TechSpot

Google Redirect-Tried Everything: Please HELP!

Solved
By coolm19
Apr 20, 2011
  1. I’m having issues with a Google redirect malware/virus. I have run the following programs with their results:

    Malware Bytes, Super Anti Spyware, I-Obit: No unusual results

    AVG and Avira Antivirus: No unusual results

    Spy No More:
    Spyware Name/Category/Location

    Trojan/Trojan/HKEY_CURRENTUSER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

    Trojan.Oficla.Is/Trojan/C:\Users\mwilson\AppData\Local\Temp\BCD.tmp

    windrv.sys/Search Hijacker/C:\Windows\system32\windrv.sys

    Internet Explorer Hijacker/Altered Setting/HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iexplore.exe

    I thought after removing these my issue would be fixed, but it’s not. I have just gone through the 8 posted preliminary removal instructions and pasted the logs below.

    Gmer Log: Empty

    Malwarebytes' Anti-Malware 1.50.1.1100www.malwarebytes.org

    Database version: 6398

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    4/20/2011 4:24:39 PM
    mbam-log-2011-04-20 (16-24-39).txt

    Scan type: Quick scan
    Objects scanned: 189037
    Time elapsed: 4 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by mmartin at 16:20:49.97 on Wed 04/20/2011
    Internet Explorer: 8.0.7601.17514
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2011 [GMT -4:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: AVG Anti-Virus Business Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Business Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\AEADISRV.EXE
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\atashost.exe
    C:\Windows\twain_32\fjscan32\FJTWMKSV.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Intel\AMT\LMS.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
    c:\Windows\system32\IoctlSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
    C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\SpyNoMore\SNM.exe
    C:\ProgramData\U3\U3Launcher\LaunchU3.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\mwilson\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = hxxp://172.16.24.*;http://192.168.244.*;http://10.224.224.*;http://172.16.28.*;http://172.16.29.*;https://earchive.*
    uInternet Settings,ProxyServer = adserver03.indiana.in1stbank.com:3128
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [FJTWAIN Setup] c:\windows\twain_32\fjscan32\FjtwMkup.exe /Station
    mRun: [FtLnSOP_setup] c:\windows\twain_32\fjscan32\sop\FtLnSOP.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [picon] "c:\program files\common files\intel\privacy icon\PrivacyIconClient.exe" -startup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SoundMAX] "c:\program files\analog devices\soundmax\SoundMAX.exe" /tray
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
    uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: RunStartupScriptSync = 1 (0x1)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} - hxxps://ftp.raddon.com/COM/MOVEitUploadWizard5.0.0.ocx
    DPF: {0E409091-0585-415E-88B9-820BDC57094C} - hxxps://filetransfer.opensolutions.com/COM/MOVEitUploadWizard5.5.0.ocx
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\274\g2ax_winlogon.dll
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mwilson\appdata\roaming\mozilla\firefox\profiles\b172519m.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.ftp - adserver03.indiana.in1stbank.com
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.http - adserver03.indiana.in1stbank.com
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.socks - adserver03.indiana.in1stbank.com
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - adserver03.indiana.in1stbank.com
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-7-13 43920]
    R2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2009-7-13 45056]
    R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-4-19 312152]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-5-22 2062872]
    R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-12-7 17984]
    R3 agloifob;agloifob;C:\agloifob.sys [2011-4-20 100480]
    R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6032.sys [2009-7-13 164864]
    R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys [2009-7-13 14848]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-29 38224]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-21 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\274\g2ax_service.exe [2011-4-18 161144]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-19 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-4-15 1343400]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-04-20 20:17:30 100480 ----a-w- C:\agloifob.sys
    2011-04-20 18:58:34 -------- d-----w- c:\program files\SpyNoMore
    2011-04-20 13:24:27 -------- d-----w- c:\users\mwilson\appdata\local\ElevatedDiagnostics
    2011-04-19 17:17:55 805376 ----a-w- c:\windows\system32\FntCache.dll
    2011-04-19 17:17:55 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-04-19 17:17:55 1076736 ----a-w- c:\windows\system32\DWrite.dll
    2011-04-19 17:17:54 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-04-19 16:08:29 -------- d-----w- c:\windows\system32\SPReview
    2011-04-19 16:05:59 859648 ----a-w- c:\windows\system32\dsadmin.dll
    2011-04-19 16:04:59 7680 ----a-w- c:\windows\system32\spwizres.dll
    2011-04-19 16:03:45 323072 ----a-w- c:\windows\system32\drvstore.dll
    2011-04-19 16:03:45 257024 ----a-w- c:\windows\system32\dpx.dll
    2011-04-19 14:11:25 -------- d-----w- c:\program files\CCleaner
    2011-04-19 12:44:14 -------- d-----w- c:\users\mwilson\appdata\roaming\IObit
    2011-04-19 12:44:05 -------- d-----w- c:\progra~2\IObit
    2011-04-19 12:44:01 -------- d-----w- c:\program files\IObit
    2011-04-19 07:00:24 -------- d-----w- C:\7c93843c302316bf28868b650e
    2011-04-18 20:03:02 -------- d-----w- c:\program files\KODAK
    2011-04-18 17:43:52 90112 --sha-r- c:\windows\system32\wlangpui8.dll
    2011-04-18 13:45:33 -------- d-----w- c:\windows\idmu
    2011-04-18 13:45:31 -------- d-----w- c:\windows\ADAM
    2011-04-18 13:35:04 -------- d-----w- c:\program files\Hyper-V
    2011-04-18 13:35:00 -------- d-----w- c:\windows\system32\Windows System Resource Manager
    2011-04-18 13:34:57 627712 ----a-w- c:\windows\system32\gpprefbr.dll
    2011-04-18 13:34:52 2548736 ----a-w- c:\windows\system32\propshts.dll
    2011-04-18 13:34:49 225280 ----a-w- c:\windows\system32\gpregistrybrowser.dll
    2011-04-18 13:34:48 166400 ----a-w- c:\windows\system32\gpprefcn.dll
    2011-04-18 13:34:47 4342784 ----a-w- c:\windows\system32\gppref.dll
    2011-04-18 13:34:41 -------- d-----w- c:\windows\Cluster
    2011-04-18 13:34:41 -------- d-----w- C:\inetpub
    2011-04-18 13:07:22 110456 ----a-w- c:\users\mwilson\g2ax_customer_downloadhelper_win32_x86.exe
    2011-04-15 20:38:54 -------- d-----w- c:\windows\system32\BestPractices
    2011-04-15 19:34:37 18944 ----a-w- c:\windows\system32\certpick.dll
    2011-04-15 19:34:12 6656 ----a-w- c:\windows\system32\nfsclusrc.dll
    2011-04-15 19:34:10 138240 ----a-w- c:\windows\system32\cluster.exe
    2011-04-15 19:33:52 80384 ----a-w- c:\windows\system32\vmclusex.dll
    2011-04-15 19:33:51 856064 ----a-w- c:\windows\system32\Microsoft.Storage.SanMmc.dll
    2011-04-15 19:33:21 98304 ----a-w- c:\windows\system32\mtedit.exe
    2011-04-15 19:33:11 13824 ----a-w- c:\windows\system32\dfscmd.exe
    2011-04-15 19:33:11 11776 ----a-w- c:\windows\system32\redirusr.exe
    2011-04-15 19:33:11 11776 ----a-w- c:\windows\system32\redircmp.exe
    2011-04-15 19:33:01 53248 ----a-w- c:\windows\system32\wlbs.exe
    2011-04-15 19:33:01 53248 ----a-w- c:\windows\system32\nlb.exe
    2011-04-15 19:32:48 46592 ----a-w- c:\windows\system32\gpfixup.exe
    2011-04-15 19:32:31 70656 ----a-w- c:\windows\system32\netdom.exe
    2011-04-15 19:32:23 59392 ----a-w- c:\windows\system32\Volshext.dll
    2011-04-15 19:32:23 393216 ----a-w- c:\windows\system32\DfsrHelper.dll
    2011-04-15 19:32:23 33280 ----a-w- c:\windows\system32\avolprop.dll
    2011-04-15 19:31:41 98304 ----a-w- c:\windows\system32\SanMgmtR.dll
    2011-04-15 19:31:41 22528 ----a-w- c:\windows\system32\StorageRes.dll
    2011-04-15 19:29:30 258048 ----a-w- c:\windows\DfsrAdmin.exe
    2011-04-15 19:29:16 73728 ----a-w- c:\windows\system32\srmlib.dll
    2011-04-15 19:29:16 10752 ----a-w- c:\windows\system32\Interop.DfsrHelper.dll
    2011-04-15 19:15:07 -------- d-----w- c:\windows\Panther
    2011-04-15 19:12:37 -------- d-----w- c:\windows\system32\Wat
    2011-04-15 19:04:21 -------- d--h--w- C:\$WINDOWS.~Q
    2011-04-15 18:58:06 65536 ----a-w- c:\windows\system32\a3d.dll
    2011-04-15 18:58:06 381056 ----a-w- c:\windows\system32\drivers\senfilt.sys
    2011-04-15 18:58:06 259648 ----a-w- c:\windows\system32\drivers\smwdm.sys
    2011-04-15 18:58:06 133200 ----a-w- c:\windows\system32\drivers\aeaudio.sys
    2011-04-15 18:58:00 -------- d-----w- C:\SoundmaxDrivers
    2011-04-15 18:49:58 -------- d--h--w- C:\$INPLACE.~TR
    2011-04-15 18:19:52 -------- d-----w- c:\windows\pss
    2011-04-15 17:33:44 -------- d-----w- c:\users\mwilson\appdata\local\VirtualStore
    2011-04-15 17:33:22 -------- d-sh--w- C:\Recovery
    2011-04-15 16:43:19 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-15 16:43:18 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-15 16:43:18 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-15 16:43:14 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-15 16:43:08 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-15 16:43:08 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-15 16:43:04 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-04-15 16:43:04 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-04-15 16:43:04 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-15 16:42:38 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-04-15 16:42:37 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
    2011-04-15 16:42:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-04-15 16:41:54 542208 ----a-w- c:\windows\system32\kerberos.dll
    2011-04-15 16:41:07 2333184 ----a-w- c:\windows\system32\win32k.sys
    2011-04-15 16:41:05 802304 ----a-w- c:\windows\system32\WFS.exe
    2011-04-15 16:41:05 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-15 16:39:55 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-04-15 16:25:57 -------- d-----w- c:\windows\system32\wbem\Performance
    2011-04-15 15:20:54 -------- d-----w- c:\progra~2\SonicFocus
    2011-04-15 15:20:53 -------- d-----w- c:\program files\Analog Devices
    2011-04-14 20:33:51 -------- d-----w- C:\cf8e69e39a84a7179a95e0ec9f9a1e01
    2011-04-11 13:33:30 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2011-04-08 20:01:09 -------- d-----w- c:\users\mwilson\appdata\local\Microsoft Corporation
    .
    ==================== Find3M ====================
    .
    2011-04-19 16:12:30 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-03-11 05:33:59 1164288 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-11 05:33:59 1137664 ----a-w- c:\windows\system32\mfc42.dll
    2011-03-08 05:28:29 741376 ----a-w- c:\windows\system32\inetcomm.dll
    2011-02-24 05:38:54 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-02-11 23:26:38 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
    2011-02-11 23:26:32 137752 ----a-w- c:\windows\system32\igfxtray.exe
    2011-02-11 23:26:30 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
    2011-02-11 23:26:30 172568 ----a-w- c:\windows\system32\igfxpers.exe
    2011-02-11 23:26:28 179224 ----a-w- c:\windows\system32\igfxext.exe
    2011-02-11 23:26:26 171032 ----a-w- c:\windows\system32\hkcmd.exe
    2011-02-11 23:26:22 3157528 ----a-w- c:\windows\system32\GfxUI.exe
    2011-02-11 23:20:00 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
    2011-02-11 23:12:16 4967424 ----a-w- c:\windows\system32\igdumd32.dll
    2011-02-11 23:09:48 571904 ----a-w- c:\windows\system32\igdumdx32.dll
    2011-02-11 23:04:40 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
    2011-02-11 22:51:10 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
    2011-02-11 22:41:30 261632 ----a-w- c:\windows\system32\igfxTMM.dll
    2011-02-11 22:41:30 195584 ----a-w- c:\windows\system32\igfxpph.dll
    2011-02-11 22:41:30 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
    2011-02-11 22:41:28 23552 ----a-w- c:\windows\system32\igfxexps.dll
    2011-02-11 22:41:12 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
    2011-02-11 22:40:56 130048 ----a-w- c:\windows\system32\igfxdo.dll
    2011-02-11 22:40:48 95232 ----a-w- c:\windows\system32\hccutils.dll
    2011-02-11 22:40:42 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
    2011-02-11 22:40:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2011-02-11 22:40:38 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
    2011-02-11 22:40:38 828928 ----a-w- c:\windows\system32\igfxress.dll
    2011-02-11 22:40:38 228864 ----a-w- c:\windows\system32\igfxdev.dll
    2011-02-11 22:35:00 208896 ----a-w- c:\windows\system32\iglhsip32.dll
    2011-02-11 22:35:00 147456 ----a-w- c:\windows\system32\iglhcp32.dll
    2011-02-03 02:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ============= FINISH: 16:22:33.86 ===============


    Attach Log.
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/15/2011 1:33:23 PM
    System Uptime: 4/20/2011 4:13:35 PM (0 hours ago)
    .
    Motherboard: Intel Corporation | | DQ45CB
    Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz | LGA775 | 2497/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 158.257 GiB free.
    D: is CDROM ()
    H: is NetworkDisk (NTFS) - 62 GiB total, 1.279 GiB free.
    O: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
    P: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
    Q: is NetworkDisk (NTFS) - 200 GiB total, 82.305 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\5&FA6E15C&0&1
    Manufacturer: (Standard USB Host Controller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\5&FA6E15C&0&1
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    32 Bit HP BiDi Channel Components Installer
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat 9 Standard - English, Français, Deutsch
    Adobe Acrobat 9.4.3 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    CCleaner
    Cooking Aficionado Professional 3.1
    Distributed Document Services Component
    eWebEditPro 4 Client
    FBViewerCtrl
    File Renamer - Basic
    Google Update Helper
    GoToAssist Customer 1.5.0.274
    GoToAssist Expert 1.5.0.274
    GoToMeeting 4.5.0.457
    Host OpenAL (ADI)
    Intel Reseller Tracking Utility
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Interface
    Intel(R) Network Connections 13.1.4.0
    Intel® Active Management Technology
    IObit Security 360
    Java Auto Updater
    KODAK Capture Pro Software Find and View
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 7.1
    Microsoft IntelliType Pro 7.1
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Accounting 2007
    Microsoft Office Accounting Equifax Addin
    Microsoft Office Accounting Fixed Asset Manager
    Microsoft Office Accounting PayPal Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Visio 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Standard 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 4.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Essentials
    neroxml
    OGA Notifier 2.0.0048.0
    OneTouch 4.0
    PaperPort 9.0
    PrimoPDF
    QuickTime
    RiskID Communicator
    Scanner Utility for Microsoft Windows
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio 2007 (KB2434737)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Software Operation Panel
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    SpyNoMore 2.98
    SUPERAntiSpyware Free Edition
    U3Launcher
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Visio 2007 Help (KB963666)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2522999)
    VCRedistSetup
    Vid-Center (Build 18223)
    WebEx
    Windows Media Player Firefox Plugin
    ZipGenius 6 (6.3.1.2590)
    .
    ==== End Of File ===========================


    Please help, I'm out of options.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,032   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    You're running two AV programs, Avira and AVG.
    One of them has to go.
    If AVG (preferably), use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools

    Then.....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    Here is the log from MBRcheck. I had an issue running ComboFix that I explain below.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Professional
    Windows Information: Service Pack 1 (build 7601), 32-bit
    Base Board Manufacturer: Intel Corporation
    BIOS Manufacturer: Intel Corp.
    System Manufacturer: GLEDist
    System Product Name:
    Logical Drives Mask: 0x0001c08c

    Kernel Drivers (total 199):
    0x82C40000 \SystemRoot\system32\ntkrnlpa.exe
    0x82C09000 \SystemRoot\system32\halmacpi.dll
    0x80BA8000 \SystemRoot\system32\kdcom.dll
    0x8322C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x832B1000 \SystemRoot\system32\PSHED.dll
    0x832C2000 \SystemRoot\system32\BOOTVID.dll
    0x832CA000 \SystemRoot\system32\CLFS.SYS
    0x8330C000 \SystemRoot\system32\CI.dll
    0x8382F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x838A0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x838AE000 \SystemRoot\system32\drivers\ACPI.sys
    0x838F6000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x838FF000 \SystemRoot\system32\drivers\msisadrv.sys
    0x83907000 \SystemRoot\system32\drivers\pci.sys
    0x83931000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x8393C000 \SystemRoot\System32\drivers\partmgr.sys
    0x8394D000 \SystemRoot\system32\drivers\volmgr.sys
    0x8395D000 \SystemRoot\System32\drivers\volmgrx.sys
    0x839A8000 \SystemRoot\system32\drivers\pciide.sys
    0x839AF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x839BD000 \SystemRoot\System32\drivers\mountmgr.sys
    0x839D3000 \SystemRoot\system32\drivers\vmbus.sys
    0x83800000 \SystemRoot\system32\drivers\winhv.sys
    0x83812000 \SystemRoot\system32\drivers\atapi.sys
    0x833B7000 \SystemRoot\system32\drivers\ataport.SYS
    0x8381B000 \SystemRoot\system32\DRIVERS\aic78xx.sys
    0x833DA000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    0x83200000 \SystemRoot\system32\drivers\amdxata.sys
    0x83A25000 \SystemRoot\system32\drivers\fltmgr.sys
    0x83A59000 \SystemRoot\system32\drivers\fileinfo.sys
    0x83A6A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x83B99000 \SystemRoot\System32\Drivers\msrpc.sys
    0x83BC4000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8B224000 \SystemRoot\System32\Drivers\cng.sys
    0x8B281000 \SystemRoot\System32\drivers\pcw.sys
    0x8B28F000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8B298000 \SystemRoot\system32\drivers\ndis.sys
    0x8B34F000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8B38D000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8B401000 \SystemRoot\System32\drivers\tcpip.sys
    0x8B54B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8B57C000 \SystemRoot\system32\drivers\vmstorfl.sys
    0x8B585000 \SystemRoot\system32\drivers\volsnap.sys
    0x8B5C4000 \SystemRoot\System32\Drivers\spldr.sys
    0x8B5CC000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8B3B2000 \SystemRoot\System32\Drivers\mup.sys
    0x8B3C2000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8B3CA000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8B200000 \SystemRoot\system32\DRIVERS\disk.sys
    0x83BD7000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x83209000 \SystemRoot\system32\drivers\cdrom.sys
    0x8B5F9000 \SystemRoot\System32\Drivers\Null.SYS
    0x90805000 \SystemRoot\System32\Drivers\Beep.SYS
    0x9080C000 \SystemRoot\System32\drivers\vga.sys
    0x90818000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x90839000 \SystemRoot\System32\drivers\watchdog.sys
    0x90846000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x9084E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x90856000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x9085E000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x90869000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x90877000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x9088E000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x9089A000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x908CC000 \SystemRoot\system32\drivers\afd.sys
    0x90926000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x9092D000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x9094C000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9095A000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x9096D000 \SystemRoot\system32\drivers\termdd.sys
    0x9097E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0x909A0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x909A6000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x909E7000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x909F1000 \SystemRoot\system32\drivers\mssmbios.sys
    0x90C10000 \SystemRoot\System32\drivers\discache.sys
    0x90C1C000 \SystemRoot\system32\drivers\csc.sys
    0x90C80000 \SystemRoot\System32\Drivers\dfsc.sys
    0x90C98000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x90CA6000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x91419000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x91D39000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x90CC7000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x91DF0000 \SystemRoot\system32\DRIVERS\HECI.sys
    0x90D00000 \SystemRoot\system32\DRIVERS\serial.sys
    0x91400000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x90D1A000 \SystemRoot\system32\DRIVERS\e1k6032.sys
    0x9140A000 \SystemRoot\system32\drivers\usbuhci.sys
    0x90D46000 \SystemRoot\system32\drivers\USBPORT.SYS
    0x90D91000 \SystemRoot\system32\drivers\usbehci.sys
    0x90DA0000 \SystemRoot\system32\drivers\HDAudBus.sys
    0x90DBF000 \SystemRoot\system32\DRIVERS\scsiscan.sys
    0x90DC9000 \SystemRoot\system32\drivers\1394ohci.sys
    0x90DF6000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x90C00000 \SystemRoot\system32\drivers\tpm.sys
    0x97229000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x9723B000 \SystemRoot\system32\drivers\CompositeBus.sys
    0x97248000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x9725A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x97272000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x9727D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x9729F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x972B7000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x972CE000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x972E5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x972EF000 \SystemRoot\system32\drivers\kbdclass.sys
    0x972FC000 \SystemRoot\system32\drivers\mouclass.sys
    0x97309000 \SystemRoot\system32\drivers\swenum.sys
    0x9730B000 \SystemRoot\system32\drivers\ks.sys
    0x9733F000 \SystemRoot\system32\drivers\umbus.sys
    0x9734D000 \SystemRoot\system32\drivers\usbhub.sys
    0x97391000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8201A000 \SystemRoot\system32\drivers\ADIHdAud.sys
    0x8207A000 \SystemRoot\system32\drivers\portcls.sys
    0x820A9000 \SystemRoot\system32\drivers\drmk.sys
    0x98CF0000 \SystemRoot\System32\win32k.sys
    0x820C2000 \SystemRoot\System32\drivers\Dxapi.sys
    0x820CC000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x820D9000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x820E4000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x820ED000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x820FE000 \SystemRoot\system32\drivers\usbccgp.sys
    0x82115000 \SystemRoot\system32\drivers\USBD.SYS
    0x82117000 \SystemRoot\system32\drivers\hidusb.sys
    0x82122000 \SystemRoot\system32\drivers\HIDCLASS.SYS
    0x82135000 \SystemRoot\system32\drivers\HIDPARSE.SYS
    0x8213C000 \SystemRoot\system32\drivers\kbdhid.sys
    0x82148000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x82153000 \SystemRoot\system32\DRIVERS\point32k.sys
    0x8215E000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x98F50000 \SystemRoot\System32\TSDDD.dll
    0x98F80000 \SystemRoot\System32\cdd.dll
    0x98FA0000 \SystemRoot\System32\ATMFD.DLL
    0x82169000 \SystemRoot\system32\drivers\luafv.sys
    0x82184000 \SystemRoot\system32\drivers\WudfPf.sys
    0x8219E000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x821AE000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9922F000 \SystemRoot\system32\drivers\HTTP.sys
    0x992B4000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x992CD000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x992DF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x99302000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9933D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x99370000 \SystemRoot\System32\drivers\aspi32.sys
    0x9A024000 \SystemRoot\system32\drivers\peauth.sys
    0x9A0BB000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9A0C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9A0E6000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9A0F3000 \SystemRoot\system32\WinFLdrv.sys
    0x9A0FB000 \??\C:\Windows\system32\WinVd32.sys
    0x9A127000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9A177000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9A1D3000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x9A1DC000 \??\C:\Users\mwilson\AppData\Local\Temp\agloifob.sys
    0x9A1F5000 \??\C:\Users\mwilson\AppData\Local\Temp\mbr.sys
    0x9A000000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0x99374000 \SystemRoot\System32\Drivers\avgldx86.sys
    0x993A8000 \SystemRoot\System32\Drivers\avgtdix.sys
    0x9A006000 \SystemRoot\System32\Drivers\avgrkx86.sys
    0x9A012000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
    0x777D0000 \Windows\System32\ntdll.dll
    0x47FF0000 \Windows\System32\smss.exe
    0x77A10000 \Windows\System32\apisetschema.dll
    0x00F00000 \Windows\System32\autochk.exe
    0x779E0000 \Windows\System32\imm32.dll
    0x77630000 \Windows\System32\setupapi.dll
    0x77430000 \Windows\System32\iertutil.dll
    0x77990000 \Windows\System32\gdi32.dll
    0x77980000 \Windows\System32\normaliz.dll
    0x773A0000 \Windows\System32\oleaut32.dll
    0x772D0000 \Windows\System32\msctf.dll
    0x77960000 \Windows\System32\sechost.dll
    0x77950000 \Windows\System32\lpk.dll
    0x77190000 \Windows\System32\urlmon.dll
    0x77030000 \Windows\System32\ole32.dll
    0x76FB0000 \Windows\System32\comdlg32.dll
    0x76360000 \Windows\System32\shell32.dll
    0x77920000 \Windows\System32\imagehlp.dll
    0x762C0000 \Windows\System32\advapi32.dll
    0x76260000 \Windows\System32\shlwapi.dll
    0x761B0000 \Windows\System32\msvcrt.dll
    0x760E0000 \Windows\System32\user32.dll
    0x76040000 \Windows\System32\usp10.dll
    0x75FB0000 \Windows\System32\clbcatq.dll
    0x75EB0000 \Windows\System32\wininet.dll
    0x75E70000 \Windows\System32\ws2_32.dll
    0x77910000 \Windows\System32\psapi.dll
    0x75E60000 \Windows\System32\nsi.dll
    0x75E10000 \Windows\System32\Wldap32.dll
    0x75D60000 \Windows\System32\rpcrt4.dll
    0x75C80000 \Windows\System32\kernel32.dll
    0x75C20000 \Windows\System32\difxapi.dll
    0x75BD0000 \Windows\System32\KernelBase.dll
    0x75B40000 \Windows\System32\comctl32.dll
    0x75B20000 \Windows\System32\devobj.dll
    0x75AF0000 \Windows\System32\cfgmgr32.dll
    0x759D0000 \Windows\System32\crypt32.dll
    0x759A0000 \Windows\System32\wintrust.dll
    0x75990000 \Windows\System32\msasn1.dll

    Processes (total 71):
    0 System Idle Process
    4 System
    280 C:\Windows\System32\smss.exe
    372 csrss.exe
    424 C:\Windows\System32\wininit.exe
    436 csrss.exe
    476 C:\Windows\System32\services.exe
    492 C:\Windows\System32\lsass.exe
    500 C:\Windows\System32\lsm.exe
    568 C:\Windows\System32\winlogon.exe
    656 C:\Windows\System32\svchost.exe
    736 C:\Windows\System32\svchost.exe
    824 C:\Windows\System32\svchost.exe
    864 C:\Windows\System32\svchost.exe
    892 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1284 C:\Windows\System32\svchost.exe
    1416 C:\Windows\System32\spoolsv.exe
    1424 C:\Windows\System32\taskeng.exe
    1460 C:\Windows\System32\svchost.exe
    1584 C:\Windows\System32\AEADISRV.EXE
    1596 C:\Windows\System32\rundll32.exe
    1620 C:\Windows\System32\atashost.exe
    1664 C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
    1696 C:\Windows\System32\inetsrv\inetinfo.exe
    1728 C:\Program Files\IObit\IObit Security 360\is360srv.exe
    1784 C:\Program Files\Intel\AMT\LMS.exe
    1832 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    1924 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    312 C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
    420 C:\Windows\System32\IoctlSvc.exe
    752 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    1028 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    1344 C:\Windows\System32\svchost.exe
    1208 C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    2340 C:\Windows\System32\svchost.exe
    2492 C:\Windows\System32\svchost.exe
    3032 C:\Windows\System32\dwm.exe
    3092 C:\Windows\explorer.exe
    3120 C:\Windows\System32\taskhost.exe
    3580 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    3636 C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
    3644 C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
    3676 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3688 C:\Program Files\Microsoft IntelliType Pro\itype.exe
    3696 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    3752 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    3784 C:\Windows\System32\hkcmd.exe
    3804 C:\Windows\System32\igfxpers.exe
    3980 C:\ProgramData\U3\U3Launcher\LaunchU3.exe
    2880 C:\Windows\System32\SearchIndexer.exe
    4356 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    5052 C:\Program Files\AVG\AVG9\avgam.exe
    6084 C:\Program Files\AVG\AVG9\avgnsx.exe
    2352 C:\Program Files\AVG\AVG9\avgrsx.exe
    1040 C:\Program Files\AVG\AVG9\avgchsvx.exe
    352 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    3136 C:\Program Files\AVG\AVG9\avgtray.exe
    5444 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    5392 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    2136 C:\Windows\System32\wuauclt.exe
    5188 C:\Windows\System32\audiodg.exe
    5304 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    3728 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    5088 C:\Program Files\Mozilla Firefox\firefox.exe
    5320 C:\Program Files\Mozilla Firefox\plugin-container.exe
    5960 C:\Windows\System32\SearchProtocolHost.exe
    3572 <unknown>
    2044 C:\Users\mwilson\Desktop\MBRCheck.exe
    5748 C:\Windows\System32\conhost.exe
    4752 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

    PhysicalDrive0 Model Number: ST3250310AS, Rev: 4.AAA

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!





    Combo Fix Issue:

    I uninstalled AVG and Avira (using Add/Remove Programs) and also using each programs removal tool. When launching combofix it said that it still noticed both as active real time scanners. I tried running combofix in safe mode also and it said the same thing. I did bypass this error and let combofix run in safe mode but get the following error:
    'Error saving file..., Continue with next file? [RegCreateKeyEx: 5 - Access is denied]

    Any recommendations on what to do? Try the rkill steps?
     
  4. Broni

    Broni Malware Annihilator Posts: 47,032   +255

    Click OK.
     
  5. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    It does that repeatedly for each file. Just continue through each until it finishes and post the log?
     
  6. Broni

    Broni Malware Annihilator Posts: 47,032   +255

    Please do.
     
  7. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    ComboFix 11-04-21.04 - mmartin 04/22/2011 8:07.1.4 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2169 [GMT -4:00]
    Running from: c:\users\mwilson\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    AV: AVG Anti-Virus Business Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: AVG Anti-Virus Business Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\users\mwilson\AppData\Roaming\.#
    c:\users\mwilson\g2ax_customer_downloadhelper_win32_x86.exe
    c:\users\mwilson\g2ax_expert_downloadhelper_win32_x86.exe
    c:\users\mwilson\g2mdlhlpx.exe
    c:\windows\system32\bidisp.dll
    c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
    c:\windows\system32\XY_msvbvm60.dll
    .
    ----- BITS: Possible infected sites -----
    .
    hxxp://exch07mod03.indiana.in1stbank.com
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-22 to 2011-04-22 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-22 12:11 . 2011-04-22 12:11 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-21 19:13 . 2011-04-21 19:13 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2011-04-21 14:10 . 2011-04-21 14:10 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2011-04-20 20:17 . 2011-04-20 20:17 100480 ----a-w- C:\agloifob.sys
    2011-04-20 18:58 . 2011-04-20 19:30 -------- d-----w- c:\program files\SpyNoMore
    2011-04-19 17:17 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
    2011-04-19 17:17 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
    2011-04-19 17:17 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
    2011-04-19 17:17 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-04-19 16:08 . 2011-04-19 16:08 -------- d-----w- c:\windows\system32\SPReview
    2011-04-19 16:05 . 2010-11-20 12:21 1010688 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-04-19 16:04 . 2010-11-20 12:07 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-04-19 16:03 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
    2011-04-19 16:03 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
    2011-04-19 14:11 . 2011-04-19 14:11 -------- d-----w- c:\program files\CCleaner
    2011-04-19 12:44 . 2011-04-19 12:44 -------- d-----w- c:\programdata\IObit
    2011-04-19 12:44 . 2011-04-19 14:53 -------- d-----w- c:\program files\IObit
    2011-04-19 07:00 . 2011-04-19 07:00 -------- d-----w- C:\7c93843c302316bf28868b650e
    2011-04-18 20:03 . 2011-04-18 20:03 -------- d-----w- c:\program files\KODAK
    2011-04-18 17:43 . 2011-04-18 17:43 90112 --sha-r- c:\windows\system32\wlangpui8.dll
    2011-04-18 13:45 . 2011-04-18 13:45 -------- d-----w- c:\windows\idmu
    2011-04-18 13:45 . 2011-04-19 17:00 -------- d-----w- c:\windows\ADAM
    2011-04-18 13:35 . 2011-04-19 17:00 -------- d-----w- c:\program files\Hyper-V
    2011-04-18 13:35 . 2011-04-18 13:35 -------- d-----w- c:\windows\system32\Windows System Resource Manager
    2011-04-18 13:34 . 2011-04-19 16:12 627712 ----a-w- c:\windows\system32\gpprefbr.dll
    2011-04-18 13:34 . 2011-04-19 16:12 2548736 ----a-w- c:\windows\system32\propshts.dll
    2011-04-18 13:34 . 2011-04-19 16:12 225280 ----a-w- c:\windows\system32\gpregistrybrowser.dll
    2011-04-18 13:34 . 2011-04-19 16:12 166400 ----a-w- c:\windows\system32\gpprefcn.dll
    2011-04-18 13:34 . 2011-04-19 16:12 4342784 ----a-w- c:\windows\system32\gppref.dll
    2011-04-18 13:34 . 2011-04-19 17:00 -------- d-----w- c:\windows\Cluster
    2011-04-18 13:34 . 2011-04-18 13:34 -------- d-----w- C:\inetpub
    2011-04-15 20:38 . 2011-04-15 20:38 -------- d-----w- c:\windows\system32\BestPractices
    2011-04-15 19:34 . 2009-07-14 01:15 18944 ----a-w- c:\windows\system32\certpick.dll
    2011-04-15 19:34 . 2009-07-14 01:15 6656 ----a-w- c:\windows\system32\nfsclusrc.dll
    2011-04-15 19:34 . 2009-07-14 01:14 138240 ----a-w- c:\windows\system32\cluster.exe
    2011-04-15 19:33 . 2009-07-13 23:28 80384 ----a-w- c:\windows\system32\vmclusex.dll
    2011-04-15 19:33 . 2009-07-14 01:22 856064 ----a-w- c:\windows\system32\Microsoft.Storage.SanMmc.dll
    2011-04-15 19:33 . 2009-07-14 01:26 98304 ----a-w- c:\windows\system32\mtedit.exe
    2011-04-15 19:33 . 2009-07-14 01:14 11776 ----a-w- c:\windows\system32\redirusr.exe
    2011-04-15 19:33 . 2009-07-14 01:14 11776 ----a-w- c:\windows\system32\redircmp.exe
    2011-04-15 19:33 . 2009-07-14 01:14 13824 ----a-w- c:\windows\system32\dfscmd.exe
    2011-04-15 19:33 . 2009-07-14 01:14 53248 ----a-w- c:\windows\system32\wlbs.exe
    2011-04-15 19:33 . 2009-07-14 01:14 53248 ----a-w- c:\windows\system32\nlb.exe
    2011-04-15 19:32 . 2009-07-14 01:14 46592 ----a-w- c:\windows\system32\gpfixup.exe
    2011-04-15 19:32 . 2009-07-14 01:14 70656 ----a-w- c:\windows\system32\netdom.exe
    2011-04-15 19:32 . 2009-07-14 01:16 59392 ----a-w- c:\windows\system32\Volshext.dll
    2011-04-15 19:32 . 2009-07-14 01:16 33280 ----a-w- c:\windows\system32\avolprop.dll
    2011-04-15 19:32 . 2009-07-14 01:15 393216 ----a-w- c:\windows\system32\DfsrHelper.dll
    2011-04-15 19:31 . 2009-07-14 01:10 22528 ----a-w- c:\windows\system32\StorageRes.dll
    2011-04-15 19:31 . 2009-07-14 01:09 98304 ----a-w- c:\windows\system32\SanMgmtR.dll
    2011-04-15 19:29 . 2009-07-14 01:19 258048 ----a-w- c:\windows\DfsrAdmin.exe
    2011-04-15 19:29 . 2009-07-14 01:26 10752 ----a-w- c:\windows\system32\Interop.DfsrHelper.dll
    2011-04-15 19:29 . 2009-07-14 01:25 73728 ----a-w- c:\windows\system32\srmlib.dll
    2011-04-15 19:15 . 2011-04-15 17:33 -------- d-----w- c:\windows\Panther
    2011-04-15 19:12 . 2011-04-15 19:12 -------- d-----w- c:\windows\system32\Wat
    2011-04-15 19:04 . 2011-04-15 16:01 -------- d-----w- C:\$WINDOWS.~Q
    2011-04-15 18:58 . 2004-09-01 18:18 259648 ----a-w- c:\windows\system32\drivers\smwdm.sys
    2011-04-15 18:58 . 2004-05-17 16:23 133200 ----a-w- c:\windows\system32\drivers\aeaudio.sys
    2011-04-15 18:58 . 2004-04-26 15:49 381056 ----a-w- c:\windows\system32\drivers\senfilt.sys
    2011-04-15 18:58 . 2003-08-20 01:36 65536 ----a-w- c:\windows\system32\a3d.dll
    2011-04-15 18:58 . 2011-04-15 18:58 -------- d-----w- C:\SoundmaxDrivers
    2011-04-15 18:49 . 2011-04-15 18:58 -------- d-----w- C:\$INPLACE.~TR
    2011-04-15 17:33 . 2011-04-15 17:33 -------- d-----w- C:\Recovery
    2011-04-15 16:43 . 2011-02-23 04:48 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-04-15 16:43 . 2011-02-23 04:48 311808 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-04-15 16:43 . 2011-02-23 04:47 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-04-15 16:43 . 2011-02-18 05:43 428032 ----a-w- c:\windows\system32\vbscript.dll
    2011-04-15 16:43 . 2011-03-03 05:38 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-04-15 16:43 . 2011-03-03 05:36 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-04-15 16:43 . 2011-02-19 06:30 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-04-15 16:43 . 2011-02-19 04:34 294912 ----a-w- c:\windows\system32\atmfd.dll
    2011-04-15 16:43 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
    2011-04-15 16:42 . 2011-03-07 05:33 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-04-15 16:42 . 2011-03-07 05:31 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2011-04-15 16:42 . 2011-03-07 03:52 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-04-15 16:41 . 2010-12-17 07:07 542208 ----a-w- c:\windows\system32\kerberos.dll
    2011-04-15 16:41 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys
    2011-04-15 16:41 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
    2011-04-15 16:41 . 2010-11-20 12:17 802304 ----a-w- c:\windows\system32\WFS.exe
    2011-04-15 16:39 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2011-04-15 16:25 . 2011-04-21 19:14 -------- d-----w- c:\windows\system32\wbem\Performance
    2011-04-15 15:52 . 2011-04-15 15:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-04-15 15:20 . 2011-04-15 15:20 -------- d-----w- c:\programdata\SonicFocus
    2011-04-15 15:20 . 2011-04-15 15:25 -------- d-----w- c:\program files\Analog Devices
    2011-04-14 20:33 . 2011-04-14 20:37 -------- d-----w- C:\cf8e69e39a84a7179a95e0ec9f9a1e01
    2011-04-13 19:02 . 2011-04-13 19:02 40984 ----a-w- c:\windows\system32\drivers\point32.sys
    2011-04-12 17:01 . 2011-04-12 17:01 45464 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2011-04-11 13:33 . 2009-08-20 04:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2011-04-09 03:02 . 2011-04-09 03:02 391168 ----a-w- c:\windows\system32\itpcoin815.dll
    2011-04-09 03:02 . 2011-04-09 03:02 390656 ----a-w- c:\windows\system32\ipcoin815.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-19 16:12 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-02-11 23:26 . 2011-02-11 23:26 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
    2011-02-11 23:26 . 2011-02-11 23:26 137752 ----a-w- c:\windows\system32\igfxtray.exe
    2011-02-11 23:26 . 2011-02-11 23:26 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
    2011-02-11 23:26 . 2011-02-11 23:26 172568 ----a-w- c:\windows\system32\igfxpers.exe
    2011-02-11 23:26 . 2011-02-11 23:26 179224 ----a-w- c:\windows\system32\igfxext.exe
    2011-02-11 23:26 . 2011-02-11 23:26 171032 ----a-w- c:\windows\system32\hkcmd.exe
    2011-02-11 23:26 . 2011-02-11 23:26 3157528 ----a-w- c:\windows\system32\GfxUI.exe
    2011-02-11 23:20 . 2011-02-11 23:20 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
    2011-02-11 23:12 . 2011-02-11 23:12 9036800 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
    2011-02-11 23:12 . 2011-02-11 23:12 4967424 ----a-w- c:\windows\system32\igdumd32.dll
    2011-02-11 23:09 . 2011-02-11 23:09 571904 ----a-w- c:\windows\system32\igdumdx32.dll
    2011-02-11 23:04 . 2010-08-26 00:23 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
    2011-02-11 22:51 . 2011-02-11 22:51 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
    2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 86528 ----a-w- c:\windows\system32\igfxresn.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 86528 ----a-w- c:\windows\system32\igfxrell.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrita.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 84480 ----a-w- c:\windows\system32\igfxrara.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
    2011-02-11 22:44 . 2011-02-11 22:44 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
    2011-02-11 22:41 . 2011-02-11 22:41 261632 ----a-w- c:\windows\system32\igfxTMM.dll
    2011-02-11 22:41 . 2011-02-11 22:41 195584 ----a-w- c:\windows\system32\igfxpph.dll
    2011-02-11 22:41 . 2011-02-11 22:41 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
    2011-02-11 22:41 . 2011-02-11 22:41 23552 ----a-w- c:\windows\system32\igfxexps.dll
    2011-02-11 22:41 . 2010-08-25 23:59 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
    2011-02-11 22:40 . 2011-02-11 22:40 130048 ----a-w- c:\windows\system32\igfxdo.dll
    2011-02-11 22:40 . 2010-08-25 23:59 95232 ----a-w- c:\windows\system32\hccutils.dll
    2011-02-11 22:40 . 2011-02-11 22:40 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
    2011-02-11 22:40 . 2011-02-11 22:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2011-02-11 22:40 . 2011-02-11 22:40 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
    2011-02-11 22:40 . 2011-02-11 22:40 828928 ----a-w- c:\windows\system32\igfxress.dll
    2011-02-11 22:40 . 2011-02-11 22:40 228864 ----a-w- c:\windows\system32\igfxdev.dll
    2011-02-11 22:35 . 2011-02-11 22:35 208896 ----a-w- c:\windows\system32\iglhsip32.dll
    2011-02-11 22:35 . 2011-02-11 22:35 147456 ----a-w- c:\windows\system32\iglhcp32.dll
    2011-02-03 02:40 . 2010-06-01 11:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-03-18 17:53 . 2011-04-19 15:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-31 38840]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "FJTWAIN Setup"="c:\windows\Twain_32\fjscan32\FjtwMkup.exe" [2007-12-14 131072]
    "FtLnSOP_setup"="c:\windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe" [2007-09-28 118784]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2003-05-04 40960]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2003-05-04 57393]
    "picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2008-06-24 780824]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-06-24 1310720]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2009-7-17 22486]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWelcomeScreen"= 1 (0x1)
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceStartMenuLogOff"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
    2011-04-18 13:07 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Error Recovery Guide.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Error Recovery Guide.lnk
    backup=c:\windows\pss\Error Recovery Guide.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 135664]
    R3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe Start=service [x]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2011-04-19 12872]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-15 1343400]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-04-19 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2011-04-19 67656]
    S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-09-24 43920]
    S2 FJTWMKSV;FJTWMKSV;c:\windows\twain_32\fjscan32\FJTWMKSV.exe [2007-03-08 45056]
    S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
    S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-06-24 2062872]
    S2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-12-07 17984]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [2009-07-13 164864]
    S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\DRIVERS\scsiscan.sys [2009-07-14 14848]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - AvgRkx86
    *Deregistered* - AvgTdiX
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 19:58]
    .
    2011-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-21 19:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = hxxp://172.16.24.*;http://192.168.244.*;http://10.224.224.*;http://172.16.28.*;http://172.16.29.*;https://earchive.*
    uInternet Settings,ProxyServer = adserver03.indiana.in1stbank.com:3128
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} - hxxps://ftp.raddon.com/COM/MOVEitUploadWizard5.0.0.ocx
    DPF: {0E409091-0585-415E-88B9-820BDC57094C} - hxxps://filetransfer.opensolutions.com/COM/MOVEitUploadWizard5.5.0.ocx
    FF - ProfilePath - c:\users\mwilson\AppData\Roaming\Mozilla\Firefox\Profiles\b172519m.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.ftp - adserver03.indiana.in1stbank.com
    FF - prefs.js: network.proxy.ftp_port - 3128
    FF - prefs.js: network.proxy.http - adserver03.indiana.in1stbank.com
    FF - prefs.js: network.proxy.http_port - 3128
    FF - prefs.js: network.proxy.socks - adserver03.indiana.in1stbank.com
    FF - prefs.js: network.proxy.socks_port - 3128
    FF - prefs.js: network.proxy.ssl - adserver03.indiana.in1stbank.com
    FF - prefs.js: network.proxy.ssl_port - 3128
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\AEADISRV.EXE
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Intel\AMT\LMS.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\program files\Visioneer\OneTouch 4.0\OtService.exe
    c:\windows\system32\IoctlSvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\programdata\U3\U3Launcher\LaunchU3.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-04-22 08:16:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-04-22 12:16
    .
    Pre-Run: 164,618,887,168 bytes free
    Post-Run: 164,530,507,776 bytes free
    .
    - - End Of File - - 45B0E5F23DC56B7F3FDE9EA1A1DE5C69
     
  8. Broni

    Broni Malware Annihilator Posts: 47,032   +255

    Looks good now.

    How is redirection?

    You can reinstall ONE of your AV programs now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    The redirection was still happening after I ran combofix. It's not doing it now, but its hit or miss throughout the day to begin with.

    OTL Extras logfile created on: 4/22/2011 11:50:28 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mwilson\Desktop
    An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 150.53 Gb Free Space | 64.64% Space Free | Partition Type: NTFS
    Drive H: | 61.52 Gb Total Space | 1.27 Gb Free Space | 2.06% Space Free | Partition Type: NTFS
    Drive O: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
    Drive P: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
    Drive Q: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS

    Computer Name: ITASSIST-0609 | User Name: mmartin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0F52A3FF-AA13-44E3-A9AD-9581215AE9D6}" = FBViewerCtrl
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.1.4.0
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{34D54195-9A21-4A54-AEB9-A1DF268054D4}" = KODAK Capture Pro Software Find and View
    "{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C2BB796-A02C-4AD5-847C-0FC307EB79D1}" = OneTouch 4.0
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
    "{90120000-0054-0409-0000-0000000FF1CE}_VISSTDR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0053-0000-0000-0000000FF1CE}" = Microsoft Office Visio Standard 2007
    "{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
    "{91120000-0053-0000-0000-0000000FF1CE}_VISSTDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{94ECA004-8B62-45E8-B83D-A85F61A1F0B9}" = eWebEditPro 4 Client
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96056420-DDF3-46A7-AA8D-BC2D1AE5290B}" = Microsoft IntelliType Pro 8.1
    "{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
    "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
    "{AC76BA86-1033-F400-BA7E-000000000004}_943" = Adobe Acrobat 9.4.3 - CPSID_83708
    "{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}" = Adobe Acrobat 9 Standard - English, Français, Deutsch
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{C3674C4D-3846-4D9A-8FF4-7397B58AA99E}" = RiskID Communicator
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
    "{E64404F1-98DC-4CC8-A1A7-EF36E4E21033}" = Nero 8 Essentials
    "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
    "{EBED57B3-DD9C-4CCC-84F7-2F9B77D51765}" = Intel Reseller Tracking Utility
    "{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.3.1.2590)
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{FDCE9C15-EB45-11D5-89C7-0050DA162A25}" = PaperPort 9.0
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AVG9Uninstall" = AVG 9.0
    "BSI Document Services" = Distributed Document Services Component
    "CCleaner" = CCleaner
    "Cooking Aficionado_is1" = Cooking Aficionado Professional 3.1
    "File Renamer - Basic" = File Renamer - Basic
    "GoToAssist Express Customer" = GoToAssist Customer 1.5.0.274
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HECI" = Intel(R) Management Engine Interface
    "Host OpenAL (ADI)" = Host OpenAL (ADI)
    "IObit Security 360_is1" = IObit Security 360
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MESOL" = Intel® Active Management Technology
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
    "Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
    "Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
    "Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
    "Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "PrimoPDF4.0.1" = PrimoPDF
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROSetDX" = Intel(R) Network Connections 13.1.4.0
    "Software Operation Panel" = Software Operation Panel
    "SpyNoMore" = SpyNoMore 2.98
    "Vid-Center_is1" = Vid-Center (Build 18223)
    "VISSTDR" = Microsoft Office Visio Standard 2007

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToAssist Express Expert" = GoToAssist Expert 1.5.0.274
    "GoToMeeting" = GoToMeeting 4.5.0.457

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  10. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    Part 1 of OTL

    OTL logfile created on: 4/22/2011 11:50:28 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\mwilson\Desktop
    An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 150.53 Gb Free Space | 64.64% Space Free | Partition Type: NTFS
    Drive H: | 61.52 Gb Total Space | 1.27 Gb Free Space | 2.06% Space Free | Partition Type: NTFS
    Drive O: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
    Drive P: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS
    Drive Q: | 200.00 Gb Total Space | 82.18 Gb Free Space | 41.09% Space Free | Partition Type: NTFS

    Computer Name: ITASSIST-0609 | User Name: mmartin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/04/22 11:47:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2011/04/22 11:47:03 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2011/04/22 11:47:03 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2011/04/22 11:47:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2011/04/22 11:47:02 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2011/04/22 11:47:02 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
    PRC - [2011/04/22 11:47:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2011/04/22 11:47:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
    PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Security 360\is360srv.exe
    PRC - [2009/09/24 16:05:41 | 000,043,920 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2009/07/13 21:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
    PRC - [2008/06/24 05:42:29 | 002,062,872 | R--- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    PRC - [2008/06/24 05:42:25 | 000,174,616 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
    PRC - [2008/06/24 05:42:06 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
    PRC - [2007/12/21 13:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
    PRC - [2007/12/14 10:01:24 | 000,131,072 | ---- | M] (FUJITSU LIMITED) -- C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
    PRC - [2007/10/23 09:45:40 | 001,336,632 | ---- | M] () -- C:\ProgramData\U3\U3Launcher\LaunchU3.exe
    PRC - [2007/09/28 00:38:04 | 000,118,784 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
    PRC - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/04/22 11:47:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    MOD - [2011/04/22 11:47:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
    MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
    SRV - [2011/04/22 11:47:02 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2011/04/18 09:07:41 | 000,161,144 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_service.exe -- (GoToAssist Express Customer)
    SRV - [2011/04/15 15:12:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
    SRV - [2010/02/04 12:33:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/09/24 16:05:41 | 000,043,920 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 21:14:21 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV - [2008/06/24 05:42:29 | 002,062,872 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2008/06/24 05:42:25 | 000,174,616 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
    SRV - [2008/06/24 05:42:06 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
    SRV - [2007/12/21 13:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) [Auto | Running] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)
    SRV - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/04/22 11:47:20 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
    DRV - [2011/04/22 11:47:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2011/04/22 11:47:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2011/04/22 11:47:05 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2011/04/19 09:15:53 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2011/04/19 09:15:52 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/04/19 09:15:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2011/04/12 13:01:38 | 000,045,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/12/07 11:21:17 | 000,180,224 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\WinVd32.sys -- (WinVd32)
    DRV - [2009/12/07 11:21:16 | 000,017,984 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\System32\WinFLdrv.sys -- (WinFLdrv)
    DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2009/07/13 20:14:43 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\scsiscan.sys -- (scsiscan)
    DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
    DRV - [2009/07/13 19:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
    DRV - [2009/07/13 18:02:52 | 000,164,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6032.sys -- (e1kexpress) Intel(R)
    DRV - [2008/06/24 05:42:34 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2008/02/21 00:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
    DRV - [2006/07/06 12:16:12 | 000,064,000 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\aic78xx.sys -- (aic78xx)
    DRV - [2004/04/26 11:49:56 | 000,381,056 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\senfilt.sys -- (senfilt)
    DRV - [1997/12/22 21:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aspi32.sys -- (Aspi32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 AE 09 A9 13 79 CA 01 [binary data]
    IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = http://172.16.24.*;http://192.168.2...16.28.*;http://172.16.29.*;https://earchive.*
    IE - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = adserver03.indiana.in1stbank.com:3128

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..network.proxy.ftp: "adserver03.indiana.in1stbank.com"
    FF - prefs.js..network.proxy.ftp_port: 3128
    FF - prefs.js..network.proxy.http: "adserver03.indiana.in1stbank.com"
    FF - prefs.js..network.proxy.http_port: 3128
    FF - prefs.js..network.proxy.no_proxies_on: "http://172.16.24.*,http://192.168.244.*,http://10.224.224.*,http://172.16.28.*,http://172.16.29.*,https://earchive.*"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "adserver03.indiana.in1stbank.com"
    FF - prefs.js..network.proxy.socks_port: 3128
    FF - prefs.js..network.proxy.ssl: "adserver03.indiana.in1stbank.com"
    FF - prefs.js..network.proxy.ssl_port: 3128
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/04/22 11:47:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/19 11:26:16 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/19 10:03:53 | 000,000,000 | ---D | M]

    [2011/04/19 11:26:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mwilson\AppData\Roaming\mozilla\Extensions
    [2011/04/20 14:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/04/15 11:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/04/15 11:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/04/15 11:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/04/15 11:26:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/04/15 11:28:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    [2009/09/24 16:01:59 | 000,061,840 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/04/22 08:14:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
    O4 - HKLM..\Run: [FtLnSOP_setup] C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
    O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
    O7 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2526134451-433225585-1125826435-1491\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O16 - DPF: {02E58850-DBD8-40D9-8897-1F9F9471023C} https://ftp.raddon.com/COM/MOVEitUploadWizard5.0.0.ocx (MOVEitUpDownWiz Class)
    O16 - DPF: {0E409091-0585-415E-88B9-820BDC57094C} https://filetransfer.opensolutions.com/COM/MOVEitUploadWizard5.5.0.ocx (MOVEitUpDownWiz Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.224.224.30
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Indiana.in1stbank.com
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\GoToAssist Express Customer: DllName - C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll - C:\Program Files\Citrix\GoToAssist Express Customer\274\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\Users\mwilson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\mwilson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
     
  11. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    Part 2 of OTL

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/04/22 11:47:20 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2011/04/22 11:47:20 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2011/04/22 11:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 9.0
    [2011/04/22 11:47:19 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2011/04/22 11:47:11 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2011/04/22 11:47:05 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2011/04/22 11:47:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
    [2011/04/22 11:46:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
    [2011/04/22 08:16:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/04/22 08:11:44 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\temp
    [2011/04/22 08:05:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/04/21 15:49:14 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Desktop\Administrative Tools
    [2011/04/21 15:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
    [2011/04/21 15:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
    [2011/04/21 10:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
    [2011/04/21 10:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
    [2011/04/21 08:29:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/04/21 08:29:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/04/21 08:29:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/04/21 08:21:42 | 000,367,616 | ---- | C] (Avira GmbH) -- C:\Users\mwilson\Desktop\removaltool-win32-en.exe
    [2011/04/21 08:21:11 | 001,163,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\mwilson\Desktop\avg_remover_stf_x86_2011_1322.exe
    [2011/04/21 08:19:29 | 006,343,736 | ---- | C] (OPSWAT, Inc.) -- C:\Users\mwilson\Desktop\AppRemover.exe
    [2011/04/21 08:19:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/04/20 16:17:30 | 000,100,480 | ---- | C] (GMER) -- C:\agloifob.sys
    [2011/04/20 16:10:44 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\mwilson\Desktop\TFC.exe
    [2011/04/20 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyNoMore
    [2011/04/20 14:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
    [2011/04/20 14:58:34 | 000,000,000 | ---D | C] -- C:\Program Files\SpyNoMore
    [2011/04/20 14:52:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/04/20 09:24:27 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\ElevatedDiagnostics
    [2011/04/19 12:08:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
    [2011/04/19 12:05:10 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
    [2011/04/19 10:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/04/19 10:11:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/04/19 08:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Security 360
    [2011/04/19 08:44:14 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Roaming\IObit
    [2011/04/19 08:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
    [2011/04/19 08:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2011/04/19 03:00:24 | 000,000,000 | ---D | C] -- C:\7c93843c302316bf28868b650e
    [2011/04/18 16:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak Capture Software Find and View
    [2011/04/18 16:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\KODAK
    [2011/04/18 09:45:33 | 000,000,000 | ---D | C] -- C:\Windows\idmu
    [2011/04/18 09:45:31 | 000,000,000 | ---D | C] -- C:\Windows\ADAM
    [2011/04/18 09:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hyper-V
    [2011/04/18 09:35:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\Windows System Resource Manager
    [2011/04/18 09:34:41 | 000,000,000 | ---D | C] -- C:\inetpub
    [2011/04/18 09:34:41 | 000,000,000 | ---D | C] -- C:\Windows\Cluster
    [2011/04/15 16:38:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\BestPractices
    [2011/04/15 16:36:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2011/04/15 15:15:07 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2011/04/15 15:12:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
    [2011/04/15 15:04:21 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~Q
    [2011/04/15 14:58:00 | 000,000,000 | ---D | C] -- C:\SoundmaxDrivers
    [2011/04/15 14:49:58 | 000,000,000 | ---D | C] -- C:\$INPLACE.~TR
    [2011/04/15 14:19:52 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2011/04/15 13:35:30 | 000,000,000 | -H-D | C] -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2011/04/15 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\VirtualStore
    [2011/04/15 13:33:22 | 000,000,000 | ---D | C] -- C:\Recovery
    [2011/04/15 11:22:18 | 000,000,000 | --SD | C] -- C:\Users\mwilson\AppData\Roaming\Microsoft
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Videos
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Saved Games
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Pictures
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Music
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Links
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Favorites
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Downloads
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Documents
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\Desktop
    [2011/04/15 11:22:18 | 000,000,000 | R--D | C] -- C:\Users\mwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\AppData\Local\Temporary Internet Files
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Templates
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Start Menu
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\SendTo
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Recent
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\PrintHood
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\NetHood
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Documents\My Videos
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Documents\My Pictures
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Documents\My Music
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\My Documents
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Local Settings
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\AppData\Local\History
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Cookies
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\Application Data
    [2011/04/15 11:22:18 | 000,000,000 | -HSD | C] -- C:\Users\mwilson\AppData\Local\Application Data
    [2011/04/15 11:22:18 | 000,000,000 | -H-D | C] -- C:\Users\mwilson\AppData
    [2011/04/15 11:22:18 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\Microsoft
    [2011/04/15 11:22:18 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Roaming\Media Center Programs
    [2011/04/15 11:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
    [2011/04/15 11:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
    [2011/04/15 11:18:11 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2011/04/14 16:33:51 | 000,000,000 | ---D | C] -- C:\cf8e69e39a84a7179a95e0ec9f9a1e01
    [2011/04/08 16:01:09 | 000,000,000 | ---D | C] -- C:\Users\mwilson\AppData\Local\Microsoft Corporation
    [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2009/06/02 14:59:44 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/04/22 11:48:56 | 074,985,920 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2011/04/22 11:47:20 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
    [2011/04/22 11:47:20 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
    [2011/04/22 11:47:20 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
    [2011/04/22 11:47:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
    [2011/04/22 11:47:11 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
    [2011/04/22 11:47:05 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
    [2011/04/22 11:47:05 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
    [2011/04/22 11:47:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
    [2011/04/22 11:24:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/04/22 09:26:03 | 000,000,556 | ---- | M] () -- C:\Windows\ABSBM.INI
    [2011/04/22 08:21:04 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/22 08:21:04 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/22 08:17:42 | 000,678,326 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/04/22 08:17:42 | 000,126,342 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/04/22 08:14:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/04/22 08:13:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/04/22 08:13:55 | 000,000,174 | ---- | M] () -- C:\Windows\hpbafd.ini
    [2011/04/22 08:13:33 | 000,422,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/04/22 08:13:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/04/22 08:12:53 | 2384,326,656 | -HS- | M] () -- C:\hiberfil.sys
    [2011/04/22 08:05:32 | 004,326,658 | R--- | M] () -- C:\Users\mwilson\Desktop\ComboFix.exe
    [2011/04/21 15:13:46 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
    [2011/04/21 10:09:56 | 011,473,440 | ---- | M] () -- C:\Users\mwilson\Desktop\BankManager_April_2011.EXE
    [2011/04/21 10:09:17 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2011/04/21 08:21:43 | 000,367,616 | ---- | M] (Avira GmbH) -- C:\Users\mwilson\Desktop\removaltool-win32-en.exe
    [2011/04/21 08:21:14 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\mwilson\Desktop\avg_remover_stf_x86_2011_1322.exe
    [2011/04/21 08:19:47 | 006,343,736 | ---- | M] (OPSWAT, Inc.) -- C:\Users\mwilson\Desktop\AppRemover.exe
    [2011/04/21 08:09:26 | 000,080,384 | ---- | M] () -- C:\Users\mwilson\Desktop\MBRCheck.exe
    [2011/04/20 16:20:49 | 000,625,664 | ---- | M] () -- C:\Users\mwilson\Desktop\dds.scr
    [2011/04/20 16:17:30 | 000,100,480 | ---- | M] (GMER) -- C:\agloifob.sys
    [2011/04/20 16:17:14 | 000,301,568 | ---- | M] () -- C:\Users\mwilson\Desktop\7viucd7q.exe
    [2011/04/20 16:11:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\TFC.exe
    [2011/04/20 14:58:35 | 000,000,947 | ---- | M] () -- C:\Users\mwilson\Desktop\SpyNoMore.lnk
    [2011/04/20 14:48:32 | 000,004,024 | ---- | M] () -- C:\Users\mwilson\AppData\Roaming\mainhst.zgh
    [2011/04/19 11:26:17 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/04/19 11:26:17 | 000,001,098 | ---- | M] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/19 11:20:26 | 000,001,419 | ---- | M] () -- C:\Users\mwilson\Desktop\Internet Explorer.lnk
    [2011/04/19 11:19:46 | 000,001,413 | ---- | M] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/19 10:11:26 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/04/19 08:44:19 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
    [2011/04/18 16:03:02 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Find-and-View.lnk
    [2011/04/18 15:24:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/04/18 13:58:51 | 000,148,771 | ---- | M] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\remotedesktop.msc
    [2011/04/18 13:43:52 | 000,090,112 | RHS- | M] () -- C:\Windows\System32\wlangpui8.dll
    [2011/04/18 13:23:26 | 000,006,506 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2011/04/18 09:50:18 | 000,000,485 | ---- | M] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Administrative Tools - Shortcut.lnk
    [2011/04/18 09:45:30 | 000,000,435 | ---- | M] () -- C:\Windows\System32\dsac.exe.config
    [2011/04/18 09:34:33 | 000,001,315 | ---- | M] () -- C:\Windows\DfsrAdmin.exe.config
    [2011/04/18 09:34:33 | 000,001,311 | ---- | M] () -- C:\Windows\System32\DfsMgmt.dll.config
    [2011/04/18 09:32:16 | 000,001,996 | -H-- | M] () -- C:\Users\mwilson\Documents\Default.rdp
    [2011/04/15 15:14:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/04/15 13:33:44 | 000,003,152 | RHS- | M] () -- C:\Users\mwilson\ntuser.pol
    [2011/04/15 12:17:48 | 000,040,833 | ---- | M] () -- C:\Windows\System32\license.rtf
    [2011/04/15 11:59:01 | 000,021,316 | ---- | M] () -- C:\Windows\System32\emptyregdb.dat
    [2011/04/15 11:21:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
    [2011/04/15 10:45:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/15 10:45:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/04/15 10:06:56 | 000,001,890 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2011/04/15 10:06:56 | 000,001,890 | ---- | M] () -- C:\Windows\diagerr.xml
    [2011/04/15 10:06:18 | 000,002,325 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
    [2011/04/04 11:02:54 | 000,005,977 | ---- | M] () -- C:\Users\mwilson\AppData\Roaming\PrimoPDFSet.xml
    [2011/04/04 11:01:03 | 000,002,889 | ---- | M] () -- C:\Users\mwilson\Desktop\Microsoft Office Document Imaging.lnk
    [2011/04/01 09:46:08 | 000,002,355 | ---- | M] () -- C:\Users\mwilson\Desktop\PaperPort.lnk
    [2011/03/30 13:00:36 | 002,498,560 | ---- | M] () -- C:\Users\mwilson\Documents\DVRs.mdb

    ========== Files Created - No Company Name ==========

    [2011/04/22 11:47:20 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
    [2011/04/22 11:47:05 | 074,985,920 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
    [2011/04/22 11:47:05 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
    [2011/04/21 15:13:46 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32_01009.Wdf
    [2011/04/21 10:09:17 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2011/04/21 10:08:39 | 011,473,440 | ---- | C] () -- C:\Users\mwilson\Desktop\BankManager_April_2011.EXE
    [2011/04/21 08:29:41 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/04/21 08:29:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/04/21 08:29:41 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/04/21 08:29:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/04/21 08:29:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/04/21 08:09:10 | 000,080,384 | ---- | C] () -- C:\Users\mwilson\Desktop\MBRCheck.exe
    [2011/04/20 16:20:41 | 000,625,664 | ---- | C] () -- C:\Users\mwilson\Desktop\dds.scr
    [2011/04/20 16:16:43 | 000,301,568 | ---- | C] () -- C:\Users\mwilson\Desktop\7viucd7q.exe
    [2011/04/20 14:58:35 | 000,000,947 | ---- | C] () -- C:\Users\mwilson\Desktop\SpyNoMore.lnk
    [2011/04/20 14:50:16 | 004,326,658 | R--- | C] () -- C:\Users\mwilson\Desktop\ComboFix.exe
    [2011/04/19 13:15:08 | 000,001,098 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/04/19 12:06:09 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
    [2011/04/19 12:05:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
    [2011/04/19 12:05:04 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
    [2011/04/19 12:04:59 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
    [2011/04/19 11:26:17 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2011/04/19 11:26:17 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/04/19 11:20:26 | 000,001,419 | ---- | C] () -- C:\Users\mwilson\Desktop\Internet Explorer.lnk
    [2011/04/19 11:19:46 | 000,001,419 | ---- | C] () -- C:\Users\mwilson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/04/19 11:19:46 | 000,001,413 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/04/19 10:11:26 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/04/19 08:44:19 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\IObit Security 360.lnk
    [2011/04/18 16:03:02 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Find-and-View.lnk
    [2011/04/18 15:24:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2011/04/18 13:43:52 | 000,090,112 | RHS- | C] () -- C:\Windows\System32\wlangpui8.dll
    [2011/04/18 13:27:50 | 000,148,771 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\remotedesktop.msc
    [2011/04/18 09:50:18 | 000,000,485 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Administrative Tools - Shortcut.lnk
    [2011/04/18 09:45:39 | 000,000,435 | ---- | C] () -- C:\Windows\System32\dsac.exe.config
    [2011/04/18 09:34:47 | 000,001,311 | ---- | C] () -- C:\Windows\System32\DfsMgmt.dll.config
    [2011/04/18 09:34:41 | 000,001,315 | ---- | C] () -- C:\Windows\DfsrAdmin.exe.config
    [2011/04/15 15:34:38 | 000,097,194 | ---- | C] () -- C:\Windows\System32\SanMmc.msc
    [2011/04/15 15:34:26 | 000,150,924 | ---- | C] () -- C:\Windows\System32\CluAdmin.msc
    [2011/04/15 15:34:12 | 000,063,978 | ---- | C] () -- C:\Windows\System32\tsadmin.msc
    [2011/04/15 15:33:41 | 000,144,646 | ---- | C] () -- C:\Windows\System32\dssite.msc
    [2011/04/15 15:33:39 | 000,144,380 | ---- | C] () -- C:\Windows\System32\adsiedit.msc
    [2011/04/15 15:33:10 | 000,151,743 | ---- | C] () -- C:\Windows\System32\FailoverClusters.SnapInHelper.msc
    [2011/04/15 15:32:58 | 000,146,080 | ---- | C] () -- C:\Windows\System32\gptedit.msc
    [2011/04/15 15:32:48 | 000,004,988 | ---- | C] () -- C:\Windows\System32\delegwiz.inf
    [2011/04/15 15:32:47 | 000,033,652 | ---- | C] () -- C:\Windows\System32\StorExpl.msc
    [2011/04/15 15:32:42 | 000,144,951 | ---- | C] () -- C:\Windows\System32\domain.msc
    [2011/04/15 15:32:31 | 000,268,640 | ---- | C] () -- C:\Windows\System32\dfsrHealthReport.xsl
    [2011/04/15 15:32:31 | 000,155,741 | ---- | C] () -- C:\Windows\System32\dfsrPropagationReport.xsl
    [2011/04/15 15:31:52 | 000,145,017 | ---- | C] () -- C:\Windows\System32\dsa.msc
    [2011/04/15 15:31:44 | 000,042,131 | ---- | C] () -- C:\Windows\System32\tsmmc.msc
    [2011/04/15 15:31:42 | 000,115,308 | ---- | C] () -- C:\Windows\System32\ServerManager.msc
    [2011/04/15 15:31:32 | 000,146,694 | ---- | C] () -- C:\Windows\System32\dhcpmgmt.msc
    [2011/04/15 15:30:52 | 000,108,940 | ---- | C] () -- C:\Windows\System32\StorageMgmt.msc
    [2011/04/15 15:30:35 | 000,115,778 | ---- | C] () -- C:\Windows\System32\WSRM.msc
    [2011/04/15 15:30:03 | 000,001,702 | ---- | C] () -- C:\Windows\System32\StorageMgmt.dll.config
    [2011/04/15 15:30:03 | 000,001,048 | ---- | C] () -- C:\Windows\System32\SetupNfsIdMap.exe.config
    [2011/04/15 15:30:03 | 000,000,989 | ---- | C] () -- C:\Windows\System32\NfsConfigGuide.exe.config
    [2011/04/15 15:30:03 | 000,000,940 | ---- | C] () -- C:\Windows\System32\ProvisionShare.exe.config
    [2011/04/15 15:30:03 | 000,000,933 | ---- | C] () -- C:\Windows\System32\ProvisionStorage.exe.config
    [2011/04/15 15:30:02 | 000,145,867 | ---- | C] () -- C:\Windows\System32\dnsmgmt.msc
    [2011/04/15 15:29:51 | 000,146,446 | ---- | C] () -- C:\Windows\System32\gpmc.msc
    [2011/04/15 15:29:50 | 000,146,712 | ---- | C] () -- C:\Windows\System32\gpme.msc
    [2011/04/15 15:29:35 | 000,055,953 | ---- | C] () -- C:\Windows\System32\dfsmgmt.msc
    [2011/04/15 13:33:44 | 000,003,152 | RHS- | C] () -- C:\Users\mwilson\ntuser.pol
    [2011/04/15 13:33:27 | 000,006,506 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2011/04/15 12:20:00 | 2384,326,656 | -HS- | C] () -- C:\hiberfil.sys
    [2011/04/15 11:59:01 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2011/04/15 11:22:18 | 000,000,290 | ---- | C] () -- C:\Users\mwilson\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2011/04/15 11:21:58 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2011/04/15 11:21:55 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2011/04/15 11:21:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_point32k_01009.Wdf
    [2011/04/15 11:20:16 | 000,011,136 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/04/15 11:20:16 | 000,011,136 | -H-- | C] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
    [2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
    [2010/08/17 09:26:20 | 000,013,824 | ---- | C] () -- C:\Windows\System32\BM_SMTPMail.dll
    [2010/08/16 14:30:29 | 000,004,024 | ---- | C] () -- C:\Users\mwilson\AppData\Roaming\mainhst.zgh
    [2010/07/21 14:52:43 | 000,000,229 | ---- | C] () -- C:\Windows\IPSSETUP.INI
    [2010/04/01 11:42:56 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/03/18 09:34:06 | 000,000,702 | ---- | C] () -- C:\Windows\Bank.ini
    [2010/01/20 17:09:37 | 000,171,020 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2009/12/28 11:28:42 | 000,000,019 | ---- | C] () -- C:\Windows\System32\scins.dll
    [2009/12/07 11:21:17 | 000,180,224 | ---- | C] () -- C:\Windows\System32\WinVd32.sys
    [2009/12/07 11:21:16 | 000,017,984 | ---- | C] () -- C:\Windows\System32\WinFLdrv.sys
    [2009/12/07 11:21:16 | 000,007,680 | ---- | C] () -- C:\Windows\System32\WinFLsrv.exe
    [2009/12/07 11:21:16 | 000,000,990 | -HS- | C] () -- C:\Users\mwilson\AppData\Roaming\systemfl.$dk
    [2009/08/05 14:36:25 | 000,121,393 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
    [2009/08/04 16:17:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 00:33:53 | 000,422,848 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 22:05:48 | 000,678,326 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 22:05:48 | 000,126,342 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/13 15:56:32 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0409.dll
    [2009/07/13 15:56:32 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6240ex0411.dll
    [2009/07/13 15:53:17 | 000,000,712 | R--- | C] () -- C:\Windows\FJTWSTI.INI
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0C0A.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0419.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0416.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0410.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex040C.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6240ex0407.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0C0A.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0419.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0410.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex040C.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0409.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230Tex0407.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0C0A.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0419.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0416.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0410.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex040C.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0409.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6230ex0407.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0C0A.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0419.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0416.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0410.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex040C.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0409.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6140ex0407.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0C0A.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0419.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0410.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex040C.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0409.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130Tex0407.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0C0A.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0419.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0416.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0410.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex040C.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0409.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi6130ex0407.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex0C0A.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60fex0419.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex0410.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex040C.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi60Fex0407.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex0C0A.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex0419.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0C0A.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0419.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0416.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0410.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex040C.dll
    [2009/07/13 15:53:14 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900ex0407.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6240ex0412.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230Tex0412.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230Tex0411.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230ex0412.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6230ex0411.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6140ex0412.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6140ex0411.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130Tex0412.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130Tex0411.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130ex0412.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi6130ex0411.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi60Fex0409.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900ex0412.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900ex0411.dll
    [2009/07/13 15:53:14 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900ex0409.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6240ex0804.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6240ex0404.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230Tex0804.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230Tex0404.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230ex0804.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6230ex0404.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6140ex0804.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6140ex0404.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130Tex0804.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130Tex0404.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130ex0804.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi6130ex0404.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi60Fex0804.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi60Fex0411.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5900Xex0804.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5900ex0804.dll
    [2009/07/13 15:53:14 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5900ex0404.dll
    [2009/07/13 15:53:13 | 000,172,032 | ---- | C] () -- C:\Windows\System32\fi4530ex.dll
    [2009/07/13 15:53:13 | 000,167,936 | ---- | C] () -- C:\Windows\System32\fi4220ex.dll
    [2009/07/13 15:53:13 | 000,167,936 | ---- | C] () -- C:\Windows\System32\fi4120ex.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5900Xex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0419.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5750ex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5650ex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0419.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0409.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5530ex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0419.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0409.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi55302ex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0419.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0409.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5220ex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0419.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0409.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5120ex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0419.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0409.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi5110ex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi4340ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi4340ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi4340ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi4340ex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi42202ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi42202ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi42202ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi42202ex0407.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi41202ex0C0A.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi41202ex0410.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi41202ex040C.dll
    [2009/07/13 15:53:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\fi41202ex0407.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900Xex0412.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900Xex0411.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5900Xex0409.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5750ex0409.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5650ex0419.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5650ex0409.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5530ex0412.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5530ex0411.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi55302ex0412.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi55302ex0411.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5220ex0412.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5220ex0411.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5120ex0412.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5120ex0411.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi5110ex0411.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0c0a.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0419.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0410.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex040C.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0409.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4530ex0407.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4340ex0409.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex0C0A.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex0410.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex040C.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex0409.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4220ex0407.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi42202ex0409.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex0C0A.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex0410.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex040C.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex0409.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi4120ex0407.dll
    [2009/07/13 15:53:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\fi41202ex0409.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5750ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5750ex0411.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5650ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5650ex0411.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5530ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi55302ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5220ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5120ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi5110ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4530ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4530ex0411.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4340ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4340ex0411.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4220ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4220ex0411.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi42202ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi42202ex0411.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4120ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi4120ex0411.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi41202ex0804.dll
    [2009/07/13 15:53:13 | 000,032,768 | ---- | C] () -- C:\Windows\System32\fi41202ex0411.dll
    [2009/07/13 15:38:02 | 000,000,423 | ---- | C] () -- C:\Windows\pixcache.ini
    [2009/07/13 15:37:32 | 000,000,080 | ---- | C] () -- C:\Windows\setscan.ini
    [2009/07/08 09:16:02 | 000,000,224 | ---- | C] () -- C:\Users\mwilson\AppData\Roaming\APUSet.xml
    [2009/07/08 09:16:01 | 000,005,977 | ---- | C] () -- C:\Users\mwilson\AppData\Roaming\PrimoPDFSet.xml
    [2009/07/02 14:07:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/06/02 16:04:48 | 000,026,337 | ---- | C] () -- C:\Windows\maxlink.ini
    [2009/06/02 15:46:32 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
    [2009/06/02 15:20:05 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
    [2009/06/02 14:59:51 | 000,000,556 | ---- | C] () -- C:\Windows\ABSBM.INI
    [2009/06/02 14:59:46 | 000,978,432 | ---- | C] () -- C:\Windows\System32\PG32.DLL
    [2009/06/02 14:59:46 | 000,748,160 | ---- | C] () -- C:\Windows\System32\Co2c40en.dll
    [2009/06/02 14:59:46 | 000,100,352 | ---- | C] () -- C:\Windows\System32\PG32CONV.DLL
    [2009/06/02 14:59:45 | 000,032,768 | ---- | C] () -- C:\Windows\System32\Absicon.dll
    [2009/06/02 14:56:21 | 000,000,049 | ---- | C] () -- C:\Windows\wwwbatch.ini
    [2009/06/02 14:45:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/05/22 17:27:12 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1508.dll
    [2009/05/22 17:27:12 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2006/11/06 18:49:36 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini
    [2006/04/25 16:45:26 | 000,501,440 | ---- | C] () -- C:\Windows\System32\FBIMG.dll
    [2006/03/14 15:10:56 | 000,090,112 | ---- | C] () -- C:\Windows\System32\VSAnnotationReader.dll
    [2005/12/09 16:45:12 | 000,000,028 | ---- | C] () -- C:\Windows\System32\License_IMAGE_SDK_release.dat
    [2005/11/01 17:07:44 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imhost8.dll
    [2005/10/26 13:35:40 | 000,000,028 | ---- | C] () -- C:\Windows\System32\License_BARCODE1D_SDK_release.dat
    [2005/10/03 12:00:52 | 000,000,028 | ---- | C] () -- C:\Windows\System32\License_ANNOTATION_SDK_release.dat
    [2004/10/29 14:10:18 | 000,152,704 | ---- | C] () -- C:\Windows\System32\ekmediatransfer4.dll
    [2004/10/29 14:09:10 | 000,271,480 | ---- | C] () -- C:\Windows\System32\ewepoperation4.dll
    [2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
     
     
  12. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    Part 3 of OTL

    ========== LOP Check ==========

    [2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Canneverbe Limited
    [2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Fujitsu
    [2011/04/19 10:53:13 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\IObit
    [2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\IrfanView
    [2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Leadertech
    [2011/04/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\LinkManager 4.0
    [2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\OneTouch 4.0
    [2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\PKWARE
    [2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\ScanSoft
    [2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Systenance
    [2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\UDC Profiles
    [2011/04/15 11:49:25 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\Xerox
    [2011/04/15 11:49:26 | 000,000,000 | ---D | M] -- C:\Users\mwilson\AppData\Roaming\ZipGenius
    [2009/07/14 00:53:46 | 000,007,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/04/20 16:17:30 | 000,100,480 | ---- | M] (GMER) -- C:\agloifob.sys
    [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/01/24 12:58:09 | 000,475,556 | ---- | M] () -- C:\bar.emf
    [2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/04/15 15:14:53 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2009/06/10 17:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/04/22 08:12:53 | 2384,326,656 | -HS- | M] () -- C:\hiberfil.sys
    [2009/06/02 14:56:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/07/21 14:52:43 | 000,001,759 | ---- | M] () -- C:\IPSSetup.log
    [2009/06/02 14:56:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/04/22 08:12:59 | 3179,102,208 | -HS- | M] () -- C:\pagefile.sys
    [2010/05/06 16:40:13 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\psapi.dll
    [2010/02/02 17:02:25 | 000,000,133 | ---- | M] () -- C:\Sys_LogWin.log
    [2011/04/20 14:49:14 | 000,066,574 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_20.04.2011_14.48.44_log.txt
    [2008/09/18 11:56:46 | 000,000,029 | ---- | M] () -- C:\update.abs

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 17:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/04/04 21:01:40 | 000,272,896 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpcpp5r1.dll
    [2008/01/16 18:45:58 | 000,241,664 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5k4.DLL
    [2008/01/19 03:34:30 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2009/07/13 21:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
    [2010/11/20 08:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >
    [2011/04/18 09:34:33 | 000,001,315 | ---- | M] () -- C:\Windows\DfsrAdmin.exe.config

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/09/16 16:48:01 | 000,000,286 | -HS- | M] () -- C:\Users\mwilson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2011/04/19 11:19:46 | 000,000,284 | -HS- | M] () -- C:\Users\mwilson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2011/04/18 13:58:51 | 000,148,771 | ---- | M] () -- C:\Users\mwilson\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\remotedesktop.msc

    < %USERPROFILE%\Desktop\*.exe >
    [2011/04/20 16:17:14 | 000,301,568 | ---- | M] () -- C:\Users\mwilson\Desktop\7viucd7q.exe
    [2011/04/21 08:19:47 | 006,343,736 | ---- | M] (OPSWAT, Inc.) -- C:\Users\mwilson\Desktop\AppRemover.exe
    [2011/04/21 08:21:14 | 001,163,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\mwilson\Desktop\avg_remover_stf_x86_2011_1322.exe
    [2011/04/21 10:09:56 | 011,473,440 | ---- | M] () -- C:\Users\mwilson\Desktop\BankManager_April_2011.EXE
    [2011/04/22 08:05:32 | 004,326,658 | R--- | M] () -- C:\Users\mwilson\Desktop\ComboFix.exe
    [2011/04/21 08:09:26 | 000,080,384 | ---- | M] () -- C:\Users\mwilson\Desktop\MBRCheck.exe
    [2011/04/22 11:47:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\OTL.exe
    [2011/04/21 08:21:43 | 000,367,616 | ---- | M] (Avira GmbH) -- C:\Users\mwilson\Desktop\removaltool-win32-en.exe
    [2011/04/20 16:11:01 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\mwilson\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/04/22 08:02:14 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2011/04/22 08:02:14 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2011/04/15 13:33:27 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2011/04/15 13:33:27 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/04/19 13:13:12 | 000,000,402 | -HS- | M] () -- C:\Users\mwilson\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/04/18 13:23:26 | 000,006,506 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    File Renamer - Basic Uninstaller.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1997/12/22 20:23:36 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\wowpost.exe

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 160 bytes -> C:\img:$WIMMOUNTDATA

    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 47,032   +255

  14. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    I typicaly use firefox (v4), which it is affecting. It's also affecting IE (v8). It's only several times during the day it happens, sometimes they work fine.

    I do recognize all the addresses. They are related to our work network and IP's.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,032   +255

    OK.

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  16. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    RkU Version: 3.8.388.590, Type LE (SR2)
    ==============================================
    OS Name: Windows 7
    Version 6.1.7601 (Service Pack 1)
    Number of processors #4
    ==============================================
    >Drivers
    ==============================================
    0x92236000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9568256 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
    0x82C01000 C:\Windows\system32\ntkrnlpa.exe 4268032 bytes (Microsoft Corporation, NT Kernel & System)
    0x82C01000 PnpManager 4268032 bytes
    0x82C01000 RAW 4268032 bytes
    0x82C01000 WMIxWDM 4268032 bytes
    0x98D90000 Win32k 2416640 bytes
    0x98D90000 C:\Windows\System32\win32k.sys 2416640 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0x8B436000 C:\Windows\System32\drivers\tcpip.sys 1351680 bytes (Microsoft Corporation, TCP/IP Driver)
    0x83A7E000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
    0x91E19000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0x8B288000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
    0x832E6000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
    0x9A358000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x9A213000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x83206000 C:\Windows\system32\mcupdate_GenuineIntel.dll 544768 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0x8383B000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
    0x914BD000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
    0x98659000 C:\Windows\system32\drivers\ADIHdAud.sys 393216 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
    0x8B214000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
    0x8FB43000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x9C2C0000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
    0x9C270000 C:\Windows\System32\DRIVERS\srv2.sys 327680 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x98C40000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
    0x91F6E000 C:\Windows\system32\drivers\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x83969000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x838BA000 C:\Windows\system32\drivers\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x98604000 C:\Windows\system32\drivers\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x832A4000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
    0x9145C000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0x8B5BA000 C:\Windows\system32\drivers\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x8B33F000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x9A2E6000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x8FAD7000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
    0x91ED0000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
    0x83013000 ACPI_HAL 225280 bytes
    0x83013000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x9154D000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
    0x83A39000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x91400000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
    0x8B3BA000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
    0x8FB11000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x8B580000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x986B9000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x92B56000 C:\Windows\system32\drivers\1394ohci.sys 184320 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0x8B408000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
    0x91F37000 C:\Windows\system32\DRIVERS\e1k6032.sys 180224 bytes (Intel Corporation, Intel(R) Gigabit Adapter NDIS 6.x driver)
    0x9C244000 C:\Windows\system32\WinVd32.sys 180224 bytes
    0x83BAD000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0x83913000 C:\Windows\system32\drivers\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0x83800000 C:\Windows\system32\drivers\vmbus.sys 172032 bytes (Microsoft Corporation, Virtual Machine Bus)
    0x833C8000 C:\Windows\system32\DRIVERS\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
    0x83A00000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x8B37D000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
    0x83391000 C:\Windows\system32\drivers\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0x9A2C3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0x92BCA000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x91434000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
    0x9C20E000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
    0x91581000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x8FA55000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0x8FA1C000 C:\Windows\system32\drivers\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x91FC8000 C:\Windows\system32\drivers\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0x8FBA4000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0x98C20000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
    0x987B0000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0x9A321000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0x91F13000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))
    0x987CB000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0x9A298000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x986E8000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
    0x91521000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
    0x92BA7000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0x92200000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x92218000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0x915A2000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
    0x8FAB4000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
    0x9873D000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
    0x839C9000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
    0x833B4000 C:\Windows\system32\DRIVERS\aic78xx.sys 81920 bytes (Windows (R) Codename Longhorn DDK provider, Adaptec Ultra SCSI miniport)
    0x98772000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
    0x83BD8000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0x915E1000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8FBD1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x839DF000 00000068 73728 bytes
    0x92B95000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
    0x92B83000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
    0x9A2B1000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x839DF000 C:\Windows\system32\drivers\winhv.sys 73728 bytes (Microsoft Corporation, Windows Hypervisor Interface Driver)
    0x8B3EC000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x9872C000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
    0x83A6D000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x98648000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
    0x83948000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
    0x8328B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x8FBE4000 C:\Windows\system32\drivers\termdd.sys 69632 bytes (Microsoft Corporation, Remote Desktop Server Driver)
    0x987E5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8B3A2000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
    0x83959000 C:\Windows\system32\drivers\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
    0x91FB9000 C:\Windows\system32\drivers\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x91539000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
    0x8FBC3000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8FAA6000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x839BB000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x8B271000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
    0x915D3000 C:\Windows\system32\drivers\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x838AC000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
    0x91E0C000 C:\Windows\system32\drivers\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
    0x9870B000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x915B9000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x915C6000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
    0x9C22F000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8FA76000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x8B200000 C:\Windows\System32\Drivers\avgrkx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
    0x914B1000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
    0x98785000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
    0x8FACB000 C:\Windows\system32\DRIVERS\TDI.SYS 49152 bytes (Microsoft Corporation, TDI Wrapper)
    0x91E00000 C:\Windows\system32\drivers\tpm.sys 49152 bytes (Microsoft Corporation, TPM Device Driver)
    0x8FA49000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x98718000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x98767000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
    0x987A5000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
    0x98791000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
    0x8FA9B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x92BBF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x91F63000 C:\Windows\system32\drivers\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x8393D000 C:\Windows\system32\drivers\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
    0x98756000 C:\Windows\system32\DRIVERS\dc3d.sys 40960 bytes (Microsoft Corporation, Filter Driver for Identification of Microsoft Hardware Wireless Mouse and Keyboard Device Models)
    0x98701000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x91FF1000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
    0x91F09000 C:\Windows\system32\DRIVERS\HECI.sys 40960 bytes (Intel Corporation, Intel(R) Management Engine Interface)
    0x914A7000 C:\Windows\system32\drivers\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x9149D000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x92BEC000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
    0x91FE7000 C:\Windows\system32\DRIVERS\scsiscan.sys 40960 bytes (Microsoft Corporation, SCSI Scanner Driver)
    0x9A3EF000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x91F2D000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
    0x9C312000 C:\Windows\system32\DRIVERS\WSDPrint.sys 40960 bytes (Microsoft Corporation, Web Services Print Device Driver)
    0x8382A000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
    0x9C386000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
    0x839F1000 C:\Windows\system32\drivers\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x98723000 C:\Windows\System32\Drivers\dump_atapi.sys 36864 bytes
    0x8B27F000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x9C38F000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
    0x9879C000 C:\Windows\system32\DRIVERS\point32.sys 36864 bytes (Microsoft Corporation, Point32k.sys)
    0x98FF0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x8B5B1000 C:\Windows\system32\drivers\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
    0x83902000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x8329C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x8B3B2000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
    0x80B9D000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
    0x8390B000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x8FA83000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x8FA8B000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
    0x8FA93000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
    0x8B400000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x9C23C000 C:\Windows\system32\WinFLdrv.sys 32768 bytes
    0x8FA42000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x98760000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
    0x8FA3B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x839B4000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
    0x8FB9D000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
    0x91547000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
    0x91456000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
    0x9A354000 C:\Windows\System32\drivers\aspi32.sys 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
    0x91FFB000 C:\Windows\system32\drivers\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x98754000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
    ==============================================
    >Stealth
    ==============================================
    0x9C346F2E Unknown thread object [ ETHREAD 0x8590F478 ] , 600 bytes
     
  17. Broni

    Broni Malware Annihilator Posts: 47,032   +255

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  18. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    No infections found. Log:

    2011/04/25 12:55:58.0373 2276 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/25 12:55:58.0739 2276 ================================================================================
    2011/04/25 12:55:58.0739 2276 SystemInfo:
    2011/04/25 12:55:58.0739 2276
    2011/04/25 12:55:58.0739 2276 OS Version: 6.1.7601 ServicePack: 1.0
    2011/04/25 12:55:58.0739 2276 Product type: Workstation
    2011/04/25 12:55:58.0739 2276 ComputerName: ITASSIST-0609
    2011/04/25 12:55:58.0739 2276 UserName: mmartin
    2011/04/25 12:55:58.0739 2276 Windows directory: C:\Windows
    2011/04/25 12:55:58.0739 2276 System windows directory: C:\Windows
    2011/04/25 12:55:58.0739 2276 Processor architecture: Intel x86
    2011/04/25 12:55:58.0739 2276 Number of processors: 4
    2011/04/25 12:55:58.0739 2276 Page size: 0x1000
    2011/04/25 12:55:58.0739 2276 Boot type: Normal boot
    2011/04/25 12:55:58.0739 2276 ================================================================================
    2011/04/25 12:55:58.0741 2276 SetPrivileges failed!
    2011/04/25 12:55:59.0115 2276 Initialize success
    2011/04/25 12:56:33.0350 2072 ================================================================================
    2011/04/25 12:56:33.0350 2072 Scan started
    2011/04/25 12:56:33.0351 2072 Mode: Manual;
    2011/04/25 12:56:33.0351 2072 ================================================================================
    2011/04/25 12:56:34.0181 2072 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
    2011/04/25 12:56:34.0266 2072 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
    2011/04/25 12:56:34.0352 2072 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
    2011/04/25 12:56:34.0426 2072 ADIHdAudAddService (183de6c1893192dc117510f71bf693a3) C:\Windows\system32\drivers\ADIHdAud.sys
    2011/04/25 12:56:34.0510 2072 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/04/25 12:56:34.0594 2072 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/04/25 12:56:34.0690 2072 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/04/25 12:56:34.0805 2072 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\Windows\system32\drivers\aeaudio.sys
    2011/04/25 12:56:34.0886 2072 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
    2011/04/25 12:56:34.0978 2072 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
    2011/04/25 12:56:35.0033 2072 aic78xx (cb387d65d0d73cad4d6661c389bd676c) C:\Windows\system32\DRIVERS\aic78xx.sys
    2011/04/25 12:56:35.0099 2072 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
    2011/04/25 12:56:35.0154 2072 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
    2011/04/25 12:56:35.0211 2072 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
    2011/04/25 12:56:35.0291 2072 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/04/25 12:56:35.0360 2072 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/04/25 12:56:35.0430 2072 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
    2011/04/25 12:56:35.0492 2072 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/04/25 12:56:35.0549 2072 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
    2011/04/25 12:56:35.0621 2072 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
    2011/04/25 12:56:35.0753 2072 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/04/25 12:56:35.0800 2072 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/04/25 12:56:35.0871 2072 Aspi32 (20d04091eba710f6988f710507d85868) C:\Windows\system32\drivers\aspi32.sys
    2011/04/25 12:56:35.0959 2072 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/25 12:56:36.0014 2072 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
    2011/04/25 12:56:36.0138 2072 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
    2011/04/25 12:56:36.0205 2072 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
    2011/04/25 12:56:36.0258 2072 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
    2011/04/25 12:56:36.0327 2072 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
    2011/04/25 12:56:36.0406 2072 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/04/25 12:56:36.0481 2072 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/04/25 12:56:36.0577 2072 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/04/25 12:56:36.0630 2072 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/04/25 12:56:36.0720 2072 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/25 12:56:36.0814 2072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/04/25 12:56:36.0843 2072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/04/25 12:56:36.0898 2072 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/04/25 12:56:36.0948 2072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/04/25 12:56:36.0991 2072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/04/25 12:56:37.0024 2072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/04/25 12:56:37.0072 2072 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/04/25 12:56:37.0274 2072 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/25 12:56:37.0379 2072 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
    2011/04/25 12:56:37.0432 2072 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/04/25 12:56:37.0495 2072 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/04/25 12:56:37.0577 2072 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/25 12:56:37.0635 2072 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
    2011/04/25 12:56:37.0721 2072 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/04/25 12:56:37.0771 2072 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/25 12:56:37.0850 2072 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
    2011/04/25 12:56:37.0916 2072 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/04/25 12:56:38.0063 2072 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
    2011/04/25 12:56:38.0148 2072 dc3d (734bbe7c66e6fd6047a1bd29b9343b30) C:\Windows\system32\DRIVERS\dc3d.sys
    2011/04/25 12:56:38.0261 2072 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/25 12:56:38.0321 2072 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/04/25 12:56:38.0396 2072 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/04/25 12:56:38.0478 2072 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/25 12:56:38.0550 2072 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/25 12:56:38.0683 2072 e1kexpress (3ea531906572ffd549b72a10f828e58c) C:\Windows\system32\DRIVERS\e1k6032.sys
    2011/04/25 12:56:38.0849 2072 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/04/25 12:56:39.0050 2072 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/04/25 12:56:39.0124 2072 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
    2011/04/25 12:56:39.0228 2072 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/04/25 12:56:39.0264 2072 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/04/25 12:56:39.0325 2072 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/25 12:56:39.0387 2072 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/25 12:56:39.0436 2072 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/04/25 12:56:39.0515 2072 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/25 12:56:39.0577 2072 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/25 12:56:39.0647 2072 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/04/25 12:56:39.0693 2072 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/25 12:56:39.0752 2072 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/04/25 12:56:39.0811 2072 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/04/25 12:56:39.0875 2072 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/25 12:56:39.0960 2072 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/04/25 12:56:40.0046 2072 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
    2011/04/25 12:56:40.0085 2072 HECI (d2b5c0bb34eee3876b38ffc7bfa72007) C:\Windows\system32\DRIVERS\HECI.sys
    2011/04/25 12:56:40.0137 2072 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/04/25 12:56:40.0176 2072 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/04/25 12:56:40.0220 2072 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/04/25 12:56:40.0308 2072 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/04/25 12:56:40.0390 2072 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
    2011/04/25 12:56:40.0457 2072 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
    2011/04/25 12:56:40.0506 2072 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
    2011/04/25 12:56:40.0572 2072 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
    2011/04/25 12:56:40.0669 2072 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
    2011/04/25 12:56:40.0977 2072 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
    2011/04/25 12:56:41.0343 2072 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/04/25 12:56:41.0458 2072 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
    2011/04/25 12:56:41.0527 2072 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/25 12:56:41.0625 2072 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/25 12:56:41.0734 2072 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/04/25 12:56:41.0782 2072 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/04/25 12:56:41.0832 2072 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/04/25 12:56:41.0901 2072 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
    2011/04/25 12:56:41.0944 2072 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
    2011/04/25 12:56:41.0992 2072 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/25 12:56:42.0044 2072 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/04/25 12:56:42.0107 2072 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/25 12:56:42.0174 2072 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/04/25 12:56:42.0272 2072 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/25 12:56:42.0352 2072 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/04/25 12:56:42.0399 2072 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/04/25 12:56:42.0450 2072 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/04/25 12:56:42.0488 2072 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/04/25 12:56:42.0554 2072 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/04/25 12:56:42.0626 2072 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/04/25 12:56:42.0689 2072 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/04/25 12:56:42.0723 2072 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/04/25 12:56:42.0773 2072 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/25 12:56:42.0838 2072 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/25 12:56:42.0934 2072 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/25 12:56:42.0988 2072 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/25 12:56:43.0052 2072 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
    2011/04/25 12:56:43.0098 2072 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/25 12:56:43.0160 2072 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/25 12:56:43.0221 2072 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/25 12:56:43.0272 2072 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/25 12:56:43.0324 2072 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/25 12:56:43.0401 2072 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
    2011/04/25 12:56:43.0439 2072 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
    2011/04/25 12:56:43.0511 2072 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/04/25 12:56:43.0554 2072 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/04/25 12:56:43.0604 2072 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
    2011/04/25 12:56:43.0684 2072 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/25 12:56:43.0738 2072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/25 12:56:43.0790 2072 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/25 12:56:43.0841 2072 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/25 12:56:43.0904 2072 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
    2011/04/25 12:56:44.0007 2072 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/25 12:56:44.0052 2072 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/04/25 12:56:44.0102 2072 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/04/25 12:56:44.0147 2072 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\Windows\system32\Drivers\iqvw32.sys
    2011/04/25 12:56:44.0217 2072 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/25 12:56:44.0300 2072 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
    2011/04/25 12:56:44.0381 2072 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/04/25 12:56:44.0459 2072 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/25 12:56:44.0508 2072 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/25 12:56:44.0569 2072 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/25 12:56:44.0632 2072 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/25 12:56:44.0710 2072 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/25 12:56:44.0772 2072 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/25 12:56:44.0899 2072 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/04/25 12:56:44.0939 2072 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/04/25 12:56:44.0984 2072 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/25 12:56:45.0062 2072 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/25 12:56:45.0134 2072 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/04/25 12:56:45.0187 2072 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
    2011/04/25 12:56:45.0223 2072 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
    2011/04/25 12:56:45.0275 2072 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
    2011/04/25 12:56:45.0348 2072 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
    2011/04/25 12:56:45.0433 2072 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/04/25 12:56:45.0484 2072 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
    2011/04/25 12:56:45.0543 2072 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/04/25 12:56:45.0608 2072 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
    2011/04/25 12:56:45.0671 2072 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
    2011/04/25 12:56:45.0728 2072 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/04/25 12:56:45.0777 2072 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/04/25 12:56:45.0835 2072 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/04/25 12:56:46.0010 2072 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\Windows\system32\DRIVERS\point32.sys
    2011/04/25 12:56:46.0101 2072 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/25 12:56:46.0145 2072 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/04/25 12:56:46.0217 2072 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/25 12:56:46.0293 2072 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/04/25 12:56:46.0379 2072 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/04/25 12:56:46.0431 2072 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/25 12:56:46.0470 2072 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/25 12:56:46.0531 2072 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/04/25 12:56:46.0632 2072 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/25 12:56:46.0679 2072 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/25 12:56:46.0718 2072 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/25 12:56:46.0763 2072 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/25 12:56:46.0818 2072 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/04/25 12:56:46.0862 2072 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/25 12:56:46.0916 2072 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
    2011/04/25 12:56:46.0996 2072 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/25 12:56:47.0032 2072 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/04/25 12:56:47.0084 2072 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/25 12:56:47.0156 2072 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
    2011/04/25 12:56:47.0267 2072 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/25 12:56:47.0318 2072 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
    2011/04/25 12:56:47.0401 2072 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    2011/04/25 12:56:47.0431 2072 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    2011/04/25 12:56:47.0455 2072 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    2011/04/25 12:56:47.0560 2072 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
    2011/04/25 12:56:47.0630 2072 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/04/25 12:56:47.0714 2072 scsiscan (5aaf9869cc6279fd747412be7457abdc) C:\Windows\system32\DRIVERS\scsiscan.sys
    2011/04/25 12:56:47.0784 2072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/04/25 12:56:47.0853 2072 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\Windows\system32\drivers\senfilt.sys
    2011/04/25 12:56:47.0956 2072 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/25 12:56:47.0995 2072 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/04/25 12:56:48.0051 2072 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/04/25 12:56:48.0118 2072 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
    2011/04/25 12:56:48.0154 2072 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/04/25 12:56:48.0189 2072 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
    2011/04/25 12:56:48.0241 2072 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/04/25 12:56:48.0312 2072 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
    2011/04/25 12:56:48.0384 2072 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/04/25 12:56:48.0429 2072 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/04/25 12:56:48.0489 2072 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/25 12:56:48.0564 2072 smwdm (ce52bffebfaf1e59553e2885cab80b52) C:\Windows\system32\drivers\smwdm.sys
    2011/04/25 12:56:48.0660 2072 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/04/25 12:56:48.0762 2072 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/25 12:56:48.0796 2072 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/25 12:56:48.0857 2072 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/25 12:56:48.0939 2072 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/04/25 12:56:49.0010 2072 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
    2011/04/25 12:56:49.0081 2072 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
    2011/04/25 12:56:49.0140 2072 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
    2011/04/25 12:56:49.0248 2072 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
    2011/04/25 12:56:49.0383 2072 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/25 12:56:49.0458 2072 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/25 12:56:49.0510 2072 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/25 12:56:49.0538 2072 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/25 12:56:49.0610 2072 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/25 12:56:49.0654 2072 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
    2011/04/25 12:56:49.0770 2072 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
    2011/04/25 12:56:49.0865 2072 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/25 12:56:49.0942 2072 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
    2011/04/25 12:56:50.0014 2072 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/25 12:56:50.0094 2072 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/04/25 12:56:50.0149 2072 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/25 12:56:50.0238 2072 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
    2011/04/25 12:56:50.0307 2072 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
    2011/04/25 12:56:50.0372 2072 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/04/25 12:56:50.0463 2072 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/25 12:56:50.0502 2072 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
    2011/04/25 12:56:50.0544 2072 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
    2011/04/25 12:56:50.0656 2072 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
    2011/04/25 12:56:50.0714 2072 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/04/25 12:56:50.0753 2072 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/25 12:56:50.0817 2072 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
    2011/04/25 12:56:50.0859 2072 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
    2011/04/25 12:56:50.0938 2072 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
    2011/04/25 12:56:51.0012 2072 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/25 12:56:51.0089 2072 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/04/25 12:56:51.0137 2072 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
    2011/04/25 12:56:51.0209 2072 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
    2011/04/25 12:56:51.0263 2072 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/04/25 12:56:51.0329 2072 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
    2011/04/25 12:56:51.0369 2072 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
    2011/04/25 12:56:51.0429 2072 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
    2011/04/25 12:56:51.0469 2072 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
    2011/04/25 12:56:51.0525 2072 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/25 12:56:51.0580 2072 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
    2011/04/25 12:56:51.0639 2072 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/04/25 12:56:51.0693 2072 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    2011/04/25 12:56:51.0761 2072 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/04/25 12:56:51.0824 2072 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/25 12:56:51.0841 2072 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/25 12:56:51.0933 2072 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/04/25 12:56:51.0991 2072 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/25 12:56:52.0095 2072 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/04/25 12:56:52.0129 2072 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/04/25 12:56:52.0183 2072 WinFLdrv (7acc77e135a709ae0f7e1df428a2f908) C:\Windows\system32\WinFLdrv.sys
    2011/04/25 12:56:52.0278 2072 WinVd32 (58997182304759f46902a62128d44d5c) C:\Windows\system32\WinVd32.sys
    2011/04/25 12:56:52.0348 2072 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
    2011/04/25 12:56:52.0467 2072 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/25 12:56:52.0524 2072 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
    2011/04/25 12:56:52.0615 2072 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
    2011/04/25 12:56:52.0694 2072 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/25 12:56:52.0761 2072 ================================================================================
    2011/04/25 12:56:52.0761 2072 Scan finished
    2011/04/25 12:56:52.0761 2072 ================================================================================
     
  19. Broni

    Broni Malware Annihilator Posts: 47,032   +255

    Good :)

    Keep me posted on your redirection issue (if any).

    Is this your required proxy setting?
    "http://172.16.24.*,http://192.168.244.*,http://10.224.224.*,http://172.16.28.*,http://172.16.29.*,https://earchive.*"

    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 160 bytes -> C:\img:$WIMMOUNTDATA
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    Those proxy settings were used a few weeks ago during a testing scenario here at work. The proxy isn't being used anymore in either of my browsers. The above info is still in Firefox & IE, but automatically detect settings are selected for both. I haven't used google much yet today, but haven't had an issue. I"ll do these last few scans and post shortly.
     
  21. Broni

    Broni Malware Annihilator Posts: 47,032   +255

    Cool beans :)
     
  22. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    OTL Log

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ADS C:\img:$WIMMOUNTDATA deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes

    User: administrator.INDIANA
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: mwilson
    ->Temp folder emptied: 8304003 bytes
    ->Temporary Internet Files folder emptied: 17602231 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 249844328 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 9946 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: user
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2097152 bytes
    RecycleBin emptied: 3859906 bytes

    Total Files Cleaned = 269.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: administrator.INDIANA
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: mwilson
    ->Flash cache emptied: 0 bytes

    User: Public

    User: user

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 04252011_131056

    Files\Folders moved on Reboot...
    C:\Windows\temp\wbxtra_04252011_130007.wbt moved successfully.

    Registry entries deleted on Reboot...
     
  23. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    Security Check Log

    Results of screen317's Security Check version 0.99.7
    Windows 7 Service Pack 1 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Disabled!
    AVG 9.0
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Adobe Flash Player 10.2.159.1
    Adobe Reader X (10.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
     
  24. Broni

    Broni Malware Annihilator Posts: 47,032   +255

    All good :)

    Go ahead with Eset....
     
  25. coolm19

    coolm19 TS Rookie Topic Starter Posts: 17

    No threats found with ESET.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.