Solved Firefox redirect virus

M

menka

Posts: 38   +0
Hello I noticed for the last few weeks that a laptop of mine seems to have been infected with a redirect virus, Malware malbytes and Windows security does not seem to find it and it only redirects for firefox. Internet explorer does not seem to be infected from it at the moment.

Malware Malbytes log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.27.08
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
owner :: PATRICE [administrator]
7/27/2012 2:03:03 PM
mbam-log-2012-07-27 (14-03-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 174588
Time elapsed: 6 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-27 14:57:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 FUJITSU_MHY2200BH rev.0000000B
Running: q4wvdxs7.exe; Driver: C:\Users\owner\AppData\Local\Temp\pwddapob.sys

---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Files - GMER 1.0.15 ----
File C:\Windows\$NtUninstallKB13996$\1151938653 0 bytes
File C:\Windows\$NtUninstallKB13996$\644157641 0 bytes
File C:\Windows\$NtUninstallKB13996$\644157641\@ 2048 bytes
File C:\Windows\$NtUninstallKB13996$\644157641\cfg.ini 40 bytes
File C:\Windows\$NtUninstallKB13996$\644157641\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB13996$\644157641\L 0 bytes
File C:\Windows\$NtUninstallKB13996$\644157641\L\qnbwvoto 72192 bytes
File C:\Windows\$NtUninstallKB13996$\644157641\U 0 bytes
---- EOF - GMER 1.0.15 ----
 
DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19272
Run by owner at 15:02:57 on 2012-07-27
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\owner\Desktop\dds.scr
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D22A6BB4-CBD6-4AF5-BB9E-1F26A3CF7A55} : DhcpNameServer = 10.0.0.1
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\z98tq3ua.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm021YYus&ptb=7CAA6F56-1A0C-4103-BEFF-850B4FAFA4DF&psa=&ind=2011072417&ptnrS=YJxdm021YYus&si=52901&st=kwd&n=77de87a1&searchfor=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MozillaMaintenance;Mozilla Maintenance Service
R? NisDrv;Microsoft Network Inspection System
R? NisSrv;Microsoft Network Inspection
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AdobeARMservice;Adobe Acrobat Update Service
S? FontCache;Windows Font Cache Service
S? MpFilter;Microsoft Malware Protection Driver
S? SFEP;Sony Firmware Extension Parser
.
=============== Created Last 30 ================
.
2012-07-27 18:58:14 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9553ea17-0294-4e72-a022-90227f5fa54d}\mpengine.dll
2012-07-24 19:15:23 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-07-20 23:09:58 -------- d-----w- c:\users\owner\appdata\local\Macromedia
2012-07-13 01:29:48 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:13:24 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 21:13:20 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 21:13:19 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 21:13:17 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 21:13:16 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 21:13:16 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-06 18:17:21 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1e58bd07-5581-4a77-a9c1-14e4902ec243}\gapaengine.dll
2012-07-06 18:03:42 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-07-06 18:03:41 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-07-06 18:03:41 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-07-06 18:03:41 117728 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-07-06 18:03:40 913888 ----a-w- c:\program files\mozilla firefox\firefox.exe
2012-07-06 18:03:40 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-07-06 18:03:39 258528 ----a-w- c:\program files\mozilla firefox\freebl3.dll
2012-07-06 18:03:36 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-06 18:03:35 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-02 17:22:02 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-02 17:20:46 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-02 17:19:52 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-02 17:19:51 33792 ----a-w- c:\windows\system32\wuapp.exe
.
==================== Find3M ====================
.
2012-07-15 07:18:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-15 07:18:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-07-24 20:28:03 161744 ----a-w- c:\program files\u4res.dll
.
============= FINISH: 15:03:30.72 ===============
 
DDS attach

.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
CCleaner
D3DX10
DriverAgent by eSupport.com
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 24
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
Setting Utility Series
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VAIO Control Center
VAIO Event Service
VAIO Launcher
VAIO Power Management
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Yahoo! Messenger
Yahoo! Software Update
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Thank you so much for your help.
It did not seem to find anything.

TDDSKiller

19:46:34.0758 5916 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:46:35.0085 5916 ============================================================
19:46:35.0085 5916 Current date / time: 2012/07/27 19:46:35.0085
19:46:35.0085 5916 SystemInfo:
19:46:35.0085 5916
19:46:35.0085 5916 OS Version: 6.0.6002 ServicePack: 2.0
19:46:35.0085 5916 Product type: Workstation
19:46:35.0085 5916 ComputerName: PATRICE
19:46:35.0085 5916 UserName: owner
19:46:35.0085 5916 Windows directory: C:\Windows
19:46:35.0085 5916 System windows directory: C:\Windows
19:46:35.0085 5916 Processor architecture: Intel x86
19:46:35.0085 5916 Number of processors: 2
19:46:35.0085 5916 Page size: 0x1000
19:46:35.0085 5916 Boot type: Normal boot
19:46:35.0085 5916 ============================================================
19:46:37.0956 5916 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:46:37.0956 5916 ============================================================
19:46:37.0956 5916 \Device\Harddisk0\DR0:
19:46:37.0987 5916 MBR partitions:
19:46:37.0987 5916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFD3000, BlocksNum 0x164CB800
19:46:37.0987 5916 ============================================================
19:46:38.0080 5916 C: <-> \Device\Harddisk0\DR0\Partition0
19:46:38.0080 5916 ============================================================
19:46:38.0080 5916 Initialize success
19:46:38.0080 5916 ============================================================
19:46:45.0490 4576 ============================================================
19:46:45.0490 4576 Scan started
19:46:45.0490 4576 Mode: Manual;
19:46:45.0490 4576 ============================================================
19:46:48.0423 4576 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:46:48.0439 4576 ACPI - ok
19:46:48.0829 4576 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:46:48.0829 4576 AdobeARMservice - ok
19:46:49.0874 4576 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:46:49.0890 4576 adp94xx - ok
19:46:50.0560 4576 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:46:50.0670 4576 adpahci - ok
19:46:50.0701 4576 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:46:50.0701 4576 adpu160m - ok
19:46:50.0872 4576 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:46:50.0872 4576 adpu320 - ok
19:46:50.0935 4576 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:46:50.0950 4576 AeLookupSvc - ok
19:46:51.0028 4576 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:46:51.0044 4576 AFD - ok
19:46:51.0091 4576 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:46:51.0091 4576 agp440 - ok
19:46:51.0138 4576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:46:51.0138 4576 aic78xx - ok
19:46:51.0481 4576 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:46:51.0543 4576 ALG - ok
19:46:51.0559 4576 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:46:51.0574 4576 aliide - ok
19:46:51.0606 4576 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:46:51.0606 4576 amdagp - ok
19:46:51.0699 4576 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:46:51.0762 4576 amdide - ok
19:46:51.0793 4576 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:46:51.0793 4576 AmdK7 - ok
19:46:51.0808 4576 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:46:51.0808 4576 AmdK8 - ok
19:46:51.0886 4576 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:46:51.0886 4576 Appinfo - ok
19:46:51.0918 4576 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:46:51.0933 4576 arc - ok
19:46:51.0996 4576 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:46:52.0011 4576 arcsas - ok
19:46:52.0120 4576 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:46:52.0136 4576 AsyncMac - ok
19:46:52.0245 4576 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:46:52.0245 4576 atapi - ok
19:46:53.0478 4576 athr (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys
19:46:53.0524 4576 athr - ok
19:46:53.0946 4576 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:46:53.0961 4576 AudioEndpointBuilder - ok
19:46:53.0977 4576 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:46:53.0992 4576 Audiosrv - ok
19:46:54.0055 4576 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:46:54.0055 4576 Beep - ok
19:46:54.0492 4576 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:46:54.0538 4576 BFE - ok
19:46:55.0131 4576 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
19:46:55.0194 4576 BITS - ok
19:46:55.0209 4576 blbdrive - ok
19:46:55.0490 4576 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:46:55.0584 4576 bowser - ok
19:46:55.0615 4576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:46:55.0615 4576 BrFiltLo - ok
19:46:55.0630 4576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:46:55.0630 4576 BrFiltUp - ok
19:46:55.0942 4576 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:46:55.0942 4576 Browser - ok
19:46:56.0005 4576 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:46:56.0005 4576 Brserid - ok
19:46:56.0083 4576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:46:56.0083 4576 BrSerWdm - ok
19:46:56.0114 4576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:46:56.0114 4576 BrUsbMdm - ok
19:46:56.0145 4576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:46:56.0145 4576 BrUsbSer - ok
19:46:56.0161 4576 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:46:56.0161 4576 BTHMODEM - ok
19:46:56.0239 4576 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:46:56.0270 4576 cdfs - ok
19:46:56.0317 4576 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:46:56.0317 4576 cdrom - ok
19:46:56.0504 4576 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:46:56.0582 4576 CertPropSvc - ok
19:46:56.0613 4576 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
19:46:56.0629 4576 circlass - ok
19:46:56.0941 4576 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:46:56.0956 4576 CLFS - ok
19:46:57.0097 4576 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:46:57.0097 4576 clr_optimization_v2.0.50727_32 - ok
19:46:57.0487 4576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:46:57.0502 4576 clr_optimization_v4.0.30319_32 - ok
19:46:57.0596 4576 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:46:57.0596 4576 CmBatt - ok
19:46:57.0658 4576 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:46:57.0658 4576 cmdide - ok
19:46:57.0736 4576 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:46:57.0752 4576 Compbatt - ok
19:46:57.0752 4576 COMSysApp - ok
19:46:57.0814 4576 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:46:57.0814 4576 crcdisk - ok
19:46:57.0830 4576 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:46:57.0955 4576 Crusoe - ok
19:46:58.0095 4576 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
19:46:58.0360 4576 CryptSvc - ok
19:46:59.0000 4576 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:46:59.0031 4576 DcomLaunch - ok
19:46:59.0062 4576 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:46:59.0062 4576 DfsC - ok
19:47:00.0560 4576 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:47:00.0654 4576 DFSR - ok
19:47:01.0402 4576 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:47:01.0418 4576 Dhcp - ok
19:47:01.0558 4576 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:47:01.0574 4576 disk - ok
19:47:01.0605 4576 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
19:47:01.0605 4576 DMICall - ok
19:47:01.0652 4576 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:47:01.0652 4576 Dnscache - ok
19:47:01.0870 4576 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:47:01.0870 4576 dot3svc - ok
19:47:01.0948 4576 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:47:01.0964 4576 DPS - ok
19:47:01.0980 4576 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:47:01.0980 4576 drmkaud - ok
19:47:02.0120 4576 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:47:02.0182 4576 DXGKrnl - ok
19:47:02.0229 4576 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:47:02.0260 4576 E1G60 - ok
19:47:02.0307 4576 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:47:02.0323 4576 EapHost - ok
19:47:02.0448 4576 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:47:02.0448 4576 Ecache - ok
19:47:02.0728 4576 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:47:02.0744 4576 ehRecvr - ok
19:47:02.0806 4576 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:47:02.0806 4576 ehSched - ok
19:47:02.0822 4576 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:47:02.0822 4576 ehstart - ok
19:47:02.0916 4576 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:47:02.0931 4576 elxstor - ok
19:47:03.0072 4576 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:47:03.0103 4576 EMDMgmt - ok
19:47:03.0212 4576 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:47:03.0212 4576 EventSystem - ok
19:47:03.0321 4576 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:47:03.0321 4576 exfat - ok
19:47:03.0384 4576 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:47:03.0384 4576 fastfat - ok
19:47:03.0430 4576 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
19:47:03.0430 4576 fdc - ok
19:47:03.0493 4576 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:47:03.0493 4576 fdPHost - ok
19:47:03.0524 4576 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:47:03.0524 4576 FDResPub - ok
19:47:03.0540 4576 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:47:03.0540 4576 FileInfo - ok
19:47:03.0571 4576 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:47:03.0571 4576 Filetrace - ok
19:47:03.0602 4576 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:47:03.0602 4576 flpydisk - ok
19:47:03.0664 4576 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:47:03.0680 4576 FltMgr - ok
19:47:03.0852 4576 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:47:03.0883 4576 FontCache - ok
19:47:03.0945 4576 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:47:03.0961 4576 FontCache3.0.0.0 - ok
19:47:03.0976 4576 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
19:47:03.0992 4576 Fs_Rec - ok
19:47:04.0023 4576 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:47:04.0023 4576 gagp30kx - ok
19:47:04.0179 4576 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:47:04.0210 4576 gpsvc - ok
19:47:04.0351 4576 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:47:04.0351 4576 gupdate - ok
19:47:04.0366 4576 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:47:04.0366 4576 gupdatem - ok
19:47:04.0460 4576 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
19:47:04.0460 4576 HdAudAddService - ok
19:47:04.0569 4576 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:47:04.0585 4576 HDAudBus - ok
19:47:04.0616 4576 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:47:04.0616 4576 HidBth - ok
19:47:04.0632 4576 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:47:04.0647 4576 HidIr - ok
19:47:04.0663 4576 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
19:47:04.0663 4576 hidserv - ok
19:47:04.0694 4576 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
19:47:04.0694 4576 HidUsb - ok
19:47:04.0741 4576 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:47:04.0756 4576 hkmsvc - ok
19:47:04.0772 4576 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:47:04.0772 4576 HpCISSs - ok
19:47:04.0850 4576 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:47:04.0866 4576 HSFHWAZL - ok
19:47:05.0022 4576 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:47:05.0068 4576 HSF_DPV - ok
19:47:05.0162 4576 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:47:05.0193 4576 HTTP - ok
19:47:05.0256 4576 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:47:05.0256 4576 i2omp - ok
19:47:05.0334 4576 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:47:05.0334 4576 i8042prt - ok
19:47:05.0412 4576 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:47:05.0412 4576 iaStorV - ok
19:47:05.0614 4576 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:47:05.0646 4576 idsvc - ok
19:47:05.0989 4576 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:47:06.0067 4576 igfx - ok
19:47:06.0254 4576 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:47:06.0254 4576 iirsp - ok
19:47:06.0379 4576 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:47:06.0394 4576 IKEEXT - ok
19:47:06.0706 4576 IntcAzAudAddService (6f62bafe6150f3952f877051c65786fe) C:\Windows\system32\drivers\RTKVHDA.sys
19:47:06.0769 4576 IntcAzAudAddService - ok
19:47:06.0894 4576 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:47:06.0894 4576 intelide - ok
19:47:06.0940 4576 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:47:06.0956 4576 intelppm - ok
19:47:07.0018 4576 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:47:07.0018 4576 IPBusEnum - ok
19:47:07.0034 4576 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:47:07.0034 4576 IpFilterDriver - ok
19:47:07.0112 4576 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:47:07.0112 4576 iphlpsvc - ok
19:47:07.0128 4576 IpInIp - ok
19:47:07.0174 4576 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:47:07.0174 4576 IPMIDRV - ok
19:47:07.0206 4576 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:47:07.0206 4576 IPNAT - ok
19:47:07.0237 4576 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:47:07.0237 4576 IRENUM - ok
19:47:07.0268 4576 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:47:07.0268 4576 isapnp - ok
19:47:07.0362 4576 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:47:07.0377 4576 iScsiPrt - ok
19:47:07.0393 4576 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:47:07.0393 4576 iteatapi - ok
19:47:07.0424 4576 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:47:07.0424 4576 iteraid - ok
19:47:07.0471 4576 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:47:07.0486 4576 kbdclass - ok
19:47:07.0502 4576 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
19:47:07.0502 4576 kbdhid - ok
19:47:07.0533 4576 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:47:07.0549 4576 KeyIso - ok
19:47:08.0095 4576 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
19:47:08.0095 4576 KSecDD - ok
19:47:08.0344 4576 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:47:08.0376 4576 KtmRm - ok
19:47:08.0500 4576 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
19:47:08.0500 4576 LanmanServer - ok
19:47:08.0625 4576 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:47:08.0641 4576 LanmanWorkstation - ok
19:47:08.0734 4576 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:47:08.0734 4576 lltdio - ok
19:47:08.0797 4576 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:47:08.0828 4576 lltdsvc - ok
19:47:08.0875 4576 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:47:08.0875 4576 lmhosts - ok
19:47:09.0093 4576 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:47:09.0093 4576 LSI_FC - ok
19:47:09.0140 4576 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:47:09.0140 4576 LSI_SAS - ok
19:47:09.0218 4576 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:47:09.0234 4576 LSI_SCSI - ok
19:47:09.0280 4576 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:47:09.0296 4576 luafv - ok
19:47:09.0327 4576 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:47:09.0327 4576 Mcx2Svc - ok
19:47:09.0358 4576 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:47:09.0358 4576 megasas - ok
19:47:09.0405 4576 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:47:09.0421 4576 MMCSS - ok
19:47:09.0436 4576 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:47:09.0436 4576 Modem - ok
19:47:09.0483 4576 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:47:09.0483 4576 monitor - ok
19:47:09.0577 4576 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:47:09.0592 4576 mouclass - ok
19:47:09.0639 4576 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
19:47:09.0639 4576 mouhid - ok
19:47:09.0686 4576 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:47:09.0702 4576 MountMgr - ok
19:47:09.0920 4576 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:47:09.0936 4576 MozillaMaintenance - ok
19:47:10.0029 4576 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
19:47:10.0045 4576 MpFilter - ok
19:47:10.0107 4576 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:47:10.0107 4576 mpio - ok
19:47:10.0341 4576 MpKsl4e255874 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABEF799A-51B3-4752-B153-2D7B6EC76F8E}\MpKsl4e255874.sys
19:47:10.0341 4576 MpKsl4e255874 - ok
19:47:10.0497 4576 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:47:10.0544 4576 mpsdrv - ok
19:47:11.0168 4576 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:47:11.0199 4576 MpsSvc - ok
19:47:11.0246 4576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:47:11.0246 4576 Mraid35x - ok
19:47:11.0340 4576 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:47:11.0340 4576 MRxDAV - ok
19:47:11.0605 4576 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:47:11.0683 4576 mrxsmb - ok
19:47:11.0792 4576 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:47:11.0823 4576 mrxsmb10 - ok
19:47:11.0854 4576 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:47:11.0854 4576 mrxsmb20 - ok
19:47:11.0932 4576 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
19:47:11.0932 4576 msahci - ok
19:47:11.0979 4576 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:47:11.0995 4576 msdsm - ok
19:47:12.0166 4576 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:47:12.0166 4576 MSDTC - ok
19:47:12.0213 4576 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:47:12.0213 4576 Msfs - ok
19:47:12.0244 4576 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:47:12.0244 4576 msisadrv - ok
19:47:12.0307 4576 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:47:12.0322 4576 MSiSCSI - ok
19:47:12.0322 4576 msiserver - ok
19:47:12.0369 4576 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:47:12.0369 4576 MSKSSRV - ok
19:47:12.0588 4576 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:47:12.0603 4576 MsMpSvc - ok
19:47:12.0806 4576 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:47:12.0853 4576 MSPCLOCK - ok
19:47:12.0868 4576 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:47:12.0868 4576 MSPQM - ok
19:47:13.0165 4576 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:47:13.0180 4576 MsRPC - ok
19:47:13.0227 4576 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:47:13.0227 4576 mssmbios - ok
19:47:13.0274 4576 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:47:13.0274 4576 MSTEE - ok
19:47:13.0368 4576 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:47:13.0368 4576 Mup - ok
19:47:13.0898 4576 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:47:13.0945 4576 napagent - ok
19:47:14.0194 4576 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:47:14.0210 4576 NativeWifiP - ok
19:47:14.0350 4576 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:47:14.0382 4576 NDIS - ok
19:47:14.0428 4576 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:47:14.0428 4576 NdisTapi - ok
19:47:14.0444 4576 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:47:14.0444 4576 Ndisuio - ok
19:47:15.0006 4576 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:47:15.0068 4576 NdisWan - ok
19:47:15.0177 4576 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:47:15.0177 4576 NDProxy - ok
19:47:15.0318 4576 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:47:15.0333 4576 NetBIOS - ok
19:47:15.0505 4576 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:47:15.0536 4576 netbt - ok
19:47:15.0567 4576 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:47:15.0583 4576 Netlogon - ok
19:47:16.0238 4576 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:47:16.0254 4576 Netman - ok
19:47:16.0472 4576 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:47:16.0488 4576 netprofm - ok
19:47:16.0800 4576 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:47:16.0815 4576 NetTcpPortSharing - ok
19:47:16.0862 4576 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:47:16.0893 4576 nfrd960 - ok
19:47:16.0956 4576 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:47:16.0956 4576 NisDrv - ok
19:47:17.0268 4576 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:47:17.0283 4576 NisSrv - ok
19:47:17.0392 4576 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:47:17.0408 4576 NlaSvc - ok
19:47:17.0455 4576 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:47:17.0455 4576 Npfs - ok
19:47:17.0486 4576 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:47:17.0486 4576 nsi - ok
19:47:17.0502 4576 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:47:17.0502 4576 nsiproxy - ok
19:47:19.0202 4576 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:47:19.0264 4576 Ntfs - ok
19:47:19.0296 4576 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:47:19.0296 4576 ntrigdigi - ok
19:47:19.0358 4576 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:47:19.0405 4576 Null - ok
19:47:19.0436 4576 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:47:19.0452 4576 nvraid - ok
19:47:19.0483 4576 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:47:19.0483 4576 nvstor - ok
19:47:19.0732 4576 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:47:19.0779 4576 nv_agp - ok
19:47:19.0779 4576 NwlnkFlt - ok
19:47:19.0795 4576 NwlnkFwd - ok
19:47:19.0935 4576 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:47:19.0935 4576 ohci1394 - ok
19:47:20.0185 4576 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:47:20.0216 4576 ose - ok
19:47:20.0341 4576 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:47:20.0388 4576 p2pimsvc - ok
19:47:20.0403 4576 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:47:20.0419 4576 p2psvc - ok
19:47:20.0450 4576 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:47:20.0450 4576 Parport - ok
19:47:20.0762 4576 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
19:47:20.0762 4576 partmgr - ok
19:47:20.0887 4576 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:47:20.0902 4576 Parvdm - ok
19:47:20.0965 4576 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:47:20.0980 4576 PcaSvc - ok
19:47:21.0386 4576 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:47:21.0386 4576 pci - ok
19:47:21.0417 4576 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
19:47:21.0417 4576 pciide - ok
19:47:21.0589 4576 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
19:47:21.0589 4576 pcmcia - ok
19:47:22.0478 4576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:47:22.0494 4576 PEAUTH - ok
19:47:24.0334 4576 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:47:24.0412 4576 pla - ok
19:47:25.0520 4576 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:47:25.0536 4576 PlugPlay - ok
19:47:26.0425 4576 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:47:26.0440 4576 PNRPAutoReg - ok
19:47:26.0472 4576 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:47:26.0487 4576 PNRPsvc - ok
19:47:26.0628 4576 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:47:26.0643 4576 PolicyAgent - ok
19:47:26.0846 4576 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:47:26.0846 4576 PptpMiniport - ok
19:47:27.0080 4576 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:47:27.0096 4576 Processor - ok
19:47:27.0189 4576 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:47:27.0220 4576 ProfSvc - ok
19:47:27.0267 4576 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:47:27.0267 4576 ProtectedStorage - ok
19:47:27.0345 4576 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:47:27.0345 4576 PSched - ok
19:47:27.0688 4576 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:47:27.0782 4576 ql2300 - ok
19:47:27.0860 4576 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:47:27.0876 4576 ql40xx - ok
19:47:28.0032 4576 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:47:28.0063 4576 QWAVE - ok
19:47:28.0094 4576 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:47:28.0094 4576 QWAVEdrv - ok
19:47:28.0110 4576 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:47:28.0125 4576 RasAcd - ok
19:47:28.0156 4576 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:47:28.0156 4576 RasAuto - ok
19:47:28.0219 4576 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:47:28.0250 4576 Rasl2tp - ok
19:47:28.0422 4576 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:47:28.0437 4576 RasMan - ok
19:47:28.0484 4576 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:47:28.0484 4576 RasPppoe - ok
19:47:28.0578 4576 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:47:28.0578 4576 RasSstp - ok
19:47:29.0155 4576 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:47:29.0170 4576 rdbss - ok
19:47:29.0264 4576 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:47:29.0264 4576 RDPCDD - ok
19:47:29.0404 4576 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:47:29.0404 4576 rdpdr - ok
19:47:29.0420 4576 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:47:29.0420 4576 RDPENCDD - ok
19:47:29.0716 4576 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
19:47:29.0763 4576 RDPWD - ok
19:47:29.0872 4576 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:47:29.0888 4576 RemoteAccess - ok
19:47:30.0044 4576 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:47:30.0060 4576 RemoteRegistry - ok
19:47:30.0091 4576 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:47:30.0091 4576 RpcLocator - ok
19:47:30.0450 4576 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:47:30.0465 4576 RpcSs - ok
19:47:30.0543 4576 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:47:30.0543 4576 rspndr - ok
19:47:30.0637 4576 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:47:30.0637 4576 SamSs - ok
19:47:30.0918 4576 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:47:30.0933 4576 sbp2port - ok
19:47:30.0980 4576 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:47:31.0011 4576 SCardSvr - ok
19:47:31.0464 4576 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:47:31.0573 4576 Schedule - ok
19:47:31.0698 4576 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:47:31.0698 4576 SCPolicySvc - ok
19:47:32.0041 4576 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:47:32.0088 4576 SDRSVC - ok
19:47:32.0119 4576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:47:32.0134 4576 secdrv - ok
19:47:32.0181 4576 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:47:32.0197 4576 seclogon - ok
19:47:32.0244 4576 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:47:32.0244 4576 SENS - ok
19:47:32.0290 4576 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:47:32.0290 4576 Serenum - ok
19:47:32.0322 4576 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:47:32.0322 4576 Serial - ok
19:47:32.0353 4576 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:47:32.0353 4576 sermouse - ok
19:47:32.0400 4576 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:47:32.0415 4576 SessionEnv - ok
19:47:32.0493 4576 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
19:47:32.0493 4576 SFEP - ok
19:47:32.0509 4576 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:47:32.0509 4576 sffdisk - ok
19:47:32.0524 4576 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:47:32.0524 4576 sffp_mmc - ok
19:47:32.0540 4576 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:47:32.0540 4576 sffp_sd - ok
19:47:32.0556 4576 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:47:32.0571 4576 sfloppy - ok
19:47:32.0883 4576 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:47:32.0899 4576 SharedAccess - ok
19:47:33.0258 4576 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:47:33.0336 4576 ShellHWDetection - ok
19:47:33.0382 4576 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:47:33.0382 4576 sisagp - ok
19:47:33.0398 4576 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:47:33.0398 4576 SiSRaid2 - ok
19:47:33.0429 4576 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:47:33.0445 4576 SiSRaid4 - ok
19:47:35.0520 4576 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:47:35.0660 4576 slsvc - ok
19:47:36.0487 4576 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:47:36.0502 4576 SLUINotify - ok
19:47:36.0643 4576 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:47:36.0643 4576 Smb - ok
19:47:36.0736 4576 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:47:36.0752 4576 SNMPTRAP - ok
19:47:36.0783 4576 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:47:36.0783 4576 spldr - ok
19:47:37.0002 4576 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:47:37.0033 4576 Spooler - ok
19:47:37.0204 4576 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:47:37.0220 4576 srv - ok
19:47:37.0282 4576 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:47:37.0282 4576 srv2 - ok
19:47:37.0314 4576 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:47:37.0329 4576 srvnet - ok
19:47:37.0407 4576 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:47:37.0423 4576 SSDPSRV - ok
19:47:37.0454 4576 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:47:37.0470 4576 SstpSvc - ok
19:47:37.0782 4576 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:47:37.0813 4576 stisvc - ok
19:47:37.0906 4576 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:47:37.0922 4576 swenum - ok
19:47:38.0000 4576 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:47:38.0031 4576 swprv - ok
19:47:38.0078 4576 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:47:38.0078 4576 Symc8xx - ok
19:47:38.0140 4576 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:47:38.0140 4576 Sym_hi - ok
19:47:38.0156 4576 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:47:38.0156 4576 Sym_u3 - ok
19:47:38.0281 4576 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:47:38.0312 4576 SysMain - ok
19:47:38.0343 4576 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:47:38.0359 4576 TabletInputService - ok
19:47:38.0437 4576 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:47:38.0452 4576 TapiSrv - ok
19:47:38.0515 4576 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:47:38.0530 4576 TBS - ok
19:47:38.0718 4576 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
19:47:38.0749 4576 Tcpip - ok
19:47:38.0780 4576 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
19:47:38.0796 4576 Tcpip6 - ok
19:47:38.0842 4576 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
19:47:38.0842 4576 tcpipreg - ok
19:47:38.0858 4576 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:47:38.0858 4576 TDPIPE - ok
19:47:38.0874 4576 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:47:38.0874 4576 TDTCP - ok
19:47:38.0920 4576 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:47:38.0920 4576 tdx - ok
19:47:38.0936 4576 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:47:38.0952 4576 TermDD - ok
19:47:39.0061 4576 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:47:39.0076 4576 TermService - ok
19:47:39.0154 4576 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:47:39.0170 4576 Themes - ok
19:47:39.0217 4576 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:47:39.0232 4576 THREADORDER - ok
19:47:39.0295 4576 tifm21 (28b7f973c36d157a7885b1ae42a4a2a9) C:\Windows\system32\drivers\tifm21.sys
19:47:39.0310 4576 tifm21 - ok
19:47:39.0373 4576 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:47:39.0388 4576 TrkWks - ok
19:47:39.0482 4576 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:47:39.0482 4576 TrustedInstaller - ok
19:47:39.0513 4576 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:47:39.0513 4576 tssecsrv - ok
19:47:39.0560 4576 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:47:39.0576 4576 tunmp - ok
19:47:39.0591 4576 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:47:39.0591 4576 tunnel - ok
19:47:39.0638 4576 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:47:39.0638 4576 uagp35 - ok
19:47:39.0685 4576 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:47:39.0700 4576 udfs - ok
19:47:39.0732 4576 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:47:39.0747 4576 UI0Detect - ok
19:47:39.0763 4576 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:47:39.0778 4576 uliagpkx - ok
19:47:39.0825 4576 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:47:39.0841 4576 uliahci - ok
19:47:39.0856 4576 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:47:39.0872 4576 UlSata - ok
19:47:39.0903 4576 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:47:39.0919 4576 ulsata2 - ok
19:47:39.0966 4576 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:47:39.0966 4576 umbus - ok
19:47:40.0044 4576 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:47:40.0059 4576 upnphost - ok
19:47:40.0090 4576 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
19:47:40.0090 4576 usbccgp - ok
19:47:40.0106 4576 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:47:40.0122 4576 usbcir - ok
19:47:40.0184 4576 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:47:40.0184 4576 usbehci - ok
19:47:40.0262 4576 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:47:40.0262 4576 usbhub - ok
19:47:40.0293 4576 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:47:40.0293 4576 usbohci - ok
19:47:40.0309 4576 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:47:40.0309 4576 usbprint - ok
19:47:40.0371 4576 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:47:40.0371 4576 USBSTOR - ok
19:47:40.0418 4576 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:47:40.0418 4576 usbuhci - ok
19:47:40.0480 4576 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:47:40.0496 4576 UxSms - ok
19:47:40.0621 4576 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
19:47:40.0636 4576 VAIO Event Service - ok
19:47:40.0730 4576 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:47:40.0761 4576 vds - ok
19:47:40.0792 4576 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:47:40.0792 4576 vga - ok
19:47:40.0855 4576 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:47:40.0855 4576 VgaSave - ok
19:47:40.0870 4576 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:47:40.0870 4576 viaagp - ok
19:47:40.0902 4576 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:47:40.0902 4576 ViaC7 - ok
19:47:40.0917 4576 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:47:40.0917 4576 viaide - ok
19:47:40.0964 4576 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:47:40.0980 4576 volmgr - ok
19:47:41.0073 4576 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:47:41.0073 4576 volmgrx - ok
19:47:41.0136 4576 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:47:41.0136 4576 volsnap - ok
19:47:41.0182 4576 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:47:41.0198 4576 vsmraid - ok
19:47:41.0354 4576 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:47:41.0401 4576 VSS - ok
19:47:41.0463 4576 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:47:41.0494 4576 W32Time - ok
19:47:41.0588 4576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:47:41.0588 4576 WacomPen - ok
19:47:41.0650 4576 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:47:41.0650 4576 Wanarp - ok
19:47:41.0650 4576 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:47:41.0650 4576 Wanarpv6 - ok
19:47:41.0760 4576 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:47:41.0791 4576 wcncsvc - ok
19:47:41.0838 4576 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:47:41.0838 4576 WcsPlugInService - ok
19:47:41.0869 4576 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:47:41.0884 4576 Wd - ok
19:47:41.0994 4576 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:47:42.0009 4576 Wdf01000 - ok
19:47:42.0025 4576 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:47:42.0040 4576 WdiServiceHost - ok
19:47:42.0040 4576 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:47:42.0056 4576 WdiSystemHost - ok
19:47:42.0118 4576 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:47:42.0134 4576 WebClient - ok
19:47:42.0196 4576 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:47:42.0212 4576 Wecsvc - ok
19:47:42.0243 4576 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:47:42.0243 4576 wercplsupport - ok
19:47:42.0306 4576 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:47:42.0321 4576 WerSvc - ok
19:47:42.0430 4576 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:47:42.0462 4576 winachsf - ok
19:47:42.0586 4576 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:47:42.0602 4576 WinDefend - ok
19:47:42.0618 4576 WinHttpAutoProxySvc - ok
19:47:43.0148 4576 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:47:43.0195 4576 Winmgmt - ok
19:47:44.0349 4576 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:47:44.0427 4576 WinRM - ok
19:47:44.0802 4576 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:47:44.0833 4576 Wlansvc - ok
19:47:47.0594 4576 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:47:47.0688 4576 wlidsvc - ok
19:47:49.0388 4576 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:47:49.0388 4576 WmiAcpi - ok
19:47:49.0840 4576 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:47:49.0840 4576 wmiApSrv - ok
19:47:53.0647 4576 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:47:53.0740 4576 WMPNetworkSvc - ok
19:47:53.0943 4576 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:47:53.0959 4576 WPCSvc - ok
19:47:54.0224 4576 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:47:54.0224 4576 WPDBusEnum - ok
19:47:54.0333 4576 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:47:54.0349 4576 WpdUsb - ok
19:47:54.0942 4576 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:47:54.0973 4576 WPFFontCache_v0400 - ok
19:47:55.0035 4576 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:47:55.0051 4576 ws2ifsl - ok
19:47:55.0191 4576 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
19:47:55.0207 4576 wscsvc - ok
19:47:55.0222 4576 WSearch - ok
19:47:56.0330 4576 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
19:47:56.0424 4576 wuauserv - ok
19:47:56.0970 4576 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:47:56.0970 4576 WUDFRd - ok
19:47:57.0001 4576 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:47:57.0016 4576 wudfsvc - ok
19:47:57.0313 4576 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:47:57.0391 4576 YahooAUService - ok
19:47:57.0453 4576 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
19:47:57.0453 4576 yukonwlh - ok
19:47:57.0484 4576 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:47:59.0403 4576 \Device\Harddisk0\DR0 - ok
19:47:59.0434 4576 Boot (0x1200) (3caa35899355d60e9cffcd62ae8e8613) \Device\Harddisk0\DR0\Partition0
19:47:59.0450 4576 \Device\Harddisk0\DR0\Partition0 - ok
19:47:59.0450 4576 ============================================================
19:47:59.0450 4576 Scan finished
19:47:59.0450 4576 ============================================================
19:47:59.0481 4116 Detected object count: 0
19:47:59.0481 4116 Actual detected object count: 0
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: owner [Admin rights]
Mode: Scan -- Date: 07/27/2012 20:26:54
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[BLACKLIST DLL] HKUS\S-1-5-21-1114184814-3568446412-1611862538-1000_Classes[...]\Run : Apple Computer (rundll32.exe "C:\Users\owner\AppData\Local\eSupport.com\Apple Computer\pedswf.dll",DllRegisterServer) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: FUJITSU MHY2200BH ATA Device +++++
--- User ---
[MBR] c87639a984bd2837c364bd86fc65eb46
[BSP] f7e53bf228211653b105a85dc238cc1a : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16592896 | Size: 182679 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-27 20:34:42
-----------------------------
20:34:42.423 OS Version: Windows 6.0.6002 Service Pack 2
20:34:42.423 Number of processors: 2 586 0xF0D
20:34:42.438 ComputerName: PATRICE UserName: owner
20:34:45.340 Initialize success
20:36:50.960 AVAST engine defs: 12072701
20:37:01.147 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
20:37:01.147 Disk 0 Vendor: FUJITSU_MHY2200BH 0000000B Size: 190782MB BusType: 3
20:37:01.256 Disk 0 MBR read successfully
20:37:01.272 Disk 0 MBR scan
20:37:01.287 Disk 0 Windows VISTA default MBR code
20:37:01.381 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8101 MB offset 2048
20:37:01.475 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 182679 MB offset 16592896
20:37:01.599 Disk 0 scanning sectors +390719488
20:37:02.255 Disk 0 scanning C:\Windows\system32\drivers
20:38:35.402 Service scanning
20:38:58.178 Service MpKsl4e255874 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABEF799A-51B3-4752-B153-2D7B6EC76F8E}\MpKsl4e255874.sys **LOCKED** 32
20:39:35.571 Modules scanning
20:40:57.487 Disk 0 trace - called modules:
20:40:57.596 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys
20:40:57.612 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85809ac8]
20:40:57.627 3 CLASSPNP.SYS[885ac8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8560c030]
20:40:58.907 AVAST engine scan C:\Windows
20:42:05.019 AVAST engine scan C:\Windows\system32
20:55:30.338 AVAST engine scan C:\Windows\system32\drivers
20:56:10.134 AVAST engine scan C:\Users\owner
20:58:33.763 AVAST engine scan C:\ProgramData
20:59:42.138 Scan finished successfully
21:19:21.311 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
21:19:21.326 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-07-27.03 - owner 07/27/2012 23:04:40.1.2 - x86
Running from: c:\users\owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GuffinsEI
c:\programdata\081223t8l868t851j382f3dxi1w3
c:\windows\$NtUninstallKB13996$
c:\windows\$NtUninstallKB13996$\1151938653
c:\windows\$NtUninstallKB13996$\644157641\@
c:\windows\$NtUninstallKB13996$\644157641\cfg.ini
c:\windows\$NtUninstallKB13996$\644157641\Desktop.ini
c:\windows\$NtUninstallKB13996$\644157641\L\qnbwvoto
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 03:14 . 2012-07-28 03:14 -------- d-----w- c:\users\owner\AppData\Local\temp
2012-07-28 03:14 . 2012-07-28 03:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 19:07 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABEF799A-51B3-4752-B153-2D7B6EC76F8E}\mpengine.dll
2012-07-24 19:15 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-20 23:09 . 2012-07-20 23:09 -------- d-----w- c:\users\owner\AppData\Local\Macromedia
2012-07-13 01:29 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 21:13 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 21:13 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 21:13 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 21:13 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 21:13 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 21:13 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-06 18:17 . 2012-06-10 20:59 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E58BD07-5581-4A77-A9C1-14E4902EC243}\gapaengine.dll
2012-07-06 18:03 . 2012-07-06 18:03 18912 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-07-06 18:03 . 2012-07-06 18:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-07-06 18:03 . 2012-07-06 18:03 85472 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-07-06 18:03 . 2012-07-06 18:03 117728 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-07-06 18:03 . 2012-07-06 18:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2012-07-06 18:03 . 2012-07-06 18:03 913888 ----a-w- c:\program files\Mozilla Firefox\firefox.exe
2012-07-06 18:03 . 2012-07-06 18:03 258528 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll
2012-07-06 18:03 . 2012-07-06 18:03 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-06 18:03 . 2012-07-06 18:03 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-02 17:22 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-07-02 17:22 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-02 17:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-02 17:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-02 17:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-07-02 17:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-02 17:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-07-02 17:19 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-02 17:19 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 07:18 . 2012-03-31 05:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-15 07:18 . 2011-07-27 21:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2012-06-23 19:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-10 20:59 . 2011-07-19 01:05 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-05-15 06:37 . 2012-06-17 22:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32 . 2012-06-17 22:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32 . 2012-06-17 22:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31 . 2012-06-17 22:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31 . 2012-06-17 22:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01 . 2012-06-17 22:53 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26 . 2012-06-17 22:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23 . 2012-06-17 22:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-08 16:40 . 2012-06-08 22:35 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{588A5A61-6563-4B84-B342-84F5E591B0E5}\mpengine.dll
2012-05-01 14:03 . 2012-06-17 22:53 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-07-24 20:28 . 2011-07-25 07:33 161744 ----a-w- c:\program files\u4res.dll
2012-07-06 18:03 . 2012-07-06 18:03 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-08 4669440]
"Skytel"="Skytel.exe" [2008-01-08 1826816]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 00:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\35289884.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 08:42]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 08:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\z98tq3ua.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&from=login
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YJxdm021YYus&ptb=7CAA6F56-1A0C-4103-BEFF-850B4FAFA4DF&psa=&ind=2011072417&ptnrS=YJxdm021YYus&si=52901&st=kwd&n=77de87a1&searchfor=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-27 23:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-27 23:18:42
ComboFix-quarantined-files.txt 2012-07-28 03:18
.
Pre-Run: 139,465,957,376 bytes free
Post-Run: 139,280,535,552 bytes free
.
- - End Of File - - ACD7D3C21BA7F3B7C300CBB5FEE493BD
 
Looks good :)

How is computer doing?

=============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Sadly I just checked firefox and the redirect is still happening. IE continues not to be infected by it, it also been the browser I been using lately so would that make a difference?
OTL logfile created on: 7/27/2012 11:51:54 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 52.00% Memory free
4.22 Gb Paging File | 3.33 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 129.36 Gb Free Space | 72.51% Space Free | Partition Type: NTFS

Computer Name: PATRICE | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/27 23:50:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/10/31 13:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/08/14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 20:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/07/06 14:03:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/14 20:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\owner\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2009/06/19 16:44:14 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2008/08/18 06:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/05/28 14:28:32 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/09/19 13:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...52901&st=sb&n=77de87a1&searchfor={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes,DefaultScope = {D776BC87-28A7-43A7-897D-E66B2F553CB7}
IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...52901&st=sb&n=77de87a1&searchfor={searchTerms}
IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes\{D776BC87-28A7-43A7-897D-E66B2F553CB7}: "URL" = http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "https://www.google.com/accounts/Ser...z&scc=1&ltmpl=default&ltmplcache=2&from=login"
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/myweb...m021YYus&si=52901&st=kwd&n=77de87a1&searchfor="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/06 14:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 16:49:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/06 14:03:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/17 16:49:13 | 000,000,000 | ---D | M]

[2011/03/28 01:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions
[2012/06/03 00:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\z98tq3ua.default\extensions
[2012/05/25 18:54:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\z98tq3ua.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/07/24 18:47:31 | 000,009,980 | ---- | M] () -- C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\z98tq3ua.default\searchplugins\Guffins.xml
[2011/03/27 23:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/18 21:49:14 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z98TQ3UA.DEFAULT\EXTENSIONS\NZHSLNUILN@NZHSLNUILN.ORG.XPI
[2012/07/06 14:03:41 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/06 14:03:30 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/06 14:03:30 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/27 23:14:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D22A6BB4-CBD6-4AF5-BB9E-1F26A3CF7A55}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 23:50:26 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/07/27 23:18:51 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/27 23:18:46 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\temp
[2012/07/27 22:52:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/27 22:52:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/27 22:52:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/27 22:52:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/27 22:52:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/27 22:51:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/27 22:49:27 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\ComboFix.exe
[2012/07/27 20:25:19 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine
[2012/07/27 20:18:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe
[2012/07/27 19:45:37 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\tdsskiller
[2012/07/27 13:49:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\owner\Desktop\dds.scr
[2012/07/20 19:09:58 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2012/07/27 23:50:41 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe
[2012/07/27 23:14:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/27 23:09:47 | 000,606,670 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/27 23:09:47 | 000,105,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/27 23:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 23:02:42 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 23:02:41 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 23:02:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/27 23:02:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/27 23:02:18 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 22:50:26 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\ComboFix.exe
[2012/07/27 21:19:21 | 000,000,512 | ---- | M] () -- C:\Users\owner\Desktop\MBR.dat
[2012/07/27 20:19:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\owner\Desktop\aswMBR.exe
[2012/07/27 20:17:10 | 001,552,384 | ---- | M] () -- C:\Users\owner\Desktop\RogueKiller.exe
[2012/07/27 13:50:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\owner\Desktop\dds.scr
[2012/07/27 13:49:06 | 000,302,592 | ---- | M] () -- C:\Users\owner\Desktop\q4wvdxs7.exe
[2012/07/24 16:27:55 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 21:49:15 | 000,247,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/02 14:35:56 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2012/07/27 22:52:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/27 22:52:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/27 22:52:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/27 22:52:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/27 22:52:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/27 21:19:21 | 000,000,512 | ---- | C] () -- C:\Users\owner\Desktop\MBR.dat
[2012/07/27 20:17:01 | 001,552,384 | ---- | C] () -- C:\Users\owner\Desktop\RogueKiller.exe
[2012/07/27 13:48:57 | 000,302,592 | ---- | C] () -- C:\Users\owner\Desktop\q4wvdxs7.exe
[2011/12/23 02:59:50 | 000,010,256 | -HS- | C] () -- C:\Users\owner\AppData\Local\081223t8l868t851j382f3dxi1w3
[2011/07/31 14:01:07 | 000,003,584 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/25 03:33:12 | 000,161,744 | ---- | C] () -- C:\Program Files\u4res.dll
[2011/03/27 12:50:23 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/27 12:50:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/27 02:53:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/26 12:47:10 | 000,006,648 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2011/03/27 02:11:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\OpenOffice.org
[2011/03/26 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Thunderbird
[2012/07/27 23:01:26 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
OTL Extras logfile created on: 7/27/2012 11:51:54 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\owner\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 52.00% Memory free
4.22 Gb Paging File | 3.33 Gb Available in Paging File | 79.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.40 Gb Total Space | 129.36 Gb Free Space | 72.51% Space Free | Partition Type: NTFS

Computer Name: PATRICE | User Name: owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A975435-2B37-43B7-BD44-023D05D0D197}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{91864B7A-2CFB-44ED-8A07-CF3D915F629E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B4B5700-DA29-4AA0-A3E1-D0F1E1B214DA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7170A629-6461-4601-9B88-985A7B6C354E}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{ADBDED45-3921-42C3-BFDD-BAC679F05D5F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C6E0ED2E-1012-4E58-9D3D-6D0A62BDAC91}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F3E66518-3A31-416A-9547-93EAD2AB6669}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}" = TIPCI
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{B54B8CD3-E12B-4C29-AF5A-2101E2FF5F53}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/21/2012 1:35:56 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3031
Description =

Error - 7/22/2012 12:31:32 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 9000
Description =

Error - 7/22/2012 12:31:33 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 9002
Description =

Error - 7/22/2012 12:31:33 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3029
Description =

Error - 7/22/2012 12:31:34 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3029
Description =

Error - 7/22/2012 12:31:34 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3028
Description =

Error - 7/22/2012 12:31:34 PM | Computer Name = Patrice | Source = Windows Search Service | ID = 3058
Description =

Error - 7/23/2012 1:42:56 AM | Computer Name = Patrice | Source = Windows Search Service | ID = 3013
Description =

Error - 7/27/2012 2:15:09 PM | Computer Name = Patrice | Source = Application Error | ID = 1000
Description = Faulting application q4wvdxs7.exe, version 1.0.15.15641, time stamp
0x4e21f2b1, faulting module q4wvdxs7.exe, version 1.0.15.15641, time stamp 0x4e21f2b1,
exception code 0xc0000005, fault offset 0x0000c676, process id 0x173c, application
start time 0x01cd6c234df10108.

Error - 7/27/2012 2:20:14 PM | Computer Name = Patrice | Source = Perflib | ID = 1010
Description =

[ System Events ]
Error - 7/23/2012 12:48:20 AM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
Description =

Error - 7/24/2012 3:05:24 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
Description =

Error - 7/26/2012 6:06:46 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
Description =

Error - 7/27/2012 1:41:10 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
Description =

Error - 7/27/2012 2:17:20 PM | Computer Name = Patrice | Source = Dhcp | ID = 1002
Description = The IP address lease 10.0.0.3 for the Network Card with network address
001DD977F63F has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a
DHCPNACK message).

Error - 7/27/2012 10:53:50 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7030
Description =

Error - 7/27/2012 11:04:02 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7000
Description =

Error - 7/27/2012 11:04:02 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7030
Description =

Error - 7/27/2012 11:09:31 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7030
Description =

Error - 7/27/2012 11:14:10 PM | Computer Name = Patrice | Source = Service Control Manager | ID = 7030
Description =


< End of report >
 
Reinstalling helped it no longer redirects now! Thanks so much for that what other steps are left now?
 
Good :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKLM\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...52901&st=sb&n=77de87a1&searchfor={searchTerms}
IE - HKU\S-1-5-21-1114184814-3568446412-1611862538-1000\..\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}: "URL" = http://search.mywebsearch.com/myweb...52901&st=sb&n=77de87a1&searchfor={searchTerms}
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/myweb...m021YYus&si=52901&st=kwd&n=77de87a1&searchfor="
[2008/01/18 21:49:14 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z98TQ3UA.DEFAULT\EXTENSIONS\NZHSLNUILN@NZHSLNUILN.ORG.XPI
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1114184814-3568446412-1611862538-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bd172ba-3f40-4303-bca1-0484b5ba2a7b}\ not found.
Prefs.js: "http://search.mywebsearch.com/myweb...m021YYus&si=52901&st=kwd&n=77de87a1&searchfor=" removed from keyword.URL
C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z98TQ3UA.DEFAULT\EXTENSIONS\NZHSLNUILN@NZHSLNUILN.ORG.XPI moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: owner
->Temp folder emptied: 32660 bytes
->Temporary Internet Files folder emptied: 11468126 bytes
->Java cache emptied: 730532 bytes
->FireFox cache emptied: 68786918 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12144 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 77.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07282012_134403
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 6 Update 24
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 26-07-2012
Ran by owner (administrator) on 28-07-2012 at 14:02:55
Running from "C:\Users\owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=======================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: owner
->Temp folder emptied: 90126 bytes
->Temporary Internet Files folder emptied: 2621685 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 11126069 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2336 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.55.0 log created on 07282012_162030
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Yes!!
p4193502.gif

Good luck and stay safe :)
 
You must log in or register to reply here.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
403
Fastturtle
F
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back