C:\Users\Willis\AppData\Roaming\wklnhst.dat

    ========== LOP Check ==========

    [2012/07/03 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Applian FLV and Media Player
    [2011/02/01 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\AVG
    [2009/12/29 19:35:06 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/10/11 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Downloaded Installations
    [2011/10/11 21:53:13 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\FedEx
    [2009/10/13 19:27:38 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Flickr
    [2011/12/25 11:35:52 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\GARMIN
    [2010/07/18 08:42:36 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Individual Software
    [2011/11/19 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Juniper Networks
    [2011/08/02 16:08:28 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Opera
    [2009/08/24 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\pdf995
    [2010/02/27 13:25:34 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\QuickVerse11
    [2010/01/25 09:23:09 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Stamps.com Internet Postage
    [2009/08/19 20:23:36 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Template
    [2012/04/05 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\webex
    [2012/07/25 18:33:00 | 000,032,658 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  11. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    OTL Extras logfile created on: 7/25/2012 7:02:58 PM - Run 1
    OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Willis\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 51.81% Memory free
    3.74 Gb Paging File | 2.88 Gb Available in Paging File | 76.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 166.26 Gb Free Space | 58.67% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 7.43 Gb Free Space | 50.70% Space Free | Partition Type: NTFS
    Drive S: | 232.88 Gb Total Space | 158.58 Gb Free Space | 68.10% Space Free | Partition Type: NTFS

    Computer Name: WILLIS-OFFICE | User Name: Willis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2399249089-2145050994-3997310361-1000]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 3

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003E212F-CE0C-4B63-8296-2F377D30A669}" = lport=138 | protocol=17 | dir=in | app=system |
    "{1CA8FD3A-CBAC-49D2-8A7F-DFFC89FB688A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{27BDB219-7948-4B81-AD2A-30C7A784B793}" = rport=139 | protocol=6 | dir=out | app=system |
    "{2F8BAE2D-F135-4BEC-9170-3F11465C9294}" = lport=139 | protocol=6 | dir=in | app=system |
    "{385AB37B-5D31-4372-B73B-06D01AF069D5}" = rport=138 | protocol=17 | dir=out | app=system |
    "{569571F7-A51F-4AA1-AAA8-43928D6ED11D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{9FA5F13F-9A1E-484C-B6B8-69CC0540AD96}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{AD0631BA-D5A5-4345-B6D5-43C609818B49}" = lport=445 | protocol=6 | dir=in | app=system |
    "{C86AED14-FB88-4438-833D-AA3D52B8086B}" = lport=137 | protocol=17 | dir=in | app=system |
    "{D9546DE7-2DF5-4B53-91DB-6012E4F65395}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{E2221661-9D8A-4D09-8660-BD2DDA475F8C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E89CD160-5537-491B-AA3A-2CD0CD5692EE}" = rport=445 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0C9535E6-F06E-48BF-9BB3-85FD76D029A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1CFFEFD6-68C1-4A1A-91B7-A676207F15CB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{3396AFAE-C43C-4ADB-9979-3F4354104B61}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
    "{34BCE55E-C8CC-452A-ADC4-B3C52ABA0362}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
    "{36A736A7-BACE-4043-BC64-204C95E634E6}" = protocol=6 | dir=in | app=c:\program files\dyyno\dyyno broadcaster\dgcsrv.exe |
    "{3ECCBCF8-B405-4E28-A39B-79DBAB27F397}" = protocol=17 | dir=in | app=c:\program files\dyyno\dyyno broadcaster\dppm_source.exe |
    "{50784F31-77E7-4FE5-8D7A-638A2B12D29C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{5147DA57-07BA-4F94-BF1E-11BA91A675A9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
    "{56B06848-A27C-4F3F-9885-1505A9EB32EE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{5A86BDAF-B594-4253-A083-2C1FD714D23F}" = protocol=6 | dir=in | app=c:\program files\dyyno\dyyno broadcaster\dppm_source.exe |
    "{65B7A471-08BE-475E-AD71-A8A97AA4EB8F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
    "{78FBD919-DB96-4294-BCD9-09C341029BBF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{8B02404A-0B69-4D51-96C6-99E8543C5A2A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{8C25C182-05A7-4CD7-9E63-A1DD910F72AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{8E455009-EAF2-4ED7-9B4B-622E36F8A152}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
    "{8F047AA5-AB70-4020-93E6-F8EBF211E62E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{92A82F46-5F3B-4F4B-A328-C4E64DB3795A}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{94F71E2F-520F-442E-B434-70921AB15E9D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{A6F8FFBF-A692-4374-A843-256517018684}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{B75E086E-971F-4437-843D-0EC8246474A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
    "{C945C26F-3888-4F39-81E0-4BF271026728}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{CA1589A9-8490-46FF-996C-B74A09F9D7C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{D0803BCB-D99D-4D73-8D47-EDE0D0304651}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{D5039EB5-710C-4A86-853A-BEE677531B4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{EA2D3C33-5CE5-4798-8314-0B7338EC61A6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{F4D94EC5-91FA-4CC2-AA79-3F50D74EDB39}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{F7467EF4-1433-4F41-B691-C701BD163749}" = protocol=17 | dir=in | app=c:\program files\dyyno\dyyno broadcaster\dgcsrv.exe |
    "TCP Query User{55D44726-E9AB-4268-9A78-C166AA52C39F}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
    "TCP Query User{66831305-B56D-4F4C-83D7-505B0AC2792C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "TCP Query User{C7D17A94-498E-485D-833A-B5297F60BE1F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{076834CB-A61D-4C0A-AD4A-95ED5328DD98}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{5F3837A2-43AD-4EFD-9259-DD7D64E03906}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "UDP Query User{C6EE7F65-B35E-4678-998E-E9995AE41E20}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{028BB5A9-6385-4CF6-A6FF-D512D5015DBA}" = Garmin Lifetime Updater
    "{038BB590-D547-6625-1ACB-5D072B484891}" = Catalyst Control Center Localization Polish
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0712E395-DF4E-2C03-312B-82B18192F37E}" = CCC Help Turkish
    "{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{08F6391A-5C26-C9A6-9E90-06AFA62BAD82}" = CCC Help Japanese
    "{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0FAC8FE4-B03C-5E69-3E26-A688C5BD753C}" = CCC Help Swedish
    "{13C8D5EF-ECAB-4BF9-AB35-9774AEC00EEE}" = DeLorme Street Atlas USA 2005 Data
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17AE413C-3DDB-3DB8-A9E1-8C9A6B4C3F81}" = CCC Help Thai
    "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
    "{19549B98-113C-B5A1-6185-91AEA7F8FB86}" = CCC Help Hungarian
    "{195D6D67-3520-B663-C056-D2F877E24F0C}" = CCC Help Chinese Traditional
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1A3F6AD7-7A95-439B-BF54-F418C7CC6380}" = WebEx Recorder and Player
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
    "{1C2C78DB-846D-0879-4C07-BB02D1819D0E}" = Catalyst Control Center Localization Japanese
    "{1D174E6E-E58B-63EF-AAE4-4A0F9C6CAD09}" = CCC Help English
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{219E9FF4-EFB5-1508-4B1D-4D25860E6AF7}" = ccc-utility
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{26A24AE4-039D-4CA4-87B4-2F83216029F0}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{28D309DC-4EDD-49B4-A7CB-6B5C0E075B34}" = TerraGo Toolbar
    "{2AD6DCAA-3A43-335B-566E-BBBF5EDE66AF}" = CCC Help Portuguese
    "{2B8B7931-698C-4A7B-DE65-1C266275ABA8}" = CCC Help Greek
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
    "{31FB48E7-73CA-2A77-8EF0-6DC4643F5A52}" = Catalyst Control Center Localization Hungarian
    "{34D7C68C-AB0C-A606-6C98-DD517165DE48}" = Catalyst Control Center Graphics Previews Common
    "{3792C245-6923-6519-BC25-AA312D421040}" = Catalyst Control Center Graphics Full Existing
    "{3809C143-D176-2E2F-7457-C134C5096D4C}" = Catalyst Control Center Localization Finnish
    "{3A2B6345-5F37-3C2B-EB33-95E4CCE32B6E}" = CCC Help Danish
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D13663C-7754-D091-CCCC-4BF3DBDC45F0}" = Catalyst Control Center Graphics Light
    "{3DBE4620-5B8F-1D5B-D7E0-F4E3660EB75E}" = CCC Help Russian
    "{3E378D59-E702-5F50-33A8-4CC9CA7B7E2D}" = Catalyst Control Center Localization Norwegian
    "{4042129F-CA94-4BC7-92ED-0F14DD4AA742}" = Street Atlas USA 2005
    "{40A6D5BF-5790-F73A-C813-5B532C68F2FC}" = CCC Help Czech
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4DECF5E2-AE93-4ED3-4699-1F3CCEFBE23E}" = CCC Help Norwegian
    "{53D33A47-E48E-A3F4-B9F7-B775C5FEB410}" = Skins
    "{5944C8E6-6CED-5DAF-3A06-ACB61F946768}" = ccc-core-static
    "{5F6EE90E-10C7-4D54-EEF8-A1558CD6BC74}" = Catalyst Control Center Localization German
    "{62A73901-88EA-486A-90AE-38A4D80A56F8}" = Catalyst Control Center Localization Chinese Standard
    "{63A53213-113E-103F-69B6-A3A156FB073D}" = Catalyst Control Center Localization Russian
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6624B6A8-362E-480D-B91A-9657EF4E44B3}" = Brother MFC-7840W
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6CA0E546-575E-162C-66CF-F97AC0706D86}" = Catalyst Control Center Localization Swedish
    "{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
    "{70F45E2F-4C72-346B-18DB-A4E43C0B7A21}" = CCC Help Korean
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71B16F02-FAA6-FB12-E12A-0127D9252217}" = CCC Help German
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{8543A572-5993-4101-BACC-C83884E183A4}" = EzGrabber
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{88B3FCFC-5B4D-12EA-43B5-706A97CFFE57}" = Catalyst Control Center Localization Dutch
    "{8992BBAC-5011-1F62-C74E-1D09D0C3AEDC}" = Catalyst Control Center Localization Greek
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A5F50EE-3C86-ECAC-1EFA-500E5A75F40B}" = CCC Help Italian
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8BB961DD-2117-89F7-886E-4548EF974C4C}" = Catalyst Control Center Graphics Previews Vista
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}" = ArcSoft ShowBiz
    "{A130D182-69C4-1A79-22A2-43B5896EC384}" = CCC Help Polish
    "{A631582D-B1E2-9FE6-C6A3-4F58F3CC5D19}" = Catalyst Control Center Localization Italian
    "{A6D3E894-E6B7-B8BA-B0E8-3F116605D63F}" = Catalyst Control Center Localization Portuguese
    "{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
    "{A8BF7AAD-DF08-E467-817A-A46F6C0858E6}" = Catalyst Control Center Localization Danish
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
    "{AD631885-B98C-4A61-8C77-1955478F8DBB}" = Street Atlas USA 2005
    "{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
    "{BB5DA6E6-3C28-4D9D-817C-B181D08F3AF1}" = Driver Install 32-Bit
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BF649EC0-8CF5-C377-D695-6E9BDECCD6EC}" = Catalyst Control Center Localization Czech
    "{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
    "{C27C6B48-4D01-4190-9008-FCD3F7F05DAF}" = Street Atlas USA 2005
    "{C3E5EEAD-2FDA-5171-778A-470BDD0D0171}" = Catalyst Control Center Localization Spanish
    "{C5A2C616-FA81-931E-E7C4-FA77B5875DCE}" = CCC Help Finnish
    "{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
    "{C77509EA-0817-9A13-C519-595364992633}" = Catalyst Control Center Localization Chinese Traditional
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFEA13A7-2E78-14E4-8E41-C5976867A266}" = CCC Help Chinese Standard
    "{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
    "{D5BBD350-F44E-47C1-9245-228AD8A9171D}" = DeLorme Street Atlas USA 2005
    "{D75B3287-0A3D-60CF-35FF-6F860CB3060C}" = CCC Help Dutch
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DE0F129D-6B44-FD71-7115-B105B74E636F}" = Catalyst Control Center Localization Thai
    "{DFC0DC5F-5867-7367-4D75-5E954094D565}" = CCC Help Spanish
    "{E30DAA93-3DB3-6C5D-6BCC-66047D3F94A3}" = Catalyst Control Center Localization Korean
    "{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
    "{E8D19DDB-91C4-EE01-707F-6064AC50DDAF}" = Catalyst Control Center Core Implementation
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EC105D13-1924-CC00-1EE3-7044EB94E382}" = CCC Help French
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F0703D51-3745-D787-4D6D-FDB187B5EFE4}" = Catalyst Control Center Localization French
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F1C99E71-6C74-422B-901F-42987D405989}" = Street Atlas USA 2005
    "{F262FF0A-F2E9-2C3B-D764-50CE950F0299}" = Catalyst Control Center InstallProxy
    "{F5D72489-A79B-44F5-9317-53912F266DAA}" = Street Atlas USA 2005
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FF2C4E39-BDC3-00D7-65D8-67E910F01B40}" = Catalyst Control Center Localization Turkish
    "{FF85E1F1-F255-E3D5-8AA7-B5875F4D7F01}" = Catalyst Control Center Graphics Full New
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
    "Arizona Topo" = Arizona Topo Map
    "avast" = avast! Free Antivirus
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "Digital Editions" = Adobe Digital Editions
    "ESET Online Scanner" = ESET Online Scanner v3
    "Family Tree Heritage" = Family Tree Heritage
    "FLV Player" = FLV Player 2.0 (build 25)
    "GoToAssist" = GoToAssist 8.0.0.514
    "Hawaii Topo" = Hawaii Topo Map
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "InstallShield_{BB5DA6E6-3C28-4D9D-817C-B181D08F3AF1}" = Driver Install 32-Bit
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Pdf995" = Pdf995
    "PDF-XChange 3_is1" = PDF-XChange 3
    "QuickVerse 2007 Bible Suite" = QuickVerse 2007 Bible Suite
    "Secunia PSI" = Secunia PSI (2.0.0.3003)
    "Solus Basic for Palm Computing" = Solus Basic for Palm Computing
    "synedraViewPersonal" = synedra View Personal 3.1.0.6
    "VuePrint" = VuePrint
    "Winamp" = Winamp
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "GoToMeeting" = GoToMeeting 4.5.0.457
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 1/8/2012 6:12:24 PM | Computer Name = Willis-Office | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/8/2012 6:12:24 PM | Computer Name = Willis-Office | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/8/2012 6:24:41 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
    Description =

    Error - 1/8/2012 7:16:47 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
    Description =

    Error - 1/9/2012 5:46:21 AM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
    Description =

    Error - 1/9/2012 12:20:58 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
    Description =

    Error - 1/9/2012 12:27:41 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
    Description =

    Error - 1/9/2012 12:39:36 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
    Description =

    Error - 1/9/2012 1:06:47 PM | Computer Name = Willis-Office | Source = Windows Search Service | ID = 3013
    Description =

    Error - 1/9/2012 1:06:47 PM | Computer Name = Willis-Office | Source = Windows Search Service | ID = 3013
    Description =

    [ System Events ]
    Error - 7/25/2012 4:54:33 PM | Computer Name = Willis-Office | Source = DCOM | ID = 10016
    Description =

    Error - 7/25/2012 5:09:37 PM | Computer Name = Willis-Office | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/25/2012 5:14:21 PM | Computer Name = Willis-Office | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/25/2012 5:17:47 PM | Computer Name = Willis-Office | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/25/2012 5:26:50 PM | Computer Name = Willis-Office | Source = Print | ID = 19
    Description = The print spooler failed to share printer HP psc 2350 series with
    shared resource name HP psc 2350 series. Error 2114. The printer cannot be used
    by others on the network.

    Error - 7/25/2012 5:27:50 PM | Computer Name = Willis-Office | Source = DCOM | ID = 10016
    Description =

    Error - 7/25/2012 6:30:42 PM | Computer Name = Willis-Office | Source = Print | ID = 19
    Description = The print spooler failed to share printer HP psc 2350 series with
    shared resource name HP psc 2350 series. Error 2114. The printer cannot be used
    by others on the network.

    Error - 7/25/2012 6:31:45 PM | Computer Name = Willis-Office | Source = DCOM | ID = 10016
    Description =

    Error - 7/25/2012 6:35:57 PM | Computer Name = Willis-Office | Source = Print | ID = 19
    Description = The print spooler failed to share printer HP psc 2350 series with
    shared resource name HP psc 2350 series. Error 2114. The printer cannot be used
    by others on the network.

    Error - 7/25/2012 6:36:57 PM | Computer Name = Willis-Office | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    In both browsers?
     
  13. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Well, it WAS in both browsers.

    I had shut down the offensive PC and just restarted it to confirm my answer to your question, and now both browsers go to a Google search result link without redirecting. VERY slowly though.

    I am still getting Malicious URL popups, just not from the Google Search Results page.
     
  14. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Also I just noted that my CPU usage is presently at 100%, and according to Windows' Resource Monitor it is due to svchost.exe (netsvcs)..
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    I did as directed. Avast! showed a popup that said it blocked TDSSKiller.exe.

    First half of log follows.

    21:28:55.0083 2812 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    21:28:55.0546 2812 ============================================================
    21:28:55.0547 2812 Current date / time: 2012/07/25 21:28:55.0546
    21:28:55.0547 2812 SystemInfo:
    21:28:55.0547 2812
    21:28:55.0547 2812 OS Version: 6.0.6002 ServicePack: 2.0
    21:28:55.0547 2812 Product type: Workstation
    21:28:55.0547 2812 ComputerName: WILLIS-OFFICE
    21:28:55.0549 2812 UserName: Willis
    21:28:55.0549 2812 Windows directory: C:\Windows
    21:28:55.0549 2812 System windows directory: C:\Windows
    21:28:55.0549 2812 Processor architecture: Intel x86
    21:28:55.0549 2812 Number of processors: 1
    21:28:55.0549 2812 Page size: 0x1000
    21:28:55.0549 2812 Boot type: Normal boot
    21:28:55.0549 2812 ============================================================
    21:28:56.0761 2812 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:28:56.0788 2812 ============================================================
    21:28:56.0788 2812 \Device\Harddisk0\DR0:
    21:28:56.0789 2812 MBR partitions:
    21:28:56.0789 2812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    21:28:56.0789 2812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
    21:28:56.0789 2812 ============================================================
    21:28:56.0821 2812 C: <-> \Device\Harddisk0\DR0\Partition1
    21:28:56.0849 2812 D: <-> \Device\Harddisk0\DR0\Partition0
    21:28:56.0849 2812 ============================================================
    21:28:56.0849 2812 Initialize success
    21:28:56.0849 2812 ============================================================
    21:29:07.0164 3308 ============================================================
    21:29:07.0164 3308 Scan started
    21:29:07.0164 3308 Mode: Manual;
    21:29:07.0164 3308 ============================================================
    21:29:08.0504 3308 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    21:29:08.0514 3308 ACDaemon - ok
    21:29:08.0684 3308 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    21:29:08.0694 3308 ACPI - ok
    21:29:08.0783 3308 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    21:29:08.0801 3308 adp94xx - ok
    21:29:08.0902 3308 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    21:29:08.0915 3308 adpahci - ok
    21:29:08.0942 3308 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    21:29:08.0947 3308 adpu160m - ok
    21:29:08.0970 3308 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    21:29:08.0981 3308 adpu320 - ok
    21:29:09.0042 3308 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    21:29:09.0043 3308 AeLookupSvc - ok
    21:29:09.0122 3308 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    21:29:09.0130 3308 AFD - ok
    21:29:09.0185 3308 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    21:29:09.0187 3308 agp440 - ok
    21:29:09.0239 3308 ahcix86s (356d519b2868e30100fe846d232e1757) C:\Windows\system32\drivers\ahcix86s.sys
    21:29:09.0249 3308 ahcix86s - ok
    21:29:09.0337 3308 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    21:29:09.0339 3308 aic78xx - ok
    21:29:09.0373 3308 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    21:29:09.0375 3308 ALG - ok
    21:29:09.0422 3308 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    21:29:09.0423 3308 aliide - ok
    21:29:09.0456 3308 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    21:29:09.0458 3308 amdagp - ok
    21:29:09.0480 3308 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    21:29:09.0482 3308 amdide - ok
    21:29:09.0510 3308 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    21:29:09.0511 3308 AmdK7 - ok
    21:29:09.0527 3308 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    21:29:09.0528 3308 AmdK8 - ok
    21:29:09.0615 3308 AppHostSvc (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
    21:29:09.0617 3308 AppHostSvc - ok
    21:29:09.0665 3308 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    21:29:09.0667 3308 Appinfo - ok
    21:29:09.0832 3308 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:29:09.0834 3308 Apple Mobile Device - ok
    21:29:09.0912 3308 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    21:29:09.0914 3308 arc - ok
    21:29:09.0947 3308 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    21:29:09.0950 3308 arcsas - ok
    21:29:10.0059 3308 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    21:29:10.0060 3308 aspnet_state - ok
    21:29:10.0125 3308 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
    21:29:10.0127 3308 aswFsBlk - ok
    21:29:10.0225 3308 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
    21:29:10.0227 3308 aswMonFlt - ok
    21:29:10.0285 3308 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\AswRdr.sys
    21:29:10.0286 3308 AswRdr - ok
    21:29:10.0372 3308 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
    21:29:10.0385 3308 aswSnx - ok
    21:29:10.0431 3308 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
    21:29:10.0444 3308 aswSP - ok
    21:29:10.0490 3308 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
    21:29:10.0491 3308 aswTdi - ok
    21:29:10.0512 3308 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:29:10.0513 3308 AsyncMac - ok
    21:29:10.0539 3308 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    21:29:10.0540 3308 atapi - ok
    21:29:10.0630 3308 Ati External Event Utility (740b9b4140caccd0513d999eab488e48) C:\Windows\system32\Ati2evxx.exe
    21:29:10.0646 3308 Ati External Event Utility - ok
    21:29:10.0917 3308 atikmdag (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:29:10.0987 3308 atikmdag - ok
    21:29:11.0142 3308 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    21:29:11.0156 3308 AudioEndpointBuilder - ok
    21:29:11.0169 3308 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    21:29:11.0173 3308 Audiosrv - ok
    21:29:11.0273 3308 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    21:29:11.0274 3308 avast! Antivirus - ok
    21:29:11.0390 3308 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    21:29:11.0391 3308 Beep - ok
    21:29:11.0474 3308 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
    21:29:11.0488 3308 BFE - ok
    21:29:11.0587 3308 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
    21:29:11.0609 3308 BITS - ok
    21:29:11.0638 3308 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    21:29:11.0639 3308 blbdrive - ok
    21:29:11.0748 3308 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    21:29:11.0764 3308 Bonjour Service - ok
    21:29:11.0826 3308 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    21:29:11.0830 3308 bowser - ok
    21:29:11.0897 3308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    21:29:11.0898 3308 BrFiltLo - ok
    21:29:11.0933 3308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    21:29:11.0934 3308 BrFiltUp - ok
    21:29:11.0978 3308 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    21:29:11.0980 3308 Browser - ok
    21:29:12.0016 3308 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    21:29:12.0018 3308 Brserid - ok
    21:29:12.0047 3308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    21:29:12.0049 3308 BrSerWdm - ok
    21:29:12.0078 3308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    21:29:12.0080 3308 BrUsbMdm - ok
    21:29:12.0102 3308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    21:29:12.0103 3308 BrUsbSer - ok
    21:29:12.0128 3308 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    21:29:12.0129 3308 BTHMODEM - ok
    21:29:12.0255 3308 catchme - ok
    21:29:12.0319 3308 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:29:12.0321 3308 cdfs - ok
    21:29:12.0379 3308 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    21:29:12.0381 3308 cdrom - ok
    21:29:12.0452 3308 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    21:29:12.0453 3308 CertPropSvc - ok
    21:29:12.0479 3308 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
    21:29:12.0481 3308 circlass - ok
    21:29:12.0519 3308 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    21:29:12.0531 3308 CLFS - ok
    21:29:12.0597 3308 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:29:12.0599 3308 clr_optimization_v2.0.50727_32 - ok
    21:29:12.0661 3308 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:29:12.0674 3308 clr_optimization_v4.0.30319_32 - ok
    21:29:12.0703 3308 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    21:29:12.0704 3308 cmdide - ok
    21:29:12.0729 3308 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
    21:29:12.0730 3308 Compbatt - ok
    21:29:12.0743 3308 COMSysApp - ok
    21:29:12.0766 3308 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    21:29:12.0768 3308 crcdisk - ok
    21:29:12.0801 3308 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    21:29:12.0805 3308 Crusoe - ok
    21:29:12.0849 3308 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
    21:29:12.0859 3308 CryptSvc - ok
    21:29:12.0941 3308 CXPLRCAP (bb9f5d143b49afb4632467f7e8b3d799) C:\Windows\system32\drivers\CxPlrCap.sys
    21:29:12.0944 3308 CXPLRCAP - ok
    21:29:13.0017 3308 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    21:29:13.0032 3308 DcomLaunch - ok
    21:29:13.0085 3308 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    21:29:13.0090 3308 DfsC - ok
    21:29:13.0268 3308 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    21:29:13.0335 3308 DFSR - ok
    21:29:13.0544 3308 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    21:29:13.0554 3308 Dhcp - ok
    21:29:13.0598 3308 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    21:29:13.0600 3308 disk - ok
    21:29:13.0676 3308 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    21:29:13.0681 3308 Dnscache - ok
    21:29:13.0803 3308 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
    21:29:13.0807 3308 DockLoginService - ok
    21:29:13.0899 3308 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    21:29:13.0907 3308 dot3svc - ok
    21:29:13.0963 3308 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    21:29:13.0970 3308 DPS - ok
    21:29:14.0006 3308 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    21:29:14.0007 3308 drmkaud - ok
    21:29:14.0066 3308 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    21:29:14.0074 3308 DXGKrnl - ok
    21:29:14.0135 3308 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
    21:29:14.0145 3308 e1express - ok
    21:29:14.0183 3308 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:29:14.0187 3308 E1G60 - ok
    21:29:14.0256 3308 Eacfilt (47d1b4dc8da75742f023ae21e0d057a2) C:\Windows\system32\DRIVERS\eacfilt.sys
    21:29:14.0257 3308 Eacfilt - ok
    21:29:14.0309 3308 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    21:29:14.0311 3308 EapHost - ok
    21:29:14.0332 3308 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    21:29:14.0341 3308 Ecache - ok
    21:29:14.0426 3308 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    21:29:14.0432 3308 elxstor - ok
    21:29:14.0502 3308 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    21:29:14.0517 3308 EMDMgmt - ok
    21:29:14.0541 3308 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
    21:29:14.0542 3308 ErrDev - ok
    21:29:14.0612 3308 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    21:29:14.0618 3308 EventSystem - ok
    21:29:14.0690 3308 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    21:29:14.0702 3308 exfat - ok
    21:29:14.0735 3308 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    21:29:14.0738 3308 fastfat - ok
    21:29:14.0763 3308 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    21:29:14.0764 3308 fdc - ok
    21:29:14.0788 3308 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    21:29:14.0790 3308 fdPHost - ok
    21:29:14.0833 3308 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    21:29:14.0836 3308 FDResPub - ok
    21:29:14.0858 3308 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    21:29:14.0860 3308 FileInfo - ok
    21:29:14.0888 3308 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    21:29:14.0889 3308 Filetrace - ok
    21:29:14.0906 3308 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:29:14.0908 3308 flpydisk - ok
    21:29:14.0943 3308 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    21:29:14.0947 3308 FltMgr - ok
    21:29:15.0051 3308 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    21:29:15.0071 3308 FontCache - ok
    21:29:15.0119 3308 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    21:29:15.0120 3308 FontCache3.0.0.0 - ok
    21:29:15.0155 3308 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
    21:29:15.0156 3308 Fs_Rec - ok
    21:29:15.0181 3308 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    21:29:15.0183 3308 gagp30kx - ok
    21:29:15.0223 3308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:29:15.0224 3308 GEARAspiWDM - ok
    21:29:15.0305 3308 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    21:29:15.0307 3308 GoToAssist - ok
    21:29:15.0365 3308 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    21:29:15.0422 3308 gpsvc - ok
    21:29:15.0493 3308 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    21:29:15.0502 3308 HdAudAddService - ok
    21:29:15.0563 3308 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:29:15.0572 3308 HDAudBus - ok
    21:29:15.0606 3308 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    21:29:15.0607 3308 HidBth - ok
    21:29:15.0654 3308 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
    21:29:15.0656 3308 HidIr - ok
    21:29:15.0702 3308 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
    21:29:15.0705 3308 hidserv - ok
    21:29:15.0730 3308 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    21:29:15.0731 3308 HidUsb - ok
    21:29:15.0769 3308 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    21:29:15.0783 3308 hkmsvc - ok
    21:29:15.0811 3308 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    21:29:15.0813 3308 HpCISSs - ok
    21:29:15.0868 3308 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
    21:29:15.0881 3308 HTTP - ok
    21:29:15.0911 3308 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    21:29:15.0913 3308 i2omp - ok
    21:29:15.0985 3308 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:29:15.0987 3308 i8042prt - ok
    21:29:16.0039 3308 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    21:29:16.0047 3308 iaStorV - ok
    21:29:16.0119 3308 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\Windows\system32\Drivers\ICDUSB2.sys
    21:29:16.0121 3308 ICDUSB2 - ok
    21:29:16.0238 3308 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    21:29:16.0257 3308 idsvc - ok
    21:29:16.0299 3308 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    21:29:16.0301 3308 iirsp - ok
    21:29:16.0355 3308 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    21:29:16.0367 3308 IKEEXT - ok
    21:29:16.0414 3308 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    21:29:16.0415 3308 intelide - ok
    21:29:16.0443 3308 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    21:29:16.0445 3308 intelppm - ok
    21:29:16.0514 3308 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    21:29:16.0527 3308 IPBusEnum - ok
    21:29:16.0580 3308 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:29:16.0581 3308 IpFilterDriver - ok
    21:29:16.0619 3308 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
    21:29:16.0629 3308 iphlpsvc - ok
    21:29:16.0639 3308 IpInIp - ok
    21:29:16.0666 3308 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    21:29:16.0668 3308 IPMIDRV - ok
    21:29:16.0702 3308 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    21:29:16.0705 3308 IPNAT - ok
    21:29:16.0826 3308 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    21:29:16.0845 3308 iPod Service - ok
    21:29:16.0915 3308 IPSECEXT (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
    21:29:16.0920 3308 IPSECEXT - ok
    21:29:16.0932 3308 IPSECSHM (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
    21:29:16.0934 3308 IPSECSHM - ok
    21:29:16.0959 3308 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    21:29:16.0961 3308 IRENUM - ok
    21:29:16.0988 3308 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    21:29:16.0990 3308 isapnp - ok
    21:29:17.0032 3308 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:29:17.0035 3308 iScsiPrt - ok
    21:29:17.0061 3308 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    21:29:17.0063 3308 iteatapi - ok
    21:29:17.0090 3308 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    21:29:17.0093 3308 iteraid - ok
    21:29:17.0114 3308 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:29:17.0115 3308 kbdclass - ok
    21:29:17.0177 3308 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:29:17.0178 3308 kbdhid - ok
    21:29:17.0208 3308 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    21:29:17.0215 3308 KeyIso - ok
    21:29:17.0270 3308 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
    21:29:17.0278 3308 KSecDD - ok
    21:29:17.0355 3308 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    21:29:17.0370 3308 KtmRm - ok
    21:29:17.0412 3308 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
    21:29:17.0433 3308 LanmanServer - ok
    21:29:17.0475 3308 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    21:29:17.0484 3308 LanmanWorkstation - ok
    21:29:17.0507 3308 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:29:17.0509 3308 lltdio - ok
    21:29:17.0542 3308 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    21:29:17.0551 3308 lltdsvc - ok
    21:29:17.0573 3308 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    21:29:17.0576 3308 lmhosts - ok
    21:29:17.0613 3308 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    21:29:17.0615 3308 LSI_FC - ok
    21:29:17.0644 3308 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    21:29:17.0647 3308 LSI_SAS - ok
    21:29:17.0698 3308 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    21:29:17.0700 3308 LSI_SCSI - ok
    21:29:17.0728 3308 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    21:29:17.0732 3308 luafv - ok
    21:29:17.0754 3308 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    21:29:17.0755 3308 megasas - ok
    21:29:17.0803 3308 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    21:29:17.0817 3308 MegaSR - ok
    21:29:17.0852 3308 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    21:29:17.0859 3308 MMCSS - ok
    21:29:17.0878 3308 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    21:29:17.0880 3308 Modem - ok
    21:29:17.0909 3308 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    21:29:17.0910 3308 monitor - ok
    21:29:17.0934 3308 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    21:29:17.0937 3308 mouclass - ok
    21:29:17.0955 3308 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    21:29:17.0957 3308 mouhid - ok
    21:29:17.0972 3308 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    21:29:17.0974 3308 MountMgr - ok
    21:29:18.0075 3308 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    21:29:18.0087 3308 MozillaMaintenance - ok
    21:29:18.0129 3308 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    21:29:18.0132 3308 mpio - ok
    21:29:18.0164 3308 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    21:29:18.0166 3308 mpsdrv - ok
    21:29:18.0224 3308 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
    21:29:18.0236 3308 MpsSvc - ok
    21:29:18.0264 3308 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    21:29:18.0266 3308 Mraid35x - ok
    21:29:18.0328 3308 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    21:29:18.0331 3308 MRxDAV - ok
    21:29:18.0369 3308 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:29:18.0374 3308 mrxsmb - ok
    21:29:18.0421 3308 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:29:18.0431 3308 mrxsmb10 - ok
    21:29:18.0468 3308 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:29:18.0470 3308 mrxsmb20 - ok
     
  17. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Second half of log.

    21:29:18.0496 3308 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
    21:29:18.0498 3308 msahci - ok
    21:29:18.0534 3308 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    21:29:18.0536 3308 msdsm - ok
    21:29:18.0578 3308 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    21:29:18.0591 3308 MSDTC - ok
    21:29:18.0625 3308 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    21:29:18.0627 3308 Msfs - ok
    21:29:18.0662 3308 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    21:29:18.0664 3308 msisadrv - ok
    21:29:18.0702 3308 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    21:29:18.0715 3308 MSiSCSI - ok
    21:29:18.0727 3308 msiserver - ok
    21:29:18.0753 3308 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    21:29:18.0755 3308 MSKSSRV - ok
    21:29:18.0785 3308 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:29:18.0786 3308 MSPCLOCK - ok
    21:29:18.0802 3308 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    21:29:18.0803 3308 MSPQM - ok
    21:29:18.0850 3308 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    21:29:18.0861 3308 MsRPC - ok
    21:29:18.0895 3308 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:29:18.0896 3308 mssmbios - ok
    21:29:18.0954 3308 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    21:29:18.0956 3308 MSTEE - ok
    21:29:18.0979 3308 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    21:29:18.0980 3308 Mup - ok
    21:29:19.0023 3308 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    21:29:19.0038 3308 napagent - ok
    21:29:19.0075 3308 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    21:29:19.0085 3308 NativeWifiP - ok
    21:29:19.0176 3308 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    21:29:19.0184 3308 NDIS - ok
    21:29:19.0206 3308 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:29:19.0208 3308 NdisTapi - ok
    21:29:19.0227 3308 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:29:19.0229 3308 Ndisuio - ok
    21:29:19.0265 3308 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:29:19.0269 3308 NdisWan - ok
    21:29:19.0321 3308 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    21:29:19.0323 3308 NDProxy - ok
    21:29:19.0338 3308 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    21:29:19.0340 3308 NetBIOS - ok
    21:29:19.0378 3308 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    21:29:19.0387 3308 netbt - ok
    21:29:19.0423 3308 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    21:29:19.0427 3308 Netlogon - ok
    21:29:19.0486 3308 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    21:29:19.0498 3308 Netman - ok
    21:29:19.0551 3308 NetMsmqActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:29:19.0553 3308 NetMsmqActivator - ok
    21:29:19.0566 3308 NetPipeActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:29:19.0568 3308 NetPipeActivator - ok
    21:29:19.0600 3308 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    21:29:19.0610 3308 netprofm - ok
    21:29:19.0693 3308 netr73 (fbbdcacbc128670983cca59345be5454) C:\Windows\system32\DRIVERS\netr73.sys
    21:29:19.0699 3308 netr73 - ok
    21:29:19.0713 3308 NetTcpActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:29:19.0715 3308 NetTcpActivator - ok
    21:29:19.0734 3308 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:29:19.0738 3308 NetTcpPortSharing - ok
    21:29:19.0765 3308 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    21:29:19.0767 3308 nfrd960 - ok
    21:29:19.0804 3308 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    21:29:19.0815 3308 NlaSvc - ok
    21:29:19.0842 3308 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    21:29:19.0844 3308 Npfs - ok
    21:29:19.0874 3308 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    21:29:19.0882 3308 nsi - ok
    21:29:19.0903 3308 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    21:29:19.0905 3308 nsiproxy - ok
    21:29:20.0000 3308 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    21:29:20.0026 3308 Ntfs - ok
    21:29:20.0058 3308 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    21:29:20.0060 3308 ntrigdigi - ok
    21:29:20.0075 3308 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    21:29:20.0077 3308 Null - ok
    21:29:20.0193 3308 NvcRpcServer (0036c971ee6335e27bd4e66eddf8727f) C:\Program Files\Nortel Networks\NvcRpcSvr.exe
    21:29:20.0203 3308 NvcRpcServer - ok
    21:29:20.0250 3308 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    21:29:20.0273 3308 nvraid - ok
    21:29:20.0334 3308 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    21:29:20.0337 3308 nvstor - ok
    21:29:20.0378 3308 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    21:29:20.0382 3308 nv_agp - ok
    21:29:20.0396 3308 NwlnkFlt - ok
    21:29:20.0408 3308 NwlnkFwd - ok
    21:29:20.0454 3308 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
    21:29:20.0457 3308 ohci1394 - ok
    21:29:20.0560 3308 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:29:20.0562 3308 ose - ok
    21:29:20.0639 3308 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    21:29:20.0661 3308 p2pimsvc - ok
    21:29:20.0682 3308 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    21:29:20.0692 3308 p2psvc - ok
    21:29:20.0758 3308 PalmUSBD (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys
    21:29:20.0760 3308 PalmUSBD - ok
    21:29:20.0797 3308 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    21:29:20.0799 3308 Parport - ok
    21:29:20.0835 3308 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
    21:29:20.0839 3308 partmgr - ok
    21:29:20.0876 3308 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    21:29:20.0878 3308 Parvdm - ok
    21:29:20.0923 3308 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    21:29:20.0928 3308 PcaSvc - ok
    21:29:20.0965 3308 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    21:29:20.0977 3308 pci - ok
    21:29:21.0024 3308 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    21:29:21.0026 3308 pciide - ok
    21:29:21.0086 3308 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    21:29:21.0097 3308 pcmcia - ok
    21:29:21.0205 3308 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    21:29:21.0222 3308 PEAUTH - ok
    21:29:21.0381 3308 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    21:29:21.0410 3308 pla - ok
    21:29:21.0539 3308 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    21:29:21.0562 3308 PlugPlay - ok
    21:29:21.0632 3308 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    21:29:21.0640 3308 PNRPAutoReg - ok
    21:29:21.0655 3308 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    21:29:21.0664 3308 PNRPsvc - ok
    21:29:21.0716 3308 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    21:29:21.0730 3308 PolicyAgent - ok
    21:29:21.0789 3308 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    21:29:21.0792 3308 PptpMiniport - ok
    21:29:21.0817 3308 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    21:29:21.0819 3308 Processor - ok
    21:29:21.0863 3308 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    21:29:21.0873 3308 ProfSvc - ok
    21:29:21.0908 3308 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    21:29:21.0911 3308 ProtectedStorage - ok
    21:29:21.0955 3308 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    21:29:21.0959 3308 PSched - ok
    21:29:22.0036 3308 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
    21:29:22.0037 3308 PSI - ok
    21:29:22.0112 3308 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
    21:29:22.0114 3308 PxHelp20 - ok
    21:29:22.0217 3308 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    21:29:22.0242 3308 ql2300 - ok
    21:29:22.0272 3308 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    21:29:22.0283 3308 ql40xx - ok
    21:29:22.0351 3308 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    21:29:22.0368 3308 QWAVE - ok
    21:29:22.0388 3308 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    21:29:22.0390 3308 QWAVEdrv - ok
    21:29:22.0658 3308 R300 (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:29:22.0701 3308 R300 - ok
    21:29:22.0815 3308 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    21:29:22.0818 3308 RasAcd - ok
    21:29:22.0849 3308 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    21:29:22.0863 3308 RasAuto - ok
    21:29:22.0913 3308 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:29:22.0915 3308 Rasl2tp - ok
    21:29:22.0953 3308 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    21:29:22.0994 3308 RasMan - ok
    21:29:23.0024 3308 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:29:23.0026 3308 RasPppoe - ok
    21:29:23.0043 3308 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    21:29:23.0045 3308 RasSstp - ok
    21:29:23.0078 3308 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    21:29:23.0082 3308 rdbss - ok
    21:29:23.0099 3308 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:29:23.0101 3308 RDPCDD - ok
    21:29:23.0138 3308 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    21:29:23.0147 3308 rdpdr - ok
    21:29:23.0161 3308 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    21:29:23.0162 3308 RDPENCDD - ok
    21:29:23.0210 3308 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
    21:29:23.0220 3308 RDPWD - ok
    21:29:23.0280 3308 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    21:29:23.0286 3308 RemoteAccess - ok
    21:29:23.0353 3308 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    21:29:23.0360 3308 RemoteRegistry - ok
    21:29:23.0397 3308 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    21:29:23.0400 3308 RpcLocator - ok
    21:29:23.0449 3308 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
    21:29:23.0457 3308 RpcSs - ok
    21:29:23.0477 3308 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    21:29:23.0479 3308 rspndr - ok
    21:29:23.0578 3308 RT73 (7b8994bd539c3d9bbd7b2a3b204c29e8) C:\Windows\system32\DRIVERS\rt73.sys
    21:29:23.0591 3308 RT73 - ok
    21:29:23.0642 3308 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    21:29:23.0649 3308 RTL8169 - ok
    21:29:23.0681 3308 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    21:29:23.0684 3308 SamSs - ok
    21:29:23.0718 3308 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    21:29:23.0720 3308 sbp2port - ok
    21:29:23.0759 3308 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    21:29:23.0771 3308 SCardSvr - ok
    21:29:23.0833 3308 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    21:29:23.0851 3308 Schedule - ok
    21:29:23.0953 3308 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    21:29:23.0954 3308 SCPolicySvc - ok
    21:29:24.0019 3308 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    21:29:24.0031 3308 SDRSVC - ok
    21:29:24.0051 3308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:29:24.0053 3308 secdrv - ok
    21:29:24.0076 3308 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    21:29:24.0080 3308 seclogon - ok
    21:29:24.0315 3308 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
    21:29:24.0367 3308 Secunia PSI Agent - ok
    21:29:24.0387 3308 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
    21:29:24.0392 3308 SENS - ok
    21:29:24.0418 3308 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    21:29:24.0420 3308 Serenum - ok
    21:29:24.0454 3308 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    21:29:24.0456 3308 Serial - ok
    21:29:24.0496 3308 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    21:29:24.0497 3308 sermouse - ok
    21:29:24.0551 3308 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    21:29:24.0565 3308 SessionEnv - ok
    21:29:24.0596 3308 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    21:29:24.0598 3308 sffdisk - ok
    21:29:24.0646 3308 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    21:29:24.0647 3308 sffp_mmc - ok
    21:29:24.0690 3308 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    21:29:24.0691 3308 sffp_sd - ok
    21:29:24.0742 3308 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    21:29:24.0744 3308 sfloppy - ok
    21:29:24.0914 3308 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    21:29:24.0922 3308 SharedAccess - ok
    21:29:24.0994 3308 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    21:29:25.0002 3308 ShellHWDetection - ok
    21:29:25.0040 3308 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    21:29:25.0042 3308 sisagp - ok
    21:29:25.0077 3308 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    21:29:25.0079 3308 SiSRaid2 - ok
    21:29:25.0134 3308 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    21:29:25.0137 3308 SiSRaid4 - ok
    21:29:25.0357 3308 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    21:29:25.0468 3308 slsvc - ok
    21:29:25.0586 3308 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    21:29:25.0601 3308 SLUINotify - ok
    21:29:25.0656 3308 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    21:29:25.0659 3308 Smb - ok
    21:29:25.0715 3308 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    21:29:25.0720 3308 SNMPTRAP - ok
    21:29:25.0754 3308 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    21:29:25.0756 3308 spldr - ok
    21:29:25.0792 3308 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    21:29:25.0803 3308 Spooler - ok
    21:29:25.0852 3308 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    21:29:25.0866 3308 srv - ok
    21:29:25.0902 3308 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    21:29:25.0914 3308 srv2 - ok
    21:29:25.0960 3308 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    21:29:25.0963 3308 srvnet - ok
    21:29:26.0010 3308 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    21:29:26.0038 3308 SSDPSRV - ok
    21:29:26.0080 3308 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    21:29:26.0088 3308 SstpSvc - ok
    21:29:26.0155 3308 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    21:29:26.0173 3308 stisvc - ok
    21:29:26.0239 3308 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    21:29:26.0251 3308 stllssvr - ok
    21:29:26.0276 3308 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    21:29:26.0278 3308 swenum - ok
    21:29:26.0354 3308 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    21:29:26.0370 3308 swprv - ok
    21:29:26.0406 3308 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    21:29:26.0408 3308 Symc8xx - ok
    21:29:26.0431 3308 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    21:29:26.0433 3308 Sym_hi - ok
    21:29:26.0466 3308 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    21:29:26.0468 3308 Sym_u3 - ok
    21:29:26.0536 3308 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    21:29:26.0564 3308 SysMain - ok
    21:29:26.0595 3308 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    21:29:26.0610 3308 TabletInputService - ok
    21:29:26.0657 3308 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    21:29:26.0670 3308 TapiSrv - ok
    21:29:26.0691 3308 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    21:29:26.0706 3308 TBS - ok
    21:29:26.0806 3308 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
    21:29:26.0828 3308 Tcpip - ok
    21:29:26.0853 3308 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
    21:29:26.0860 3308 Tcpip6 - ok
    21:29:26.0902 3308 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    21:29:26.0904 3308 tcpipreg - ok
    21:29:26.0936 3308 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    21:29:26.0938 3308 TDPIPE - ok
    21:29:26.0988 3308 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    21:29:26.0990 3308 TDTCP - ok
    21:29:27.0024 3308 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    21:29:27.0027 3308 tdx - ok
    21:29:27.0058 3308 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    21:29:27.0060 3308 TermDD - ok
    21:29:27.0127 3308 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    21:29:27.0139 3308 TermService - ok
    21:29:27.0193 3308 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    21:29:27.0200 3308 Themes - ok
    21:29:27.0236 3308 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    21:29:27.0239 3308 THREADORDER - ok
    21:29:27.0283 3308 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    21:29:27.0328 3308 TrkWks - ok
    21:29:27.0385 3308 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    21:29:27.0386 3308 TrustedInstaller - ok
    21:29:27.0435 3308 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:29:27.0436 3308 tssecsrv - ok
    21:29:27.0492 3308 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    21:29:27.0493 3308 tunmp - ok
    21:29:27.0519 3308 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    21:29:27.0521 3308 tunnel - ok
    21:29:27.0566 3308 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    21:29:27.0569 3308 uagp35 - ok
    21:29:27.0613 3308 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    21:29:27.0629 3308 udfs - ok
    21:29:27.0674 3308 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    21:29:27.0680 3308 UI0Detect - ok
    21:29:27.0709 3308 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    21:29:27.0711 3308 uliagpkx - ok
    21:29:27.0757 3308 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    21:29:27.0766 3308 uliahci - ok
    21:29:27.0812 3308 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    21:29:27.0824 3308 UlSata - ok
    21:29:27.0862 3308 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    21:29:27.0870 3308 ulsata2 - ok
    21:29:27.0907 3308 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    21:29:27.0909 3308 umbus - ok
    21:29:27.0950 3308 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    21:29:27.0959 3308 upnphost - ok
    21:29:28.0058 3308 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
    21:29:28.0061 3308 USBAAPL - ok
    21:29:28.0115 3308 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:29:28.0119 3308 usbccgp - ok
    21:29:28.0193 3308 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
    21:29:28.0195 3308 usbcir - ok
    21:29:28.0245 3308 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:29:28.0248 3308 usbehci - ok
    21:29:28.0283 3308 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    21:29:28.0332 3308 usbhub - ok
    21:29:28.0384 3308 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    21:29:28.0386 3308 usbohci - ok
    21:29:28.0420 3308 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    21:29:28.0421 3308 usbprint - ok
    21:29:28.0475 3308 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    21:29:28.0477 3308 usbscan - ok
    21:29:28.0501 3308 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:29:28.0503 3308 USBSTOR - ok
    21:29:28.0525 3308 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:29:28.0527 3308 usbuhci - ok
    21:29:28.0557 3308 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    21:29:28.0567 3308 UxSms - ok
    21:29:28.0625 3308 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    21:29:28.0638 3308 vds - ok
    21:29:28.0696 3308 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:29:28.0698 3308 vga - ok
    21:29:28.0722 3308 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    21:29:28.0724 3308 VgaSave - ok
    21:29:28.0781 3308 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    21:29:28.0783 3308 viaagp - ok
    21:29:28.0809 3308 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    21:29:28.0811 3308 ViaC7 - ok
    21:29:28.0976 3308 VIAHdAudAddService (9891a8f16931c30c72d0816306dd8185) C:\Windows\system32\drivers\viahduaa.sys
    21:29:29.0011 3308 VIAHdAudAddService - ok
    21:29:29.0051 3308 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    21:29:29.0053 3308 viaide - ok
    21:29:29.0083 3308 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    21:29:29.0085 3308 volmgr - ok
    21:29:29.0119 3308 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    21:29:29.0126 3308 volmgrx - ok
    21:29:29.0168 3308 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    21:29:29.0175 3308 volsnap - ok
    21:29:29.0214 3308 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    21:29:29.0219 3308 vsmraid - ok
    21:29:29.0358 3308 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    21:29:29.0403 3308 VSS - ok
    21:29:29.0465 3308 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    21:29:29.0476 3308 W32Time - ok
    21:29:29.0525 3308 W3SVC (f22ca75c05204f76d06e6c530529455c) C:\Windows\system32\inetsrv\iisw3adm.dll
    21:29:29.0533 3308 W3SVC - ok
    21:29:29.0593 3308 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    21:29:29.0594 3308 WacomPen - ok
    21:29:29.0620 3308 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:29:29.0623 3308 Wanarp - ok
    21:29:29.0640 3308 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    21:29:29.0643 3308 Wanarpv6 - ok
    21:29:29.0667 3308 WAS (f22ca75c05204f76d06e6c530529455c) C:\Windows\system32\inetsrv\iisw3adm.dll
    21:29:29.0670 3308 WAS - ok
    21:29:29.0729 3308 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    21:29:29.0749 3308 wcncsvc - ok
    21:29:29.0787 3308 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    21:29:29.0793 3308 WcsPlugInService - ok
    21:29:29.0815 3308 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    21:29:29.0819 3308 Wd - ok
    21:29:29.0881 3308 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    21:29:29.0897 3308 Wdf01000 - ok
    21:29:29.0954 3308 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    21:29:29.0960 3308 WdiServiceHost - ok
    21:29:29.0971 3308 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    21:29:29.0978 3308 WdiSystemHost - ok
    21:29:30.0019 3308 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    21:29:30.0027 3308 WebClient - ok
    21:29:30.0074 3308 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    21:29:30.0103 3308 Wecsvc - ok
    21:29:30.0138 3308 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    21:29:30.0173 3308 wercplsupport - ok
    21:29:30.0253 3308 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    21:29:30.0299 3308 WerSvc - ok
    21:29:30.0421 3308 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    21:29:30.0429 3308 WinDefend - ok
    21:29:30.0446 3308 WinHttpAutoProxySvc - ok
    21:29:30.0497 3308 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    21:29:30.0501 3308 Winmgmt - ok
    21:29:30.0652 3308 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    21:29:30.0696 3308 WinRM - ok
    21:29:30.0762 3308 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    21:29:30.0780 3308 Wlansvc - ok
    21:29:30.0831 3308 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
    21:29:30.0834 3308 WmiAcpi - ok
    21:29:30.0890 3308 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    21:29:30.0902 3308 wmiApSrv - ok
    21:29:30.0998 3308 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    21:29:31.0017 3308 WMPNetworkSvc - ok
    21:29:31.0056 3308 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    21:29:31.0064 3308 WPCSvc - ok
    21:29:31.0157 3308 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    21:29:31.0164 3308 WPDBusEnum - ok
    21:29:31.0227 3308 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    21:29:31.0231 3308 WpdUsb - ok
    21:29:31.0425 3308 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    21:29:31.0478 3308 WPFFontCache_v0400 - ok
    21:29:31.0522 3308 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:29:31.0523 3308 ws2ifsl - ok
    21:29:31.0547 3308 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
    21:29:31.0562 3308 wscsvc - ok
    21:29:31.0589 3308 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
    21:29:31.0592 3308 WSDPrintDevice - ok
    21:29:31.0608 3308 WSearch - ok
    21:29:31.0763 3308 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    21:29:31.0813 3308 wuauserv - ok
    21:29:31.0950 3308 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:29:31.0959 3308 WUDFRd - ok
    21:29:32.0002 3308 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    21:29:32.0017 3308 wudfsvc - ok
    21:29:32.0198 3308 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
    21:29:32.0254 3308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    21:29:32.0254 3308 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    21:29:32.0278 3308 Boot (0x1200) (fc994f0e69241345c260cf373b6d5e93) \Device\Harddisk0\DR0\Partition0
    21:29:32.0279 3308 \Device\Harddisk0\DR0\Partition0 - ok
    21:29:32.0288 3308 Boot (0x1200) (4c2a102bcd4abe43c35811c72858c8c8) \Device\Harddisk0\DR0\Partition1
    21:29:32.0290 3308 \Device\Harddisk0\DR0\Partition1 - ok
    21:29:32.0295 3308 ============================================================
    21:29:32.0296 3308 Scan finished
    21:29:32.0296 3308 ============================================================
    21:29:32.0314 1052 Detected object count: 1
    21:29:32.0314 1052 Actual detected object count: 1
    21:30:04.0181 1052 \Device\Harddisk0\DR0\# - copied to quarantine
    21:30:04.0182 1052 \Device\Harddisk0\DR0 - copied to quarantine
    21:30:04.0212 1052 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    21:30:04.0223 1052 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    21:30:04.0406 1052 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    21:30:04.0486 1052 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    21:30:09.0909 1052 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    21:30:10.0114 1052 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    21:30:10.0307 1052 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    21:30:10.0463 1052 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    21:30:10.0465 1052 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    21:30:10.0468 1052 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    21:30:10.0471 1052 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    21:30:10.0597 1052 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    21:30:10.0825 1052 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    21:30:10.0828 1052 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    21:30:10.0846 1052 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    21:30:10.0929 1052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    21:30:10.0931 1052 \Device\Harddisk0\DR0 - ok
    21:30:10.0938 1052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    21:30:33.0480 2208 Deinitialize success
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Aha... you got reinfected.

    How are things now?
     
  19. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Powered up this morning to no apparent issues. Google searches in IE and FF are normal. Avast! shows no pop-ups.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Cool :)

    Post new OTL log.
    Only one log will be produced.
     
  21. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Sorry for delayed response. Did not lose interest. Lost DSL in thunderstorm

    OTL logfile created on: 7/26/2012 5:19:28 PM - Run 2
    OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Willis\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.75 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 64.35% Memory free
    3.74 Gb Paging File | 3.12 Gb Available in Paging File | 83.54% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.40 Gb Total Space | 166.87 Gb Free Space | 58.88% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 7.43 Gb Free Space | 50.72% Space Free | Partition Type: NTFS

    Computer Name: WILLIS-OFFICE | User Name: Willis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/25 18:58:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
    PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/11 02:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\DELL\DellDock\DockLogin.exe
    PRC - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/01/13 04:07:44 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/07/02 06:37:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/08/20 09:08:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\DELL\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe -- (NvcRpcServer)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Willis\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
    DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
    DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/01/06 19:40:20 | 000,187,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CxPlrCap.sys -- (CXPLRCAP)
    DRV - [2009/04/28 11:24:58 | 001,009,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV - [2009/01/13 04:12:14 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
    DRV - [2009/01/13 04:07:38 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2009/01/13 04:07:38 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
    DRV - [2008/01/20 22:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2007/11/12 10:03:08 | 000,468,480 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
    DRV - [2007/04/09 14:27:50 | 000,031,784 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eacfilt.sys -- (Eacfilt)
    DRV - [2007/04/09 14:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECSHM)
    DRV - [2007/04/09 14:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECEXT)
    DRV - [2006/09/07 00:34:58 | 000,347,776 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
    DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IcdUsb2.sys -- (ICDUSB2)
    DRV - [2002/06/27 22:00:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {3A39113F-E2D7-499D-8DA6-FD53774238B3}
    IE - HKLM\..\SearchScopes\{3A39113F-E2D7-499D-8DA6-FD53774238B3}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 58 4F 29 17 6D 0C 2D 45 96 68 6F 85 3C 4B D6 E1 [binary data]

    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 58 4F 29 17 6D 0C 2D 45 96 68 6F 85 3C 4B D6 E1 [binary data]
    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes,DefaultScope = {57306A27-789F-455F-B9F4-31F620CD55BE}
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes\{57306A27-789F-455F-B9F4-31F620CD55BE}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes\{61AFBF45-6974-4355-B63D-FDBAABB1DF81}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&I=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/25 17:40:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/02 06:37:11 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/16 03:19:29 | 000,000,000 | ---D | M]

    [2010/09/09 19:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Extensions
    [2010/09/09 19:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
    [2012/07/20 18:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions
    [2011/12/25 11:22:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2010/05/11 12:10:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/05/27 20:45:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2012/03/29 19:25:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/11/11 08:14:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(246)
    [2012/07/20 11:18:53 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\LogMeInClient@logmein.com
    [2012/04/26 09:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/02 06:37:11 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/03/27 18:15:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2012/04/20 22:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/04/20 22:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/20 22:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/04/20 22:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/04/20 22:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/04/20 22:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/01/08 18:23:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000..\Run: [googletalk] C:\Users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 215
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..Trusted Domains: pg.com ([inetwiki] http in Trusted sites)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pg.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab (GpcContainer Class)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webaccess.pg.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09AD4C78-C83B-4A7F-9004-05653C9D1CED}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C79CF7E-F85D-4553-A167-C21EDEB3AB1F}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79E083E-E9BB-492E-920F-1226159BBD5E}: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Willis\Pictures\Miscellaneous\earth adjusted.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Willis\Pictures\Miscellaneous\earth adjusted.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O35 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/25 21:30:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/25 18:58:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
    [2012/07/25 17:42:24 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/07/25 17:42:24 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/07/25 17:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/07/25 17:42:22 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/07/25 17:42:21 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/07/25 17:42:19 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/07/25 17:42:19 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/07/25 17:40:10 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/25 17:40:08 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2012/07/25 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/07/25 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/25 17:21:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/25 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\temp
    [2012/07/25 17:20:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/25 17:05:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/25 17:05:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/25 17:05:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/25 17:05:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/25 13:41:20 | 000,000,000 | ---D | C] -- C:\Users\Willis\Desktop\TechSpot CleanUp 2012 07
    [2012/07/18 05:56:40 | 000,000,000 | ---D | C] -- C:\Users\Willis\Desktop\ReSource
    [2012/07/14 08:58:27 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\LogMeIn
    [2012/07/14 08:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
    [2012/07/03 16:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
    [2012/06/27 08:45:18 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\ElevatedDiagnostics
    [2009/08/19 13:33:56 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Willis\AppData\Roaming\DataSafeDotNet.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/07/26 16:53:13 | 000,673,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/26 16:53:13 | 000,128,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/26 16:48:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/26 16:48:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/26 16:48:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/26 16:48:21 | 1878,122,496 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/25 18:58:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
    [2012/07/25 17:42:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2012/07/25 12:44:37 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/22 17:21:22 | 000,000,716 | ---- | M] () -- C:\Users\Willis\Desktop\Dates 11.lnk
    [2012/07/18 20:51:45 | 024,915,382 | ---- | M] () -- C:\Users\Willis\Desktop\Roehm_Katalog_2010_hi.pdf
    [2012/07/17 07:20:44 | 000,000,786 | ---- | M] () -- C:\Users\Willis\Desktop\Labels.lnk
    [2012/07/14 19:49:13 | 000,788,480 | ---- | M] () -- C:\Users\Willis\Documents\Sturdivant201207.aq
    [2012/07/14 19:49:13 | 000,003,476 | -H-- | M] () -- C:\Users\Willis\Documents\Sturdivant201207.aqalpha
    [2012/07/14 19:33:44 | 000,020,107 | ---- | M] () -- C:\Users\Willis\Desktop\ADAMSCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 19:33:42 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
    [2012/07/14 19:32:46 | 000,154,620 | ---- | M] () -- C:\Users\Willis\Desktop\HAMILTONCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 19:29:02 | 000,034,521 | ---- | M] () -- C:\Users\Willis\Desktop\CLERMONTCountyGoldenBuckeyeMerchants-1.pdf
    [2012/07/14 19:27:01 | 000,034,349 | ---- | M] () -- C:\Users\Willis\Desktop\WARRENCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 08:55:19 | 000,027,520 | ---- | M] () -- C:\Users\Willis\AppData\Local\dt.dat
    [2012/07/12 19:09:45 | 026,581,783 | ---- | M] () -- C:\Users\Willis\Desktop\CDNN2012-3.pdf
    [2012/07/12 12:44:06 | 003,013,796 | ---- | M] () -- C:\Users\Willis\Desktop\REPORT_FINAL_071212.pdf
    [2012/07/11 15:28:12 | 000,000,000 | -H-- | M] () -- C:\Users\Willis\Documents\Default.rdp
    [2012/07/11 07:22:43 | 000,349,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/09 19:27:04 | 000,000,806 | ---- | M] () -- C:\Users\Willis\Desktop\70 Poster B.lnk
    [2012/07/09 19:26:45 | 000,000,924 | ---- | M] () -- C:\Users\Willis\Desktop\81 Poster B.lnk
    [2012/07/08 07:43:23 | 000,788,480 | ---- | M] () -- C:\Users\Willis\Documents\WillDad11.aq
    [2012/07/08 07:43:23 | 000,003,476 | -H-- | M] () -- C:\Users\Willis\Documents\WillDad11.aqalpha
    [2012/07/08 07:31:55 | 000,033,636 | ---- | M] () -- C:\Users\Willis\Desktop\PJS July.pdf
    [2012/07/04 07:10:00 | 000,252,041 | ---- | M] () -- C:\Users\Willis\Desktop\pg833.epub
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

    ========== Files Created - No Company Name ==========

    [2012/07/25 17:05:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/25 17:05:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/25 17:05:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/25 17:05:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/25 17:05:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/25 12:44:37 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/24 20:09:01 | 1878,122,496 | -HS- | C] () -- C:\hiberfil.sys
    [2012/07/18 20:51:45 | 024,915,382 | ---- | C] () -- C:\Users\Willis\Desktop\Roehm_Katalog_2010_hi.pdf
    [2012/07/17 07:20:44 | 000,000,786 | ---- | C] () -- C:\Users\Willis\Desktop\Labels.lnk
    [2012/07/14 19:33:42 | 000,020,107 | ---- | C] () -- C:\Users\Willis\Desktop\ADAMSCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 19:32:42 | 000,154,620 | ---- | C] () -- C:\Users\Willis\Desktop\HAMILTONCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 19:29:00 | 000,034,521 | ---- | C] () -- C:\Users\Willis\Desktop\CLERMONTCountyGoldenBuckeyeMerchants-1.pdf
    [2012/07/14 19:25:36 | 000,034,349 | ---- | C] () -- C:\Users\Willis\Desktop\WARRENCountyGoldenBuckeyeMerchants.pdf
    [2012/07/14 08:55:19 | 000,027,520 | ---- | C] () -- C:\Users\Willis\AppData\Local\dt.dat
    [2012/07/12 19:08:31 | 026,581,783 | ---- | C] () -- C:\Users\Willis\Desktop\CDNN2012-3.pdf
    [2012/07/12 12:44:06 | 003,013,796 | ---- | C] () -- C:\Users\Willis\Desktop\REPORT_FINAL_071212.pdf
    [2012/07/11 15:28:12 | 000,000,000 | -H-- | C] () -- C:\Users\Willis\Documents\Default.rdp
    [2012/07/08 07:43:48 | 000,003,476 | -H-- | C] () -- C:\Users\Willis\Documents\Sturdivant201207.aqalpha
    [2012/07/08 07:42:07 | 000,788,480 | ---- | C] () -- C:\Users\Willis\Documents\Sturdivant201207.aq
    [2012/07/08 07:31:56 | 000,033,636 | ---- | C] () -- C:\Users\Willis\Desktop\PJS July.pdf
    [2012/07/07 06:59:31 | 000,000,924 | ---- | C] () -- C:\Users\Willis\Desktop\81 Poster B.lnk
    [2012/07/07 06:59:01 | 000,000,806 | ---- | C] () -- C:\Users\Willis\Desktop\70 Poster B.lnk
    [2012/07/04 07:10:00 | 000,252,041 | ---- | C] () -- C:\Users\Willis\Desktop\pg833.epub
    [2012/04/11 16:59:30 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
    [2012/01/14 11:31:59 | 000,380,928 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
    [2012/01/14 11:31:59 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2012/01/14 11:31:59 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ThumbExtract.dll
    [2011/10/11 21:54:25 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDMain.INI
    [2011/10/11 21:53:26 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDPMSV.INI
    [2011/07/21 19:20:05 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI
    [2011/03/20 13:05:22 | 000,000,658 | ---- | C] () -- C:\Windows\ULead32.ini
    [2011/03/01 11:14:14 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
    [2011/02/27 18:35:45 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
    [2011/02/21 10:03:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/09/25 19:15:31 | 000,000,680 | ---- | C] () -- C:\Users\Willis\AppData\Local\d3d9caps.dat
    [2010/03/25 16:58:44 | 000,003,678 | ---- | C] () -- C:\Users\Willis\.ganttproject
    [2009/08/25 07:08:43 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
    [2009/08/19 22:10:15 | 000,038,912 | ---- | C] () -- C:\Users\Willis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/08/19 20:23:32 | 000,003,482 | ---- | C] () -- C:\Users\Willis\AppData\Roaming\wklnhst.dat

    ========== LOP Check ==========

    [2012/07/03 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Applian FLV and Media Player
    [2011/02/01 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\AVG
    [2009/12/29 19:35:06 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/10/11 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Downloaded Installations
    [2011/10/11 21:53:13 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\FedEx
    [2009/10/13 19:27:38 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Flickr
    [2011/12/25 11:35:52 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\GARMIN
    [2010/07/18 08:42:36 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Individual Software
    [2011/11/19 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Juniper Networks
    [2011/08/02 16:08:28 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Opera
    [2009/08/24 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\pdf995
    [2010/02/27 13:25:34 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\QuickVerse11
    [2010/01/25 09:23:09 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Stamps.com Internet Postage
    [2009/08/19 20:23:36 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Template
    [2012/04/05 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\webex
    [2012/07/25 21:58:43 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    OTL logs are clean.

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    I performed all 4 actions. ESET was shut down last night before it finished (~50% complete on progress bar) when Avast! unexpectedly re-enabled (I had chosen "Disable until computer is restarted"). At that point in the scan ESET had found 3 threats. I could not post for further instructions so I shut down from Windows Start button and let the OS shut down ESET. I ran a full ESET scan this morning and it found no threats. Logs follow.

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Secunia PSI (2.0.0.3003)
    Java(TM) 6 Update 29
    Java(TM) 6 Update 31
    Adobe Flash Player 11.3.300.265
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
    Farbar Service Scanner Version: 26-07-2012
    Ran by Willis (administrator) on 26-07-2012 at 20:45:42
    Running from "C:\Users\Willis\Desktop"
    Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2012-05-09 05:57] - [2012-03-30 08:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ======================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  25. hiker1092

    hiker1092 TS Member Topic Starter Posts: 42

    Thank you. Thank you. THANK YOU! You are a Jedi Master, a Ninja, and the bane of all that is evil.

    I have performed steps above. OTL Run/Fix log follows my text.

    Neither FF nor IE is experiencing a redirect from Google search, and Avast! is providing no threat warnings.

    Prior to this infection I used AVG Free, ran MBAM, Secunia PSI, and TFC periodically, kept current on Windows and Flash Updates, always selected "Custom" installations and deselected search bars, toolbars, gadgets, etc., and never let FF/IE/Windows memorize login names nor passwords. I have now replaced AVG with Avast!. In addition to the suggestions above, are there other things I could do to be exceptionally vigilant? Should I run the Avast! Boot-Time scan periodically? Should I run an online ESET scan periodically?

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Willis
    ->Temp folder emptied: 206504 bytes
    ->Temporary Internet Files folder emptied: 2756431 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 17473126 bytes
    ->Flash cache emptied: 904 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 19.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Willis
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Willis
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.54.1 log created on 07272012_183939
    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    [2012/07/27 18:49:16 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5
    Registry entries deleted on Reboot...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...