Solved Google redirect malware

hiker1092

hiker1092

Posts: 42   +0
My Google searches are redirected. Prior to coming here for help I ran TFC and then scanned with MBAM and AVG both normally and from Safe Mode. Neither scanner detected an infection. Appropriate logs follow.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.25.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Willis :: WILLIS-OFFICE [administrator]

7/25/2012 12:45:49 PM
mbam-log-2012-07-25 (12-45-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194220
Time elapsed: 14 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-07-25 13:15:56
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200AAKS-75L9A0 rev.02.03E02
Running: by0dqbu7.exe; Driver: C:\Users\Willis\AppData\Local\Temp\uwrdipow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Willis at 13:25:01 on 2012-07-25
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1790.276 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Nortel Networks\NvcRpcSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [googletalk] c:\users\willis\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: pg.com\inetwiki
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pg.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://webaccess.pg.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=928
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{09AD4C78-C83B-4A7F-9004-05653C9D1CED} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0C79CF7E-F85D-4553-A167-C21EDEB3AB1F} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A79E083E-E9BB-492E-920F-1226159BBD5E} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\willis\appdata\roaming\mozilla\firefox\profiles\y2j1q24q.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\willis\appdata\roaming\mozilla\firefox\profiles\y2j1q24q.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\willis\appdata\roaming\mozilla\firefox\profiles\y2j1q24q.default\extensions\logmeinclient@logmein.com\plugins\npLMI64.dll
FF - plugin: c:\users\willis\appdata\roaming\mozilla\firefox\profiles\y2j1q24q.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NvcRpcServer;Nortel CVC Service;c:\program files\nortel networks\NvcRpcSvr.exe [2009-10-16 71176]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-10-16 31784]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-8-12 1009152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys [2010-1-6 187776]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-10-20 39048]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-10-16 148232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 113120]
S3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2007-11-12 468480]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2012-07-14 12:58:27 -------- d-----w- c:\users\willis\appdata\local\LogMeIn
2012-07-14 12:58:27 -------- d-----w- c:\programdata\LogMeIn
2012-07-11 10:47:51 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:40:07 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 10:39:23 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 10:39:23 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 10:39:21 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 10:39:21 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 10:39:21 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-03 20:54:09 -------- d-----w- c:\programdata\YTD Video Downloader
2012-07-02 10:37:11 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-02 10:37:11 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-27 12:45:18 -------- d-----w- c:\users\willis\appdata\local\ElevatedDiagnostics
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
==================== Find3M ====================
.
2012-07-17 00:51:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-17 00:51:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-14 23:33:42 59 ----a-w- c:\windows\wpd99.drv
2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 13:26:12.25 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 8/12/2009 4:53:29 PM
System Uptime: 7/25/2012 11:01:08 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0F896N
Processor: AMD Sempron(tm) Processor LE-1300 | AM2 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 165.414 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.427 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: PSC 2355
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_HP&PROD_PSC_2355&REV_1.00#7&2E11EB7C&0&MY51KF500MKJ&0#
Manufacturer: HP
Name: F:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_HP&PROD_PSC_2355&REV_1.00#7&2E11EB7C&0&MY51KF500MKJ&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1064: 6/25/2012 9:14:54 AM - Scheduled Checkpoint
RP1065: 6/26/2012 10:14:15 AM - Scheduled Checkpoint
RP1066: 6/27/2012 7:04:31 AM - Scheduled Checkpoint
RP1067: 6/27/2012 8:54:02 AM - Restore Operation
RP1068: 6/28/2012 9:53:36 AM - Scheduled Checkpoint
RP1069: 6/29/2012 10:24:41 AM - Scheduled Checkpoint
RP1070: 6/30/2012 12:14:35 PM - Scheduled Checkpoint
RP1071: 7/1/2012 11:02:28 AM - Scheduled Checkpoint
RP1072: 7/2/2012 9:03:34 AM - Scheduled Checkpoint
RP1073: 7/3/2012 12:38:35 PM - Scheduled Checkpoint
RP1074: 7/4/2012 8:48:18 AM - Scheduled Checkpoint
RP1075: 7/5/2012 7:40:46 AM - Scheduled Checkpoint
RP1076: 7/6/2012 9:25:15 AM - Scheduled Checkpoint
RP1077: 7/7/2012 8:40:29 AM - Scheduled Checkpoint
RP1078: 7/8/2012 8:48:40 AM - Scheduled Checkpoint
RP1079: 7/9/2012 10:22:00 AM - Scheduled Checkpoint
RP1080: 7/10/2012 8:03:08 AM - Scheduled Checkpoint
RP1081: 7/11/2012 6:40:14 AM - Windows Update
RP1082: 7/12/2012 9:08:01 AM - Scheduled Checkpoint
RP1083: 7/13/2012 7:36:27 AM - Scheduled Checkpoint
RP1084: 7/14/2012 8:48:15 AM - Scheduled Checkpoint
RP1085: 7/15/2012 8:54:11 AM - Scheduled Checkpoint
RP1086: 7/16/2012 8:48:02 AM - Scheduled Checkpoint
RP1087: 7/17/2012 8:10:03 AM - Scheduled Checkpoint
RP1088: 7/18/2012 7:32:34 AM - Scheduled Checkpoint
RP1089: 7/19/2012 8:22:43 AM - Scheduled Checkpoint
RP1090: 7/20/2012 7:52:27 AM - Scheduled Checkpoint
RP1091: 7/21/2012 10:21:35 AM - Scheduled Checkpoint
RP1092: 7/22/2012 10:51:45 AM - Scheduled Checkpoint
RP1093: 7/23/2012 8:23:32 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
ArcSoft ShowBiz
Arizona Topo Map
ATI Catalyst Control Center
AVG 2012
AVG PC Tuneup 2011
Bonjour
Brother MFC-7840W
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Coupon Printer for Windows
Dell-eBay
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
DeLorme Street Atlas USA 2005
DeLorme Street Atlas USA 2005 Data
Digital Voice Editor 3
Driver Install 32-Bit
ESET Online Scanner v3
EzGrabber
Family Tree Heritage
FLV Player 2.0 (build 25)
Garmin Communicator Plugin
Garmin Lifetime Updater
Garmin MapSource
Garmin Training Center
Garmin USB Drivers
Garmin WebUpdater
Google Talk (remove only)
GoToAssist 8.0.0.514
GoToMeeting 4.5.0.457
Hawaii Topo Map
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 6 Update 31
Juniper Networks Setup Client
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office File Validation Add-In
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 13.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Nortel Networks Contivity VPN Client
OGA Notifier 2.0.0048.0
Palm Desktop
PDF-XChange 3
Pdf995
Platform
PowerDVD DX
Quicken 2012
QuickTime
QuickVerse 2007 Bible Suite
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skins
Solus Basic for Palm Computing
Street Atlas USA 2005
synedra View Personal 3.1.0.6
TerraGo Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VIA Platform Device Manager
VuePrint
WebEx
WebEx Recorder and Player
Winamp
Winamp Detector Plug-in
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinZip 14.5
WOT for Internet Explorer
YTD Video Downloader 3.9
.
==== Event Viewer Messages From Past Week ========
.
7/25/2012 11:03:00 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
7/24/2012 8:07:25 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/24/2012 8:06:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
7/24/2012 8:06:39 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/24/2012 8:05:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/24/2012 8:05:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/24/2012 8:05:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/24/2012 8:05:15 PM, Error: EventLog [6008] - The previous system shutdown at 11:55:18 AM on 7/24/2012 was unexpected.
7/23/2012 8:49:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
7/22/2012 7:19:39 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A79E083E-E9BB-492E-920F-1226159BBD5E} because another computer on the network has the same name. The server could not start.
7/20/2012 2:06:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Which browser is getting redirected?

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Thank you very much for your help.

Firefox is being redirected. Once I detected this I quit using the computer other than trying to fix the infection. I don't THINK IE is being redirected, but I haven't thoroughly tested to confirm.

Since I am not using the infected computer for browsing (other than reading and responding to this thread and clicking the links you provide), I will have little input about its performance, unless you ask me to test something.

When I finished the RogueKiller scan and tried to close it, I received a message saying no elements had been deleted and do I really want to quit. I chose "no" and it stayed open. Since your instructions did not specifically state to close RogueKiller, I ran aswMBR with RogueKiller still open. Shall I close both now?

Logs follow.

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Willis [Admin rights]
Mode: Scan -- Date: 07/25/2012 14:05:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 023e051dcbcf6e9a78928111d2a84b4d
[BSP] b95df3ea71260e28530813b8b2300a83 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 9084f9c43fee8868d9c812905ea2fbf5
[BSP] b95df3ea71260e28530813b8b2300a83 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
3 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo

+++++ PhysicalDrive1: HP PSC 2355 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 14:06:20
-----------------------------
14:06:20.446 OS Version: Windows 6.0.6002 Service Pack 2
14:06:20.446 Number of processors: 1 586 0x7F02
14:06:20.447 ComputerName: WILLIS-OFFICE UserName: Willis
14:06:22.218 Initialize success
14:18:46.393 AVAST engine defs: 12072500
14:19:15.349 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:19:15.357 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 3
14:19:15.369 Disk 0 MBR read successfully
14:19:15.378 Disk 0 MBR scan
14:19:15.395 Disk 0 Windows VISTA default MBR code
14:19:15.407 Disk 0 MBR hidden
14:19:15.417 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:19:15.462 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
14:19:15.488 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 290204 MB offset 30801920
14:19:15.497 Disk 0 scanning sectors +625140400
14:19:15.570 Disk 0 scanning C:\Windows\system32\drivers
14:19:26.573 Service scanning
14:19:53.960 Modules scanning
14:19:57.898 Disk 0 trace - called modules:
14:19:57.920 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8613d4b1]<<
14:19:57.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8566fac8]
14:19:57.944 3 CLASSPNP.SYS[82bab8b3] -> nt!IofCallDriver -> [0x84e1a6d8]
14:19:57.956 5 acpi.sys[806136bc] -> nt!IofCallDriver -> [0x8407ab98]
14:19:57.968 \Driver\atapi[0x86012638] -> IRP_MJ_CREATE -> 0x8613d4b1
14:20:00.557 AVAST engine scan C:\Windows
14:20:04.907 AVAST engine scan C:\Windows\system32
14:24:10.999 AVAST engine scan C:\Windows\system32\drivers
14:24:25.766 AVAST engine scan C:\Users\Willis
15:06:17.468 AVAST engine scan C:\ProgramData
15:08:14.448 Scan finished successfully
15:27:27.998 Disk 0 MBR has been saved successfully to "C:\Users\Willis\Desktop\MBR.dat"
15:27:28.007 The log file has been saved successfully to "C:\Users\Willis\Desktop\aswMBR.txt"
 
I want you to check if IE is OK.

Next....

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
IE DOES redirect. It is NOT okay. I performed a Google search in IE, clicked on a result, and when I saw the browser being redirected I immediately closed the window. A few moments later an AVG dialog box appeared stating:

Threat was blocked!
File name: www1.ub7vira5.kein.hk/I.html
Threat name: Exploit JavaScript Obfuscation (type 1937) (More info)

Per your instructions I will remove AVG with AppRemover before running ComboFix. Would you recommend I install Avast! after the scan, rather than AVG?
 
Avast! installed.

Computer seems very slow to open applications. Hard drive light flickers a lot and light on wireless device flickers a lot.

Note above that IE did redirect when I last checked. I have not checked since ComboFix ran and Avast! installed.

ComboFix 12-07-26.03 - Willis 07/25/2012 17:09:50.2.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1790.1105 [GMT -4:00]
Running from: c:\users\Willis\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 21:17 . 2012-07-25 21:18 -------- d-----w- c:\users\Willis\AppData\Local\temp
2012-07-25 21:17 . 2012-07-25 21:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-25 21:17 . 2012-07-25 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 12:58 . 2012-07-14 12:58 -------- d-----w- c:\users\Willis\AppData\Local\LogMeIn
2012-07-14 12:58 . 2012-07-14 12:58 -------- d-----w- c:\programdata\LogMeIn
2012-07-11 10:47 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:40 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 10:39 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 10:39 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 10:39 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 10:39 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 10:39 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-03 20:54 . 2012-07-03 20:54 -------- d-----w- c:\programdata\YTD Video Downloader
2012-07-02 10:37 . 2012-07-02 10:37 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-02 10:37 . 2012-07-02 10:37 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-27 12:45 . 2012-06-27 12:45 -------- d-----w- c:\users\Willis\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 00:51 . 2012-04-04 10:54 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 00:51 . 2011-05-15 10:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-06-14 15:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-21 09:50 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:50 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 09:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 09:50 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 09:49 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 09:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 09:49 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 14:03 . 2012-06-13 10:18 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-02 10:37 . 2011-05-15 11:16 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\DELL\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 00:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-12-15 15:40 1446248 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 19:34 1891416 ----a-w- c:\program files\Garmin\gStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-04-28 02:50 17145856 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-07-12 16:43 226904 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-04-24 16:05 250192 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-29 22:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2399249089-2145050994-3997310361-1000]
"EnableNotificationsRef"=dword:00000003
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: pg.com\inetwiki
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-25 17:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f0,19,ae,be,2e,ce,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,cf,b9,65,06,8d,db,44,ad,0b,37,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3d,cf,b9,65,06,8d,db,44,ad,0b,37,\
.
Completion time: 2012-07-25 17:21:14
ComboFix-quarantined-files.txt 2012-07-25 21:21
.
Pre-Run: 179,069,100,032 bytes free
Post-Run: 179,122,028,544 bytes free
.
- - End Of File - - D10BDB0D44380F24849D3865322D1B85
 
Avast! just detected and moved search[1].htm from C:\Windows\...\Temporary Internet Files\Content.EI5\2Q14GZKH to the Virus Chest, classifying it as HTML:RedirME-Inf [Trj]. As I was writing this it did the same thing again (7 minutes later).
 
I don't see much there.

Is IE still getting redirected?
If so, open IE go Tools>Internet options>Advanced tab and click on "Reset" button.
Restart IE and let me know how it goes.

Also check if Firefox has same issue.

Next....

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Much to report.

Neither IE nor FF now redirect from Google. Instead when I click a search hit Avast! pops up a notice saying:
Malicious URL Blocked
Object: http://.../?affiliate=.......(too much for me to catch)
Infection: URL:Mal
Process: C:\Program Files\Internet Explorer\iexplore.com (or Firefox.exe when running FF)

Then nothing loads. The page stays at the Google search results page.

Also Avast! periodically (unrelated to Google searches) pops up a notice saying:
Malicious URL Blocked
Object: http://.../click.php?id=psAEyy1sH60......(too much for me to catch, and is different every time)
Infection: URL: Mal
Process: C:\Windows\system32\svchost.exe

These are popping up as I type this.

I did run the OTL scan and results follow.

OTL logfile created on: 7/25/2012 7:02:57 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Willis\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 51.81% Memory free
3.74 Gb Paging File | 2.88 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 166.26 Gb Free Space | 58.67% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.43 Gb Free Space | 50.70% Space Free | Partition Type: NTFS
Drive S: | 232.88 Gb Total Space | 158.58 Gb Free Space | 68.10% Space Free | Partition Type: NTFS

Computer Name: WILLIS-OFFICE | User Name: Willis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/25 18:58:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\DELL\DellDock\DockLogin.exe
PRC - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe


========== Modules (No Company Name) ==========

MOD - [2009/01/13 04:07:44 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/02 06:37:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/20 09:08:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\DELL\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe -- (NvcRpcServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Willis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/01/06 19:40:20 | 000,187,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CxPlrCap.sys -- (CXPLRCAP)
DRV - [2009/04/28 11:24:58 | 001,009,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/01/13 04:12:14 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2009/01/13 04:07:38 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/01/13 04:07:38 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/20 22:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/12 10:03:08 | 000,468,480 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/04/09 14:27:50 | 000,031,784 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007/04/09 14:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007/04/09 14:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2006/09/07 00:34:58 | 000,347,776 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IcdUsb2.sys -- (ICDUSB2)
DRV - [2002/06/27 22:00:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {3A39113F-E2D7-499D-8DA6-FD53774238B3}
IE - HKLM\..\SearchScopes\{3A39113F-E2D7-499D-8DA6-FD53774238B3}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 58 4F 29 17 6D 0C 2D 45 96 68 6F 85 3C 4B D6 E1 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 58 4F 29 17 6D 0C 2D 45 96 68 6F 85 3C 4B D6 E1 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes,DefaultScope = {57306A27-789F-455F-B9F4-31F620CD55BE}
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes\{57306A27-789F-455F-B9F4-31F620CD55BE}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes\{61AFBF45-6974-4355-B63D-FDBAABB1DF81}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&I=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/25 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/02 06:37:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/16 03:19:29 | 000,000,000 | ---D | M]

[2010/09/09 19:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Extensions
[2010/09/09 19:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/07/20 18:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions
[2011/12/25 11:22:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/11 12:10:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/27 20:45:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/29 19:25:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/11 08:14:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(246)
[2012/07/20 11:18:53 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\LogMeInClient@logmein.com
[2012/04/26 09:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/02 06:37:11 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/27 18:15:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/04/20 22:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/20 22:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 22:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/20 22:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/20 22:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/20 22:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/08 18:23:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000..\Run: [googletalk] C:\Users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 215
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..Trusted Domains: pg.com ([inetwiki] http in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pg.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webaccess.pg.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09AD4C78-C83B-4A7F-9004-05653C9D1CED}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C79CF7E-F85D-4553-A167-C21EDEB3AB1F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79E083E-E9BB-492E-920F-1226159BBD5E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Willis\Pictures\Miscellaneous\earth adjusted.jpg
O24 - Desktop BackupWallPaper: C:\Users\Willis\Pictures\Miscellaneous\earth adjusted.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 18:58:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
[2012/07/25 17:42:24 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/25 17:42:24 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/25 17:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/25 17:42:22 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/25 17:42:21 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/25 17:42:19 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/25 17:42:19 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/25 17:40:10 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/25 17:40:08 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/25 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/25 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/25 17:21:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/25 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\temp
[2012/07/25 17:20:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/25 17:05:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/25 17:05:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/25 17:05:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/25 17:05:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 13:41:20 | 000,000,000 | ---D | C] -- C:\Users\Willis\Desktop\TechSpot CleanUp 2012 07
[2012/07/18 05:56:40 | 000,000,000 | ---D | C] -- C:\Users\Willis\Desktop\ReSource
[2012/07/14 08:58:27 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\LogMeIn
[2012/07/14 08:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/07/03 16:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012/06/27 08:45:18 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\ElevatedDiagnostics
[2009/08/19 13:33:56 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Willis\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/07/25 18:58:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
[2012/07/25 18:43:57 | 000,673,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/25 18:43:57 | 000,128,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/25 18:36:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 18:36:13 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/25 18:35:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/25 18:34:43 | 1878,122,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 17:42:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/25 12:44:37 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 17:21:22 | 000,000,716 | ---- | M] () -- C:\Users\Willis\Desktop\Dates 11.lnk
[2012/07/18 20:51:45 | 024,915,382 | ---- | M] () -- C:\Users\Willis\Desktop\Roehm_Katalog_2010_hi.pdf
[2012/07/17 07:20:44 | 000,000,786 | ---- | M] () -- C:\Users\Willis\Desktop\Labels.lnk
[2012/07/14 19:49:13 | 000,788,480 | ---- | M] () -- C:\Users\Willis\Documents\Sturdivant201207.aq
[2012/07/14 19:49:13 | 000,003,476 | -H-- | M] () -- C:\Users\Willis\Documents\Sturdivant201207.aqalpha
[2012/07/14 19:33:44 | 000,020,107 | ---- | M] () -- C:\Users\Willis\Desktop\ADAMSCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 19:33:42 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/07/14 19:32:46 | 000,154,620 | ---- | M] () -- C:\Users\Willis\Desktop\HAMILTONCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 19:29:02 | 000,034,521 | ---- | M] () -- C:\Users\Willis\Desktop\CLERMONTCountyGoldenBuckeyeMerchants-1.pdf
[2012/07/14 19:27:01 | 000,034,349 | ---- | M] () -- C:\Users\Willis\Desktop\WARRENCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 08:55:19 | 000,027,520 | ---- | M] () -- C:\Users\Willis\AppData\Local\dt.dat
[2012/07/12 19:09:45 | 026,581,783 | ---- | M] () -- C:\Users\Willis\Desktop\CDNN2012-3.pdf
[2012/07/12 12:44:06 | 003,013,796 | ---- | M] () -- C:\Users\Willis\Desktop\REPORT_FINAL_071212.pdf
[2012/07/11 15:28:12 | 000,000,000 | -H-- | M] () -- C:\Users\Willis\Documents\Default.rdp
[2012/07/11 07:22:43 | 000,349,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/09 19:27:04 | 000,000,806 | ---- | M] () -- C:\Users\Willis\Desktop\70 Poster B.lnk
[2012/07/09 19:26:45 | 000,000,924 | ---- | M] () -- C:\Users\Willis\Desktop\81 Poster B.lnk
[2012/07/08 07:43:23 | 000,788,480 | ---- | M] () -- C:\Users\Willis\Documents\WillDad11.aq
[2012/07/08 07:43:23 | 000,003,476 | -H-- | M] () -- C:\Users\Willis\Documents\WillDad11.aqalpha
[2012/07/08 07:31:55 | 000,033,636 | ---- | M] () -- C:\Users\Willis\Desktop\PJS July.pdf
[2012/07/04 07:10:00 | 000,252,041 | ---- | M] () -- C:\Users\Willis\Desktop\pg833.epub
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/25 19:48:53 | 042,705,238 | ---- | M] () -- C:\Users\Willis\Desktop\FFSetup295.zip

========== Files Created - No Company Name ==========

[2012/07/25 17:05:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/25 17:05:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/25 17:05:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/25 17:05:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/25 17:05:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/25 12:44:37 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 20:09:01 | 1878,122,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/18 20:51:45 | 024,915,382 | ---- | C] () -- C:\Users\Willis\Desktop\Roehm_Katalog_2010_hi.pdf
[2012/07/17 07:20:44 | 000,000,786 | ---- | C] () -- C:\Users\Willis\Desktop\Labels.lnk
[2012/07/14 19:33:42 | 000,020,107 | ---- | C] () -- C:\Users\Willis\Desktop\ADAMSCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 19:32:42 | 000,154,620 | ---- | C] () -- C:\Users\Willis\Desktop\HAMILTONCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 19:29:00 | 000,034,521 | ---- | C] () -- C:\Users\Willis\Desktop\CLERMONTCountyGoldenBuckeyeMerchants-1.pdf
[2012/07/14 19:25:36 | 000,034,349 | ---- | C] () -- C:\Users\Willis\Desktop\WARRENCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 08:55:19 | 000,027,520 | ---- | C] () -- C:\Users\Willis\AppData\Local\dt.dat
[2012/07/12 19:08:31 | 026,581,783 | ---- | C] () -- C:\Users\Willis\Desktop\CDNN2012-3.pdf
[2012/07/12 12:44:06 | 003,013,796 | ---- | C] () -- C:\Users\Willis\Desktop\REPORT_FINAL_071212.pdf
[2012/07/11 15:28:12 | 000,000,000 | -H-- | C] () -- C:\Users\Willis\Documents\Default.rdp
[2012/07/08 07:43:48 | 000,003,476 | -H-- | C] () -- C:\Users\Willis\Documents\Sturdivant201207.aqalpha
[2012/07/08 07:42:07 | 000,788,480 | ---- | C] () -- C:\Users\Willis\Documents\Sturdivant201207.aq
[2012/07/08 07:31:56 | 000,033,636 | ---- | C] () -- C:\Users\Willis\Desktop\PJS July.pdf
[2012/07/07 06:59:31 | 000,000,924 | ---- | C] () -- C:\Users\Willis\Desktop\81 Poster B.lnk
[2012/07/07 06:59:01 | 000,000,806 | ---- | C] () -- C:\Users\Willis\Desktop\70 Poster B.lnk
[2012/07/04 07:10:00 | 000,252,041 | ---- | C] () -- C:\Users\Willis\Desktop\pg833.epub
[2012/06/25 19:46:49 | 042,705,238 | ---- | C] () -- C:\Users\Willis\Desktop\FFSetup295.zip
[2012/04/11 16:59:30 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2012/01/14 11:31:59 | 000,380,928 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
[2012/01/14 11:31:59 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012/01/14 11:31:59 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ThumbExtract.dll
[2011/10/11 21:54:25 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDMain.INI
[2011/10/11 21:53:26 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDPMSV.INI
[2011/07/21 19:20:05 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI
[2011/03/20 13:05:22 | 000,000,658 | ---- | C] () -- C:\Windows\ULead32.ini
[2011/03/01 11:14:14 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/02/27 18:35:45 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2011/02/21 10:03:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/25 19:15:31 | 000,000,680 | ---- | C] () -- C:\Users\Willis\AppData\Local\d3d9caps.dat
[2010/03/25 16:58:44 | 000,003,678 | ---- | C] () -- C:\Users\Willis\.ganttproject
[2009/08/25 07:08:43 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2009/08/19 22:10:15 | 000,038,912 | ---- | C] () -- C:\Users\Willis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 20:23:32 | 000,003,482 | ---- | C] () -- C:\Users\Willis\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/07/03 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Applian FLV and Media Player
[2011/02/01 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\AVG
[2009/12/29 19:35:06 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/11 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Downloaded Installations
[2011/10/11 21:53:13 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\FedEx
[2009/10/13 19:27:38 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Flickr
[2011/12/25 11:35:52 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\GARMIN
[2010/07/18 08:42:36 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Individual Software
[2011/11/19 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Juniper Networks
[2011/08/02 16:08:28 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Opera
[2009/08/24 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\pdf995
[2010/02/27 13:25:34 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\QuickVerse11
[2010/01/25 09:23:09 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Stamps.com Internet Postage
[2009/08/19 20:23:36 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Template
[2012/04/05 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\webex
[2012/07/25 18:33:00 | 000,032,658 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 7/25/2012 7:02:58 PM - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Willis\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 51.81% Memory free
3.74 Gb Paging File | 2.88 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 166.26 Gb Free Space | 58.67% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.43 Gb Free Space | 50.70% Space Free | Partition Type: NTFS
Drive S: | 232.88 Gb Total Space | 158.58 Gb Free Space | 68.10% Space Free | Partition Type: NTFS

Computer Name: WILLIS-OFFICE | User Name: Willis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2399249089-2145050994-3997310361-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003E212F-CE0C-4B63-8296-2F377D30A669}" = lport=138 | protocol=17 | dir=in | app=system |
"{1CA8FD3A-CBAC-49D2-8A7F-DFFC89FB688A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{27BDB219-7948-4B81-AD2A-30C7A784B793}" = rport=139 | protocol=6 | dir=out | app=system |
"{2F8BAE2D-F135-4BEC-9170-3F11465C9294}" = lport=139 | protocol=6 | dir=in | app=system |
"{385AB37B-5D31-4372-B73B-06D01AF069D5}" = rport=138 | protocol=17 | dir=out | app=system |
"{569571F7-A51F-4AA1-AAA8-43928D6ED11D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9FA5F13F-9A1E-484C-B6B8-69CC0540AD96}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AD0631BA-D5A5-4345-B6D5-43C609818B49}" = lport=445 | protocol=6 | dir=in | app=system |
"{C86AED14-FB88-4438-833D-AA3D52B8086B}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9546DE7-2DF5-4B53-91DB-6012E4F65395}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E2221661-9D8A-4D09-8660-BD2DDA475F8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{E89CD160-5537-491B-AA3A-2CD0CD5692EE}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C9535E6-F06E-48BF-9BB3-85FD76D029A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1CFFEFD6-68C1-4A1A-91B7-A676207F15CB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{3396AFAE-C43C-4ADB-9979-3F4354104B61}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{34BCE55E-C8CC-452A-ADC4-B3C52ABA0362}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{36A736A7-BACE-4043-BC64-204C95E634E6}" = protocol=6 | dir=in | app=c:\program files\dyyno\dyyno broadcaster\dgcsrv.exe |
"{3ECCBCF8-B405-4E28-A39B-79DBAB27F397}" = protocol=17 | dir=in | app=c:\program files\dyyno\dyyno broadcaster\dppm_source.exe |
"{50784F31-77E7-4FE5-8D7A-638A2B12D29C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{5147DA57-07BA-4F94-BF1E-11BA91A675A9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{56B06848-A27C-4F3F-9885-1505A9EB32EE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5A86BDAF-B594-4253-A083-2C1FD714D23F}" = protocol=6 | dir=in | app=c:\program files\dyyno\dyyno broadcaster\dppm_source.exe |
"{65B7A471-08BE-475E-AD71-A8A97AA4EB8F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{78FBD919-DB96-4294-BCD9-09C341029BBF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8B02404A-0B69-4D51-96C6-99E8543C5A2A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8C25C182-05A7-4CD7-9E63-A1DD910F72AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{8E455009-EAF2-4ED7-9B4B-622E36F8A152}" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{8F047AA5-AB70-4020-93E6-F8EBF211E62E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{92A82F46-5F3B-4F4B-A328-C4E64DB3795A}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{94F71E2F-520F-442E-B434-70921AB15E9D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{A6F8FFBF-A692-4374-A843-256517018684}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B75E086E-971F-4437-843D-0EC8246474A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"{C945C26F-3888-4F39-81E0-4BF271026728}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CA1589A9-8490-46FF-996C-B74A09F9D7C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D0803BCB-D99D-4D73-8D47-EDE0D0304651}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D5039EB5-710C-4A86-853A-BEE677531B4D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EA2D3C33-5CE5-4798-8314-0B7338EC61A6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F4D94EC5-91FA-4CC2-AA79-3F50D74EDB39}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{F7467EF4-1433-4F41-B691-C701BD163749}" = protocol=17 | dir=in | app=c:\program files\dyyno\dyyno broadcaster\dgcsrv.exe |
"TCP Query User{55D44726-E9AB-4268-9A78-C166AA52C39F}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |
"TCP Query User{66831305-B56D-4F4C-83D7-505B0AC2792C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{C7D17A94-498E-485D-833A-B5297F60BE1F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{076834CB-A61D-4C0A-AD4A-95ED5328DD98}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5F3837A2-43AD-4EFD-9259-DD7D64E03906}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{C6EE7F65-B35E-4678-998E-E9995AE41E20}C:\program files\microsoft office\live meeting 8\console\pwconsole.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\live meeting 8\console\pwconsole.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{028BB5A9-6385-4CF6-A6FF-D512D5015DBA}" = Garmin Lifetime Updater
"{038BB590-D547-6625-1ACB-5D072B484891}" = Catalyst Control Center Localization Polish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0712E395-DF4E-2C03-312B-82B18192F37E}" = CCC Help Turkish
"{08D5F667-E1D7-4792-9FFD-5888C8D4A0DF}" = Garmin Training Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{08F6391A-5C26-C9A6-9E90-06AFA62BAD82}" = CCC Help Japanese
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0FAC8FE4-B03C-5E69-3E26-A688C5BD753C}" = CCC Help Swedish
"{13C8D5EF-ECAB-4BF9-AB35-9774AEC00EEE}" = DeLorme Street Atlas USA 2005 Data
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17AE413C-3DDB-3DB8-A9E1-8C9A6B4C3F81}" = CCC Help Thai
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19549B98-113C-B5A1-6185-91AEA7F8FB86}" = CCC Help Hungarian
"{195D6D67-3520-B663-C056-D2F877E24F0C}" = CCC Help Chinese Traditional
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A3F6AD7-7A95-439B-BF54-F418C7CC6380}" = WebEx Recorder and Player
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1C2C78DB-846D-0879-4C07-BB02D1819D0E}" = Catalyst Control Center Localization Japanese
"{1D174E6E-E58B-63EF-AAE4-4A0F9C6CAD09}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{219E9FF4-EFB5-1508-4B1D-4D25860E6AF7}" = ccc-utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216029F0}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26E76762-7F20-4694-AD06-CC3A9B547A71}" = Microsoft Office Live Meeting 2007
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28D309DC-4EDD-49B4-A7CB-6B5C0E075B34}" = TerraGo Toolbar
"{2AD6DCAA-3A43-335B-566E-BBBF5EDE66AF}" = CCC Help Portuguese
"{2B8B7931-698C-4A7B-DE65-1C266275ABA8}" = CCC Help Greek
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{31FB48E7-73CA-2A77-8EF0-6DC4643F5A52}" = Catalyst Control Center Localization Hungarian
"{34D7C68C-AB0C-A606-6C98-DD517165DE48}" = Catalyst Control Center Graphics Previews Common
"{3792C245-6923-6519-BC25-AA312D421040}" = Catalyst Control Center Graphics Full Existing
"{3809C143-D176-2E2F-7457-C134C5096D4C}" = Catalyst Control Center Localization Finnish
"{3A2B6345-5F37-3C2B-EB33-95E4CCE32B6E}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D13663C-7754-D091-CCCC-4BF3DBDC45F0}" = Catalyst Control Center Graphics Light
"{3DBE4620-5B8F-1D5B-D7E0-F4E3660EB75E}" = CCC Help Russian
"{3E378D59-E702-5F50-33A8-4CC9CA7B7E2D}" = Catalyst Control Center Localization Norwegian
"{4042129F-CA94-4BC7-92ED-0F14DD4AA742}" = Street Atlas USA 2005
"{40A6D5BF-5790-F73A-C813-5B532C68F2FC}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4DECF5E2-AE93-4ED3-4699-1F3CCEFBE23E}" = CCC Help Norwegian
"{53D33A47-E48E-A3F4-B9F7-B775C5FEB410}" = Skins
"{5944C8E6-6CED-5DAF-3A06-ACB61F946768}" = ccc-core-static
"{5F6EE90E-10C7-4D54-EEF8-A1558CD6BC74}" = Catalyst Control Center Localization German
"{62A73901-88EA-486A-90AE-38A4D80A56F8}" = Catalyst Control Center Localization Chinese Standard
"{63A53213-113E-103F-69B6-A3A156FB073D}" = Catalyst Control Center Localization Russian
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6624B6A8-362E-480D-B91A-9657EF4E44B3}" = Brother MFC-7840W
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6CA0E546-575E-162C-66CF-F97AC0706D86}" = Catalyst Control Center Localization Swedish
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{70F45E2F-4C72-346B-18DB-A4E43C0B7A21}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B16F02-FAA6-FB12-E12A-0127D9252217}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8543A572-5993-4101-BACC-C83884E183A4}" = EzGrabber
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88B3FCFC-5B4D-12EA-43B5-706A97CFFE57}" = Catalyst Control Center Localization Dutch
"{8992BBAC-5011-1F62-C74E-1D09D0C3AEDC}" = Catalyst Control Center Localization Greek
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F50EE-3C86-ECAC-1EFA-500E5A75F40B}" = CCC Help Italian
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BB961DD-2117-89F7-886E-4548EF974C4C}" = Catalyst Control Center Graphics Previews Vista
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D41D2EF-2D33-4CFD-8A3E-C7E6FCC3303B}" = ArcSoft ShowBiz
"{A130D182-69C4-1A79-22A2-43B5896EC384}" = CCC Help Polish
"{A631582D-B1E2-9FE6-C6A3-4F58F3CC5D19}" = Catalyst Control Center Localization Italian
"{A6D3E894-E6B7-B8BA-B0E8-3F116605D63F}" = Catalyst Control Center Localization Portuguese
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A8BF7AAD-DF08-E467-817A-A46F6C0858E6}" = Catalyst Control Center Localization Danish
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AD631885-B98C-4A61-8C77-1955478F8DBB}" = Street Atlas USA 2005
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BB5DA6E6-3C28-4D9D-817C-B181D08F3AF1}" = Driver Install 32-Bit
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF649EC0-8CF5-C377-D695-6E9BDECCD6EC}" = Catalyst Control Center Localization Czech
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{C27C6B48-4D01-4190-9008-FCD3F7F05DAF}" = Street Atlas USA 2005
"{C3E5EEAD-2FDA-5171-778A-470BDD0D0171}" = Catalyst Control Center Localization Spanish
"{C5A2C616-FA81-931E-E7C4-FA77B5875DCE}" = CCC Help Finnish
"{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
"{C77509EA-0817-9A13-C519-595364992633}" = Catalyst Control Center Localization Chinese Traditional
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEA13A7-2E78-14E4-8E41-C5976867A266}" = CCC Help Chinese Standard
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D5BBD350-F44E-47C1-9245-228AD8A9171D}" = DeLorme Street Atlas USA 2005
"{D75B3287-0A3D-60CF-35FF-6F860CB3060C}" = CCC Help Dutch
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DE0F129D-6B44-FD71-7115-B105B74E636F}" = Catalyst Control Center Localization Thai
"{DFC0DC5F-5867-7367-4D75-5E954094D565}" = CCC Help Spanish
"{E30DAA93-3DB3-6C5D-6BCC-66047D3F94A3}" = Catalyst Control Center Localization Korean
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E8D19DDB-91C4-EE01-707F-6064AC50DDAF}" = Catalyst Control Center Core Implementation
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC105D13-1924-CC00-1EE3-7044EB94E382}" = CCC Help French
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0703D51-3745-D787-4D6D-FDB187B5EFE4}" = Catalyst Control Center Localization French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1C99E71-6C74-422B-901F-42987D405989}" = Street Atlas USA 2005
"{F262FF0A-F2E9-2C3B-D764-50CE950F0299}" = Catalyst Control Center InstallProxy
"{F5D72489-A79B-44F5-9317-53912F266DAA}" = Street Atlas USA 2005
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF2C4E39-BDC3-00D7-65D8-67E910F01B40}" = Catalyst Control Center Localization Turkish
"{FF85E1F1-F255-E3D5-8AA7-B5875F4D7F01}" = Catalyst Control Center Graphics Full New
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Arizona Topo" = Arizona Topo Map
"avast" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"ESET Online Scanner" = ESET Online Scanner v3
"Family Tree Heritage" = Family Tree Heritage
"FLV Player" = FLV Player 2.0 (build 25)
"GoToAssist" = GoToAssist 8.0.0.514
"Hawaii Topo" = Hawaii Topo Map
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{BB5DA6E6-3C28-4D9D-817C-B181D08F3AF1}" = Driver Install 32-Bit
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pdf995" = Pdf995
"PDF-XChange 3_is1" = PDF-XChange 3
"QuickVerse 2007 Bible Suite" = QuickVerse 2007 Bible Suite
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Solus Basic for Palm Computing" = Solus Basic for Palm Computing
"synedraViewPersonal" = synedra View Personal 3.1.0.6
"VuePrint" = VuePrint
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"GoToMeeting" = GoToMeeting 4.5.0.457
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/8/2012 6:12:24 PM | Computer Name = Willis-Office | Source = Windows Search Service | ID = 3013
Description =

Error - 1/8/2012 6:12:24 PM | Computer Name = Willis-Office | Source = Windows Search Service | ID = 3013
Description =

Error - 1/8/2012 6:24:41 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
Description =

Error - 1/8/2012 7:16:47 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2012 5:46:21 AM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2012 12:20:58 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2012 12:27:41 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2012 12:39:36 PM | Computer Name = Willis-Office | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2012 1:06:47 PM | Computer Name = Willis-Office | Source = Windows Search Service | ID = 3013
Description =

Error - 1/9/2012 1:06:47 PM | Computer Name = Willis-Office | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 7/25/2012 4:54:33 PM | Computer Name = Willis-Office | Source = DCOM | ID = 10016
Description =

Error - 7/25/2012 5:09:37 PM | Computer Name = Willis-Office | Source = Service Control Manager | ID = 7030
Description =

Error - 7/25/2012 5:14:21 PM | Computer Name = Willis-Office | Source = Service Control Manager | ID = 7030
Description =

Error - 7/25/2012 5:17:47 PM | Computer Name = Willis-Office | Source = Service Control Manager | ID = 7030
Description =

Error - 7/25/2012 5:26:50 PM | Computer Name = Willis-Office | Source = Print | ID = 19
Description = The print spooler failed to share printer HP psc 2350 series with
shared resource name HP psc 2350 series. Error 2114. The printer cannot be used
by others on the network.

Error - 7/25/2012 5:27:50 PM | Computer Name = Willis-Office | Source = DCOM | ID = 10016
Description =

Error - 7/25/2012 6:30:42 PM | Computer Name = Willis-Office | Source = Print | ID = 19
Description = The print spooler failed to share printer HP psc 2350 series with
shared resource name HP psc 2350 series. Error 2114. The printer cannot be used
by others on the network.

Error - 7/25/2012 6:31:45 PM | Computer Name = Willis-Office | Source = DCOM | ID = 10016
Description =

Error - 7/25/2012 6:35:57 PM | Computer Name = Willis-Office | Source = Print | ID = 19
Description = The print spooler failed to share printer HP psc 2350 series with
shared resource name HP psc 2350 series. Error 2114. The printer cannot be used
by others on the network.

Error - 7/25/2012 6:36:57 PM | Computer Name = Willis-Office | Source = DCOM | ID = 10016
Description =


< End of report >
 
Well, it WAS in both browsers.

I had shut down the offensive PC and just restarted it to confirm my answer to your question, and now both browsers go to a Google search result link without redirecting. VERY slowly though.

I am still getting Malicious URL popups, just not from the Google Search Results page.
 
Also I just noted that my CPU usage is presently at 100%, and according to Windows' Resource Monitor it is due to svchost.exe (netsvcs)..
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
I did as directed. Avast! showed a popup that said it blocked TDSSKiller.exe.

First half of log follows.

21:28:55.0083 2812 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:28:55.0546 2812 ============================================================
21:28:55.0547 2812 Current date / time: 2012/07/25 21:28:55.0546
21:28:55.0547 2812 SystemInfo:
21:28:55.0547 2812
21:28:55.0547 2812 OS Version: 6.0.6002 ServicePack: 2.0
21:28:55.0547 2812 Product type: Workstation
21:28:55.0547 2812 ComputerName: WILLIS-OFFICE
21:28:55.0549 2812 UserName: Willis
21:28:55.0549 2812 Windows directory: C:\Windows
21:28:55.0549 2812 System windows directory: C:\Windows
21:28:55.0549 2812 Processor architecture: Intel x86
21:28:55.0549 2812 Number of processors: 1
21:28:55.0549 2812 Page size: 0x1000
21:28:55.0549 2812 Boot type: Normal boot
21:28:55.0549 2812 ============================================================
21:28:56.0761 2812 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:28:56.0788 2812 ============================================================
21:28:56.0788 2812 \Device\Harddisk0\DR0:
21:28:56.0789 2812 MBR partitions:
21:28:56.0789 2812 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
21:28:56.0789 2812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
21:28:56.0789 2812 ============================================================
21:28:56.0821 2812 C: <-> \Device\Harddisk0\DR0\Partition1
21:28:56.0849 2812 D: <-> \Device\Harddisk0\DR0\Partition0
21:28:56.0849 2812 ============================================================
21:28:56.0849 2812 Initialize success
21:28:56.0849 2812 ============================================================
21:29:07.0164 3308 ============================================================
21:29:07.0164 3308 Scan started
21:29:07.0164 3308 Mode: Manual;
21:29:07.0164 3308 ============================================================
21:29:08.0504 3308 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:29:08.0514 3308 ACDaemon - ok
21:29:08.0684 3308 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
21:29:08.0694 3308 ACPI - ok
21:29:08.0783 3308 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
21:29:08.0801 3308 adp94xx - ok
21:29:08.0902 3308 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
21:29:08.0915 3308 adpahci - ok
21:29:08.0942 3308 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
21:29:08.0947 3308 adpu160m - ok
21:29:08.0970 3308 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
21:29:08.0981 3308 adpu320 - ok
21:29:09.0042 3308 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:29:09.0043 3308 AeLookupSvc - ok
21:29:09.0122 3308 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
21:29:09.0130 3308 AFD - ok
21:29:09.0185 3308 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
21:29:09.0187 3308 agp440 - ok
21:29:09.0239 3308 ahcix86s (356d519b2868e30100fe846d232e1757) C:\Windows\system32\drivers\ahcix86s.sys
21:29:09.0249 3308 ahcix86s - ok
21:29:09.0337 3308 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:29:09.0339 3308 aic78xx - ok
21:29:09.0373 3308 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:29:09.0375 3308 ALG - ok
21:29:09.0422 3308 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
21:29:09.0423 3308 aliide - ok
21:29:09.0456 3308 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
21:29:09.0458 3308 amdagp - ok
21:29:09.0480 3308 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
21:29:09.0482 3308 amdide - ok
21:29:09.0510 3308 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
21:29:09.0511 3308 AmdK7 - ok
21:29:09.0527 3308 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
21:29:09.0528 3308 AmdK8 - ok
21:29:09.0615 3308 AppHostSvc (dfae18c675d71fd06d57dc69d2913975) C:\Windows\system32\inetsrv\apphostsvc.dll
21:29:09.0617 3308 AppHostSvc - ok
21:29:09.0665 3308 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:29:09.0667 3308 Appinfo - ok
21:29:09.0832 3308 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:29:09.0834 3308 Apple Mobile Device - ok
21:29:09.0912 3308 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
21:29:09.0914 3308 arc - ok
21:29:09.0947 3308 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
21:29:09.0950 3308 arcsas - ok
21:29:10.0059 3308 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:29:10.0060 3308 aspnet_state - ok
21:29:10.0125 3308 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
21:29:10.0127 3308 aswFsBlk - ok
21:29:10.0225 3308 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
21:29:10.0227 3308 aswMonFlt - ok
21:29:10.0285 3308 AswRdr (982e275d1c5801042fe94209fb0160fb) C:\Windows\system32\drivers\AswRdr.sys
21:29:10.0286 3308 AswRdr - ok
21:29:10.0372 3308 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
21:29:10.0385 3308 aswSnx - ok
21:29:10.0431 3308 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
21:29:10.0444 3308 aswSP - ok
21:29:10.0490 3308 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
21:29:10.0491 3308 aswTdi - ok
21:29:10.0512 3308 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:10.0513 3308 AsyncMac - ok
21:29:10.0539 3308 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
21:29:10.0540 3308 atapi - ok
21:29:10.0630 3308 Ati External Event Utility (740b9b4140caccd0513d999eab488e48) C:\Windows\system32\Ati2evxx.exe
21:29:10.0646 3308 Ati External Event Utility - ok
21:29:10.0917 3308 atikmdag (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
21:29:10.0987 3308 atikmdag - ok
21:29:11.0142 3308 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:29:11.0156 3308 AudioEndpointBuilder - ok
21:29:11.0169 3308 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
21:29:11.0173 3308 Audiosrv - ok
21:29:11.0273 3308 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:29:11.0274 3308 avast! Antivirus - ok
21:29:11.0390 3308 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:29:11.0391 3308 Beep - ok
21:29:11.0474 3308 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
21:29:11.0488 3308 BFE - ok
21:29:11.0587 3308 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
21:29:11.0609 3308 BITS - ok
21:29:11.0638 3308 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
21:29:11.0639 3308 blbdrive - ok
21:29:11.0748 3308 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:29:11.0764 3308 Bonjour Service - ok
21:29:11.0826 3308 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
21:29:11.0830 3308 bowser - ok
21:29:11.0897 3308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:29:11.0898 3308 BrFiltLo - ok
21:29:11.0933 3308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:29:11.0934 3308 BrFiltUp - ok
21:29:11.0978 3308 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:29:11.0980 3308 Browser - ok
21:29:12.0016 3308 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:29:12.0018 3308 Brserid - ok
21:29:12.0047 3308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:29:12.0049 3308 BrSerWdm - ok
21:29:12.0078 3308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:29:12.0080 3308 BrUsbMdm - ok
21:29:12.0102 3308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:29:12.0103 3308 BrUsbSer - ok
21:29:12.0128 3308 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:29:12.0129 3308 BTHMODEM - ok
21:29:12.0255 3308 catchme - ok
21:29:12.0319 3308 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:29:12.0321 3308 cdfs - ok
21:29:12.0379 3308 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
21:29:12.0381 3308 cdrom - ok
21:29:12.0452 3308 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:29:12.0453 3308 CertPropSvc - ok
21:29:12.0479 3308 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
21:29:12.0481 3308 circlass - ok
21:29:12.0519 3308 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
21:29:12.0531 3308 CLFS - ok
21:29:12.0597 3308 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:12.0599 3308 clr_optimization_v2.0.50727_32 - ok
21:29:12.0661 3308 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:12.0674 3308 clr_optimization_v4.0.30319_32 - ok
21:29:12.0703 3308 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
21:29:12.0704 3308 cmdide - ok
21:29:12.0729 3308 Compbatt (4fc0a44da7603229e1a9454126a59efd) C:\Windows\system32\drivers\compbatt.sys
21:29:12.0730 3308 Compbatt - ok
21:29:12.0743 3308 COMSysApp - ok
21:29:12.0766 3308 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
21:29:12.0768 3308 crcdisk - ok
21:29:12.0801 3308 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
21:29:12.0805 3308 Crusoe - ok
21:29:12.0849 3308 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
21:29:12.0859 3308 CryptSvc - ok
21:29:12.0941 3308 CXPLRCAP (bb9f5d143b49afb4632467f7e8b3d799) C:\Windows\system32\drivers\CxPlrCap.sys
21:29:12.0944 3308 CXPLRCAP - ok
21:29:13.0017 3308 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
21:29:13.0032 3308 DcomLaunch - ok
21:29:13.0085 3308 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
21:29:13.0090 3308 DfsC - ok
21:29:13.0268 3308 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
21:29:13.0335 3308 DFSR - ok
21:29:13.0544 3308 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
21:29:13.0554 3308 Dhcp - ok
21:29:13.0598 3308 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
21:29:13.0600 3308 disk - ok
21:29:13.0676 3308 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
21:29:13.0681 3308 Dnscache - ok
21:29:13.0803 3308 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
21:29:13.0807 3308 DockLoginService - ok
21:29:13.0899 3308 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
21:29:13.0907 3308 dot3svc - ok
21:29:13.0963 3308 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:29:13.0970 3308 DPS - ok
21:29:14.0006 3308 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:29:14.0007 3308 drmkaud - ok
21:29:14.0066 3308 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
21:29:14.0074 3308 DXGKrnl - ok
21:29:14.0135 3308 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
21:29:14.0145 3308 e1express - ok
21:29:14.0183 3308 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:29:14.0187 3308 E1G60 - ok
21:29:14.0256 3308 Eacfilt (47d1b4dc8da75742f023ae21e0d057a2) C:\Windows\system32\DRIVERS\eacfilt.sys
21:29:14.0257 3308 Eacfilt - ok
21:29:14.0309 3308 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:29:14.0311 3308 EapHost - ok
21:29:14.0332 3308 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
21:29:14.0341 3308 Ecache - ok
21:29:14.0426 3308 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
21:29:14.0432 3308 elxstor - ok
21:29:14.0502 3308 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
21:29:14.0517 3308 EMDMgmt - ok
21:29:14.0541 3308 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
21:29:14.0542 3308 ErrDev - ok
21:29:14.0612 3308 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
21:29:14.0618 3308 EventSystem - ok
21:29:14.0690 3308 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
21:29:14.0702 3308 exfat - ok
21:29:14.0735 3308 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
21:29:14.0738 3308 fastfat - ok
21:29:14.0763 3308 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
21:29:14.0764 3308 fdc - ok
21:29:14.0788 3308 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:29:14.0790 3308 fdPHost - ok
21:29:14.0833 3308 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:29:14.0836 3308 FDResPub - ok
21:29:14.0858 3308 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:29:14.0860 3308 FileInfo - ok
21:29:14.0888 3308 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:29:14.0889 3308 Filetrace - ok
21:29:14.0906 3308 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:14.0908 3308 flpydisk - ok
21:29:14.0943 3308 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
21:29:14.0947 3308 FltMgr - ok
21:29:15.0051 3308 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
21:29:15.0071 3308 FontCache - ok
21:29:15.0119 3308 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:29:15.0120 3308 FontCache3.0.0.0 - ok
21:29:15.0155 3308 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
21:29:15.0156 3308 Fs_Rec - ok
21:29:15.0181 3308 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
21:29:15.0183 3308 gagp30kx - ok
21:29:15.0223 3308 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:29:15.0224 3308 GEARAspiWDM - ok
21:29:15.0305 3308 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
21:29:15.0307 3308 GoToAssist - ok
21:29:15.0365 3308 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
21:29:15.0422 3308 gpsvc - ok
21:29:15.0493 3308 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
21:29:15.0502 3308 HdAudAddService - ok
21:29:15.0563 3308 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:29:15.0572 3308 HDAudBus - ok
21:29:15.0606 3308 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:29:15.0607 3308 HidBth - ok
21:29:15.0654 3308 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
21:29:15.0656 3308 HidIr - ok
21:29:15.0702 3308 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
21:29:15.0705 3308 hidserv - ok
21:29:15.0730 3308 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
21:29:15.0731 3308 HidUsb - ok
21:29:15.0769 3308 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:29:15.0783 3308 hkmsvc - ok
21:29:15.0811 3308 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
21:29:15.0813 3308 HpCISSs - ok
21:29:15.0868 3308 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
21:29:15.0881 3308 HTTP - ok
21:29:15.0911 3308 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
21:29:15.0913 3308 i2omp - ok
21:29:15.0985 3308 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:29:15.0987 3308 i8042prt - ok
21:29:16.0039 3308 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
21:29:16.0047 3308 iaStorV - ok
21:29:16.0119 3308 ICDUSB2 (60b044a221cf76cc6077b0c3e9136cff) C:\Windows\system32\Drivers\ICDUSB2.sys
21:29:16.0121 3308 ICDUSB2 - ok
21:29:16.0238 3308 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:29:16.0257 3308 idsvc - ok
21:29:16.0299 3308 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:29:16.0301 3308 iirsp - ok
21:29:16.0355 3308 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
21:29:16.0367 3308 IKEEXT - ok
21:29:16.0414 3308 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
21:29:16.0415 3308 intelide - ok
21:29:16.0443 3308 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
21:29:16.0445 3308 intelppm - ok
21:29:16.0514 3308 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:29:16.0527 3308 IPBusEnum - ok
21:29:16.0580 3308 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:16.0581 3308 IpFilterDriver - ok
21:29:16.0619 3308 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
21:29:16.0629 3308 iphlpsvc - ok
21:29:16.0639 3308 IpInIp - ok
21:29:16.0666 3308 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
21:29:16.0668 3308 IPMIDRV - ok
21:29:16.0702 3308 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:29:16.0705 3308 IPNAT - ok
21:29:16.0826 3308 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:29:16.0845 3308 iPod Service - ok
21:29:16.0915 3308 IPSECEXT (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
21:29:16.0920 3308 IPSECEXT - ok
21:29:16.0932 3308 IPSECSHM (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
21:29:16.0934 3308 IPSECSHM - ok
21:29:16.0959 3308 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:29:16.0961 3308 IRENUM - ok
21:29:16.0988 3308 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
21:29:16.0990 3308 isapnp - ok
21:29:17.0032 3308 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
21:29:17.0035 3308 iScsiPrt - ok
21:29:17.0061 3308 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:29:17.0063 3308 iteatapi - ok
21:29:17.0090 3308 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:29:17.0093 3308 iteraid - ok
21:29:17.0114 3308 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:17.0115 3308 kbdclass - ok
21:29:17.0177 3308 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
21:29:17.0178 3308 kbdhid - ok
21:29:17.0208 3308 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:29:17.0215 3308 KeyIso - ok
21:29:17.0270 3308 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
21:29:17.0278 3308 KSecDD - ok
21:29:17.0355 3308 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:29:17.0370 3308 KtmRm - ok
21:29:17.0412 3308 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
21:29:17.0433 3308 LanmanServer - ok
21:29:17.0475 3308 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
21:29:17.0484 3308 LanmanWorkstation - ok
21:29:17.0507 3308 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:29:17.0509 3308 lltdio - ok
21:29:17.0542 3308 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:29:17.0551 3308 lltdsvc - ok
21:29:17.0573 3308 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:29:17.0576 3308 lmhosts - ok
21:29:17.0613 3308 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
21:29:17.0615 3308 LSI_FC - ok
21:29:17.0644 3308 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
21:29:17.0647 3308 LSI_SAS - ok
21:29:17.0698 3308 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
21:29:17.0700 3308 LSI_SCSI - ok
21:29:17.0728 3308 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:29:17.0732 3308 luafv - ok
21:29:17.0754 3308 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
21:29:17.0755 3308 megasas - ok
21:29:17.0803 3308 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
21:29:17.0817 3308 MegaSR - ok
21:29:17.0852 3308 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:29:17.0859 3308 MMCSS - ok
21:29:17.0878 3308 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:29:17.0880 3308 Modem - ok
21:29:17.0909 3308 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:29:17.0910 3308 monitor - ok
21:29:17.0934 3308 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:29:17.0937 3308 mouclass - ok
21:29:17.0955 3308 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:29:17.0957 3308 mouhid - ok
21:29:17.0972 3308 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:29:17.0974 3308 MountMgr - ok
21:29:18.0075 3308 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:29:18.0087 3308 MozillaMaintenance - ok
21:29:18.0129 3308 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
21:29:18.0132 3308 mpio - ok
21:29:18.0164 3308 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:29:18.0166 3308 mpsdrv - ok
21:29:18.0224 3308 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
21:29:18.0236 3308 MpsSvc - ok
21:29:18.0264 3308 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:29:18.0266 3308 Mraid35x - ok
21:29:18.0328 3308 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
21:29:18.0331 3308 MRxDAV - ok
21:29:18.0369 3308 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:18.0374 3308 mrxsmb - ok
21:29:18.0421 3308 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:18.0431 3308 mrxsmb10 - ok
21:29:18.0468 3308 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:18.0470 3308 mrxsmb20 - ok
 
Second half of log.

21:29:18.0496 3308 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
21:29:18.0498 3308 msahci - ok
21:29:18.0534 3308 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
21:29:18.0536 3308 msdsm - ok
21:29:18.0578 3308 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:29:18.0591 3308 MSDTC - ok
21:29:18.0625 3308 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:29:18.0627 3308 Msfs - ok
21:29:18.0662 3308 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:29:18.0664 3308 msisadrv - ok
21:29:18.0702 3308 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:29:18.0715 3308 MSiSCSI - ok
21:29:18.0727 3308 msiserver - ok
21:29:18.0753 3308 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:29:18.0755 3308 MSKSSRV - ok
21:29:18.0785 3308 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:18.0786 3308 MSPCLOCK - ok
21:29:18.0802 3308 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:29:18.0803 3308 MSPQM - ok
21:29:18.0850 3308 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
21:29:18.0861 3308 MsRPC - ok
21:29:18.0895 3308 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:29:18.0896 3308 mssmbios - ok
21:29:18.0954 3308 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:29:18.0956 3308 MSTEE - ok
21:29:18.0979 3308 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
21:29:18.0980 3308 Mup - ok
21:29:19.0023 3308 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
21:29:19.0038 3308 napagent - ok
21:29:19.0075 3308 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
21:29:19.0085 3308 NativeWifiP - ok
21:29:19.0176 3308 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
21:29:19.0184 3308 NDIS - ok
21:29:19.0206 3308 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:19.0208 3308 NdisTapi - ok
21:29:19.0227 3308 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:19.0229 3308 Ndisuio - ok
21:29:19.0265 3308 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:19.0269 3308 NdisWan - ok
21:29:19.0321 3308 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:29:19.0323 3308 NDProxy - ok
21:29:19.0338 3308 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:29:19.0340 3308 NetBIOS - ok
21:29:19.0378 3308 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
21:29:19.0387 3308 netbt - ok
21:29:19.0423 3308 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:29:19.0427 3308 Netlogon - ok
21:29:19.0486 3308 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:29:19.0498 3308 Netman - ok
21:29:19.0551 3308 NetMsmqActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:19.0553 3308 NetMsmqActivator - ok
21:29:19.0566 3308 NetPipeActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:19.0568 3308 NetPipeActivator - ok
21:29:19.0600 3308 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:29:19.0610 3308 netprofm - ok
21:29:19.0693 3308 netr73 (fbbdcacbc128670983cca59345be5454) C:\Windows\system32\DRIVERS\netr73.sys
21:29:19.0699 3308 netr73 - ok
21:29:19.0713 3308 NetTcpActivator (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:19.0715 3308 NetTcpActivator - ok
21:29:19.0734 3308 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:19.0738 3308 NetTcpPortSharing - ok
21:29:19.0765 3308 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:29:19.0767 3308 nfrd960 - ok
21:29:19.0804 3308 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:29:19.0815 3308 NlaSvc - ok
21:29:19.0842 3308 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
21:29:19.0844 3308 Npfs - ok
21:29:19.0874 3308 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:29:19.0882 3308 nsi - ok
21:29:19.0903 3308 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:29:19.0905 3308 nsiproxy - ok
21:29:20.0000 3308 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
21:29:20.0026 3308 Ntfs - ok
21:29:20.0058 3308 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:29:20.0060 3308 ntrigdigi - ok
21:29:20.0075 3308 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:29:20.0077 3308 Null - ok
21:29:20.0193 3308 NvcRpcServer (0036c971ee6335e27bd4e66eddf8727f) C:\Program Files\Nortel Networks\NvcRpcSvr.exe
21:29:20.0203 3308 NvcRpcServer - ok
21:29:20.0250 3308 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
21:29:20.0273 3308 nvraid - ok
21:29:20.0334 3308 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
21:29:20.0337 3308 nvstor - ok
21:29:20.0378 3308 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
21:29:20.0382 3308 nv_agp - ok
21:29:20.0396 3308 NwlnkFlt - ok
21:29:20.0408 3308 NwlnkFwd - ok
21:29:20.0454 3308 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:29:20.0457 3308 ohci1394 - ok
21:29:20.0560 3308 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:29:20.0562 3308 ose - ok
21:29:20.0639 3308 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:29:20.0661 3308 p2pimsvc - ok
21:29:20.0682 3308 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:29:20.0692 3308 p2psvc - ok
21:29:20.0758 3308 PalmUSBD (803cf09c795290825607505d37819135) C:\Windows\system32\drivers\PalmUSBD.sys
21:29:20.0760 3308 PalmUSBD - ok
21:29:20.0797 3308 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:29:20.0799 3308 Parport - ok
21:29:20.0835 3308 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
21:29:20.0839 3308 partmgr - ok
21:29:20.0876 3308 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:29:20.0878 3308 Parvdm - ok
21:29:20.0923 3308 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:29:20.0928 3308 PcaSvc - ok
21:29:20.0965 3308 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
21:29:20.0977 3308 pci - ok
21:29:21.0024 3308 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
21:29:21.0026 3308 pciide - ok
21:29:21.0086 3308 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:29:21.0097 3308 pcmcia - ok
21:29:21.0205 3308 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:29:21.0222 3308 PEAUTH - ok
21:29:21.0381 3308 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:29:21.0410 3308 pla - ok
21:29:21.0539 3308 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
21:29:21.0562 3308 PlugPlay - ok
21:29:21.0632 3308 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:29:21.0640 3308 PNRPAutoReg - ok
21:29:21.0655 3308 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
21:29:21.0664 3308 PNRPsvc - ok
21:29:21.0716 3308 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
21:29:21.0730 3308 PolicyAgent - ok
21:29:21.0789 3308 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:29:21.0792 3308 PptpMiniport - ok
21:29:21.0817 3308 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
21:29:21.0819 3308 Processor - ok
21:29:21.0863 3308 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
21:29:21.0873 3308 ProfSvc - ok
21:29:21.0908 3308 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:29:21.0911 3308 ProtectedStorage - ok
21:29:21.0955 3308 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
21:29:21.0959 3308 PSched - ok
21:29:22.0036 3308 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
21:29:22.0037 3308 PSI - ok
21:29:22.0112 3308 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
21:29:22.0114 3308 PxHelp20 - ok
21:29:22.0217 3308 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
21:29:22.0242 3308 ql2300 - ok
21:29:22.0272 3308 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:29:22.0283 3308 ql40xx - ok
21:29:22.0351 3308 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:29:22.0368 3308 QWAVE - ok
21:29:22.0388 3308 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:29:22.0390 3308 QWAVEdrv - ok
21:29:22.0658 3308 R300 (7526ad10925d1aa9e4e6b0fb393b701f) C:\Windows\system32\DRIVERS\atikmdag.sys
21:29:22.0701 3308 R300 - ok
21:29:22.0815 3308 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:29:22.0818 3308 RasAcd - ok
21:29:22.0849 3308 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:29:22.0863 3308 RasAuto - ok
21:29:22.0913 3308 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:22.0915 3308 Rasl2tp - ok
21:29:22.0953 3308 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
21:29:22.0994 3308 RasMan - ok
21:29:23.0024 3308 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:23.0026 3308 RasPppoe - ok
21:29:23.0043 3308 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
21:29:23.0045 3308 RasSstp - ok
21:29:23.0078 3308 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
21:29:23.0082 3308 rdbss - ok
21:29:23.0099 3308 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:23.0101 3308 RDPCDD - ok
21:29:23.0138 3308 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
21:29:23.0147 3308 rdpdr - ok
21:29:23.0161 3308 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:29:23.0162 3308 RDPENCDD - ok
21:29:23.0210 3308 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
21:29:23.0220 3308 RDPWD - ok
21:29:23.0280 3308 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:29:23.0286 3308 RemoteAccess - ok
21:29:23.0353 3308 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
21:29:23.0360 3308 RemoteRegistry - ok
21:29:23.0397 3308 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:29:23.0400 3308 RpcLocator - ok
21:29:23.0449 3308 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\System32\rpcss.dll
21:29:23.0457 3308 RpcSs - ok
21:29:23.0477 3308 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:29:23.0479 3308 rspndr - ok
21:29:23.0578 3308 RT73 (7b8994bd539c3d9bbd7b2a3b204c29e8) C:\Windows\system32\DRIVERS\rt73.sys
21:29:23.0591 3308 RT73 - ok
21:29:23.0642 3308 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:29:23.0649 3308 RTL8169 - ok
21:29:23.0681 3308 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
21:29:23.0684 3308 SamSs - ok
21:29:23.0718 3308 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:29:23.0720 3308 sbp2port - ok
21:29:23.0759 3308 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
21:29:23.0771 3308 SCardSvr - ok
21:29:23.0833 3308 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
21:29:23.0851 3308 Schedule - ok
21:29:23.0953 3308 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
21:29:23.0954 3308 SCPolicySvc - ok
21:29:24.0019 3308 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:29:24.0031 3308 SDRSVC - ok
21:29:24.0051 3308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:29:24.0053 3308 secdrv - ok
21:29:24.0076 3308 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:29:24.0080 3308 seclogon - ok
21:29:24.0315 3308 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
21:29:24.0367 3308 Secunia PSI Agent - ok
21:29:24.0387 3308 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
21:29:24.0392 3308 SENS - ok
21:29:24.0418 3308 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:29:24.0420 3308 Serenum - ok
21:29:24.0454 3308 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:29:24.0456 3308 Serial - ok
21:29:24.0496 3308 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:29:24.0497 3308 sermouse - ok
21:29:24.0551 3308 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:29:24.0565 3308 SessionEnv - ok
21:29:24.0596 3308 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
21:29:24.0598 3308 sffdisk - ok
21:29:24.0646 3308 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
21:29:24.0647 3308 sffp_mmc - ok
21:29:24.0690 3308 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
21:29:24.0691 3308 sffp_sd - ok
21:29:24.0742 3308 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:29:24.0744 3308 sfloppy - ok
21:29:24.0914 3308 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
21:29:24.0922 3308 SharedAccess - ok
21:29:24.0994 3308 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
21:29:25.0002 3308 ShellHWDetection - ok
21:29:25.0040 3308 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
21:29:25.0042 3308 sisagp - ok
21:29:25.0077 3308 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
21:29:25.0079 3308 SiSRaid2 - ok
21:29:25.0134 3308 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
21:29:25.0137 3308 SiSRaid4 - ok
21:29:25.0357 3308 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
21:29:25.0468 3308 slsvc - ok
21:29:25.0586 3308 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
21:29:25.0601 3308 SLUINotify - ok
21:29:25.0656 3308 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
21:29:25.0659 3308 Smb - ok
21:29:25.0715 3308 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:29:25.0720 3308 SNMPTRAP - ok
21:29:25.0754 3308 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:29:25.0756 3308 spldr - ok
21:29:25.0792 3308 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
21:29:25.0803 3308 Spooler - ok
21:29:25.0852 3308 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
21:29:25.0866 3308 srv - ok
21:29:25.0902 3308 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
21:29:25.0914 3308 srv2 - ok
21:29:25.0960 3308 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
21:29:25.0963 3308 srvnet - ok
21:29:26.0010 3308 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:29:26.0038 3308 SSDPSRV - ok
21:29:26.0080 3308 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:29:26.0088 3308 SstpSvc - ok
21:29:26.0155 3308 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
21:29:26.0173 3308 stisvc - ok
21:29:26.0239 3308 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:29:26.0251 3308 stllssvr - ok
21:29:26.0276 3308 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:29:26.0278 3308 swenum - ok
21:29:26.0354 3308 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
21:29:26.0370 3308 swprv - ok
21:29:26.0406 3308 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:29:26.0408 3308 Symc8xx - ok
21:29:26.0431 3308 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:29:26.0433 3308 Sym_hi - ok
21:29:26.0466 3308 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:29:26.0468 3308 Sym_u3 - ok
21:29:26.0536 3308 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
21:29:26.0564 3308 SysMain - ok
21:29:26.0595 3308 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:29:26.0610 3308 TabletInputService - ok
21:29:26.0657 3308 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
21:29:26.0670 3308 TapiSrv - ok
21:29:26.0691 3308 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:29:26.0706 3308 TBS - ok
21:29:26.0806 3308 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
21:29:26.0828 3308 Tcpip - ok
21:29:26.0853 3308 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
21:29:26.0860 3308 Tcpip6 - ok
21:29:26.0902 3308 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
21:29:26.0904 3308 tcpipreg - ok
21:29:26.0936 3308 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:29:26.0938 3308 TDPIPE - ok
21:29:26.0988 3308 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:29:26.0990 3308 TDTCP - ok
21:29:27.0024 3308 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
21:29:27.0027 3308 tdx - ok
21:29:27.0058 3308 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
21:29:27.0060 3308 TermDD - ok
21:29:27.0127 3308 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
21:29:27.0139 3308 TermService - ok
21:29:27.0193 3308 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
21:29:27.0200 3308 Themes - ok
21:29:27.0236 3308 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:29:27.0239 3308 THREADORDER - ok
21:29:27.0283 3308 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:29:27.0328 3308 TrkWks - ok
21:29:27.0385 3308 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
21:29:27.0386 3308 TrustedInstaller - ok
21:29:27.0435 3308 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:27.0436 3308 tssecsrv - ok
21:29:27.0492 3308 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:29:27.0493 3308 tunmp - ok
21:29:27.0519 3308 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
21:29:27.0521 3308 tunnel - ok
21:29:27.0566 3308 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
21:29:27.0569 3308 uagp35 - ok
21:29:27.0613 3308 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
21:29:27.0629 3308 udfs - ok
21:29:27.0674 3308 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:29:27.0680 3308 UI0Detect - ok
21:29:27.0709 3308 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
21:29:27.0711 3308 uliagpkx - ok
21:29:27.0757 3308 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
21:29:27.0766 3308 uliahci - ok
21:29:27.0812 3308 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:29:27.0824 3308 UlSata - ok
21:29:27.0862 3308 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:29:27.0870 3308 ulsata2 - ok
21:29:27.0907 3308 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:29:27.0909 3308 umbus - ok
21:29:27.0950 3308 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:29:27.0959 3308 upnphost - ok
21:29:28.0058 3308 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:29:28.0061 3308 USBAAPL - ok
21:29:28.0115 3308 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:28.0119 3308 usbccgp - ok
21:29:28.0193 3308 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
21:29:28.0195 3308 usbcir - ok
21:29:28.0245 3308 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
21:29:28.0248 3308 usbehci - ok
21:29:28.0283 3308 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
21:29:28.0332 3308 usbhub - ok
21:29:28.0384 3308 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
21:29:28.0386 3308 usbohci - ok
21:29:28.0420 3308 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:29:28.0421 3308 usbprint - ok
21:29:28.0475 3308 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:29:28.0477 3308 usbscan - ok
21:29:28.0501 3308 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:28.0503 3308 USBSTOR - ok
21:29:28.0525 3308 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:29:28.0527 3308 usbuhci - ok
21:29:28.0557 3308 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
21:29:28.0567 3308 UxSms - ok
21:29:28.0625 3308 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
21:29:28.0638 3308 vds - ok
21:29:28.0696 3308 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:28.0698 3308 vga - ok
21:29:28.0722 3308 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:29:28.0724 3308 VgaSave - ok
21:29:28.0781 3308 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
21:29:28.0783 3308 viaagp - ok
21:29:28.0809 3308 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
21:29:28.0811 3308 ViaC7 - ok
21:29:28.0976 3308 VIAHdAudAddService (9891a8f16931c30c72d0816306dd8185) C:\Windows\system32\drivers\viahduaa.sys
21:29:29.0011 3308 VIAHdAudAddService - ok
21:29:29.0051 3308 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
21:29:29.0053 3308 viaide - ok
21:29:29.0083 3308 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:29:29.0085 3308 volmgr - ok
21:29:29.0119 3308 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
21:29:29.0126 3308 volmgrx - ok
21:29:29.0168 3308 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
21:29:29.0175 3308 volsnap - ok
21:29:29.0214 3308 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
21:29:29.0219 3308 vsmraid - ok
21:29:29.0358 3308 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
21:29:29.0403 3308 VSS - ok
21:29:29.0465 3308 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
21:29:29.0476 3308 W32Time - ok
21:29:29.0525 3308 W3SVC (f22ca75c05204f76d06e6c530529455c) C:\Windows\system32\inetsrv\iisw3adm.dll
21:29:29.0533 3308 W3SVC - ok
21:29:29.0593 3308 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:29:29.0594 3308 WacomPen - ok
21:29:29.0620 3308 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:29.0623 3308 Wanarp - ok
21:29:29.0640 3308 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:29:29.0643 3308 Wanarpv6 - ok
21:29:29.0667 3308 WAS (f22ca75c05204f76d06e6c530529455c) C:\Windows\system32\inetsrv\iisw3adm.dll
21:29:29.0670 3308 WAS - ok
21:29:29.0729 3308 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
21:29:29.0749 3308 wcncsvc - ok
21:29:29.0787 3308 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:29:29.0793 3308 WcsPlugInService - ok
21:29:29.0815 3308 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
21:29:29.0819 3308 Wd - ok
21:29:29.0881 3308 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:29:29.0897 3308 Wdf01000 - ok
21:29:29.0954 3308 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:29:29.0960 3308 WdiServiceHost - ok
21:29:29.0971 3308 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:29:29.0978 3308 WdiSystemHost - ok
21:29:30.0019 3308 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
21:29:30.0027 3308 WebClient - ok
21:29:30.0074 3308 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:29:30.0103 3308 Wecsvc - ok
21:29:30.0138 3308 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:29:30.0173 3308 wercplsupport - ok
21:29:30.0253 3308 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
21:29:30.0299 3308 WerSvc - ok
21:29:30.0421 3308 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:29:30.0429 3308 WinDefend - ok
21:29:30.0446 3308 WinHttpAutoProxySvc - ok
21:29:30.0497 3308 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
21:29:30.0501 3308 Winmgmt - ok
21:29:30.0652 3308 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:29:30.0696 3308 WinRM - ok
21:29:30.0762 3308 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
21:29:30.0780 3308 Wlansvc - ok
21:29:30.0831 3308 WmiAcpi (48ca581c12022ac60fe82e2b96fbf5d4) C:\Windows\system32\drivers\wmiacpi.sys
21:29:30.0834 3308 WmiAcpi - ok
21:29:30.0890 3308 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
21:29:30.0902 3308 wmiApSrv - ok
21:29:30.0998 3308 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:29:31.0017 3308 WMPNetworkSvc - ok
21:29:31.0056 3308 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
21:29:31.0064 3308 WPCSvc - ok
21:29:31.0157 3308 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
21:29:31.0164 3308 WPDBusEnum - ok
21:29:31.0227 3308 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
21:29:31.0231 3308 WpdUsb - ok
21:29:31.0425 3308 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:29:31.0478 3308 WPFFontCache_v0400 - ok
21:29:31.0522 3308 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:29:31.0523 3308 ws2ifsl - ok
21:29:31.0547 3308 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
21:29:31.0562 3308 wscsvc - ok
21:29:31.0589 3308 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
21:29:31.0592 3308 WSDPrintDevice - ok
21:29:31.0608 3308 WSearch - ok
21:29:31.0763 3308 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:29:31.0813 3308 wuauserv - ok
21:29:31.0950 3308 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:31.0959 3308 WUDFRd - ok
21:29:32.0002 3308 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:29:32.0017 3308 wudfsvc - ok
21:29:32.0198 3308 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
21:29:32.0254 3308 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:29:32.0254 3308 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:29:32.0278 3308 Boot (0x1200) (fc994f0e69241345c260cf373b6d5e93) \Device\Harddisk0\DR0\Partition0
21:29:32.0279 3308 \Device\Harddisk0\DR0\Partition0 - ok
21:29:32.0288 3308 Boot (0x1200) (4c2a102bcd4abe43c35811c72858c8c8) \Device\Harddisk0\DR0\Partition1
21:29:32.0290 3308 \Device\Harddisk0\DR0\Partition1 - ok
21:29:32.0295 3308 ============================================================
21:29:32.0296 3308 Scan finished
21:29:32.0296 3308 ============================================================
21:29:32.0314 1052 Detected object count: 1
21:29:32.0314 1052 Actual detected object count: 1
21:30:04.0181 1052 \Device\Harddisk0\DR0\# - copied to quarantine
21:30:04.0182 1052 \Device\Harddisk0\DR0 - copied to quarantine
21:30:04.0212 1052 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:30:04.0223 1052 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:30:04.0406 1052 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:30:04.0486 1052 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:30:09.0909 1052 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:30:10.0114 1052 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:30:10.0307 1052 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:30:10.0463 1052 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:30:10.0465 1052 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:30:10.0468 1052 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:30:10.0471 1052 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:30:10.0597 1052 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:30:10.0825 1052 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:30:10.0828 1052 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:30:10.0846 1052 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:30:10.0929 1052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:30:10.0931 1052 \Device\Harddisk0\DR0 - ok
21:30:10.0938 1052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:30:33.0480 2208 Deinitialize success
 
Powered up this morning to no apparent issues. Google searches in IE and FF are normal. Avast! shows no pop-ups.
 
Sorry for delayed response. Did not lose interest. Lost DSL in thunderstorm

OTL logfile created on: 7/26/2012 5:19:28 PM - Run 2
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\Willis\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 64.35% Memory free
3.74 Gb Paging File | 3.12 Gb Available in Paging File | 83.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 166.87 Gb Free Space | 58.88% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.43 Gb Free Space | 50.72% Space Free | Partition Type: NTFS

Computer Name: WILLIS-OFFICE | User Name: Willis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/25 18:58:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\DELL\DellDock\DockLogin.exe
PRC - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe


========== Modules (No Company Name) ==========

MOD - [2009/01/13 04:07:44 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/02 06:37:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/04/19 02:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/20 09:08:19 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/04/11 02:28:20 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 02:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/12/18 15:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\DELL\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/09 14:27:08 | 000,071,176 | ---- | M] (Nortel Networks NA, Inc.) [Auto | Running] -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe -- (NvcRpcServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Willis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/01 04:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/01/06 19:40:20 | 000,187,776 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CxPlrCap.sys -- (CXPLRCAP)
DRV - [2009/04/28 11:24:58 | 001,009,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/01/13 04:12:14 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2009/01/13 04:07:38 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/01/13 04:07:38 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/20 22:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2008/01/20 22:32:47 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/11/12 10:03:08 | 000,468,480 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/04/09 14:27:50 | 000,031,784 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2007/04/09 14:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2007/04/09 14:27:38 | 000,148,232 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipsecw2k.sys -- (IPSECEXT)
DRV - [2006/09/07 00:34:58 | 000,347,776 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt73.sys -- (RT73)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IcdUsb2.sys -- (ICDUSB2)
DRV - [2002/06/27 22:00:00 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {3A39113F-E2D7-499D-8DA6-FD53774238B3}
IE - HKLM\..\SearchScopes\{3A39113F-E2D7-499D-8DA6-FD53774238B3}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 58 4F 29 17 6D 0C 2D 45 96 68 6F 85 3C 4B D6 E1 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 58 4F 29 17 6D 0C 2D 45 96 68 6F 85 3C 4B D6 E1 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes,DefaultScope = {57306A27-789F-455F-B9F4-31F620CD55BE}
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes\{57306A27-789F-455F-B9F4-31F620CD55BE}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\SearchScopes\{61AFBF45-6974-4355-B63D-FDBAABB1DF81}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&I=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/25 17:40:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/02 06:37:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/16 03:19:29 | 000,000,000 | ---D | M]

[2010/09/09 19:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Extensions
[2010/09/09 19:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/07/20 18:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions
[2011/12/25 11:22:02 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/11 12:10:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/27 20:45:47 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/29 19:25:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/11/11 08:14:52 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(246)
[2012/07/20 11:18:53 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Willis\AppData\Roaming\Mozilla\Firefox\Profiles\y2j1q24q.default\extensions\LogMeInClient@logmein.com
[2012/04/26 09:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/02 06:37:11 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 14:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/27 18:15:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 14:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/04/20 22:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/20 22:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 22:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/20 22:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/20 22:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/20 22:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/08 18:23:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000..\Run: [googletalk] C:\Users\Willis\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\DELL\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 215
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000\..Trusted Domains: pg.com ([inetwiki] http in Trusted sites)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://pg.webex.com/client/WBXclient-T27L10NSP25EP3-11662/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://webaccess.pg.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=928 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09AD4C78-C83B-4A7F-9004-05653C9D1CED}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C79CF7E-F85D-4553-A167-C21EDEB3AB1F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79E083E-E9BB-492E-920F-1226159BBD5E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Willis\Pictures\Miscellaneous\earth adjusted.jpg
O24 - Desktop BackupWallPaper: C:\Users\Willis\Pictures\Miscellaneous\earth adjusted.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2399249089-2145050994-3997310361-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 21:30:03 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/25 18:58:46 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
[2012/07/25 17:42:24 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/25 17:42:24 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/25 17:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/25 17:42:22 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/25 17:42:21 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/25 17:42:19 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/25 17:42:19 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/25 17:40:10 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/25 17:40:08 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/25 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/25 17:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/25 17:21:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/25 17:21:17 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\temp
[2012/07/25 17:20:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/25 17:05:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/25 17:05:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/25 17:05:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/25 17:05:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/25 13:41:20 | 000,000,000 | ---D | C] -- C:\Users\Willis\Desktop\TechSpot CleanUp 2012 07
[2012/07/18 05:56:40 | 000,000,000 | ---D | C] -- C:\Users\Willis\Desktop\ReSource
[2012/07/14 08:58:27 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\LogMeIn
[2012/07/14 08:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/07/03 16:54:09 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012/06/27 08:45:18 | 000,000,000 | ---D | C] -- C:\Users\Willis\AppData\Local\ElevatedDiagnostics
[2009/08/19 13:33:56 | 008,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\Willis\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2012/07/26 16:53:13 | 000,673,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/26 16:53:13 | 000,128,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/26 16:48:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 16:48:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 16:48:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 16:48:21 | 1878,122,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 18:58:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Willis\Desktop\OTL.exe
[2012/07/25 17:42:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/25 12:44:37 | 000,000,918 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 17:21:22 | 000,000,716 | ---- | M] () -- C:\Users\Willis\Desktop\Dates 11.lnk
[2012/07/18 20:51:45 | 024,915,382 | ---- | M] () -- C:\Users\Willis\Desktop\Roehm_Katalog_2010_hi.pdf
[2012/07/17 07:20:44 | 000,000,786 | ---- | M] () -- C:\Users\Willis\Desktop\Labels.lnk
[2012/07/14 19:49:13 | 000,788,480 | ---- | M] () -- C:\Users\Willis\Documents\Sturdivant201207.aq
[2012/07/14 19:49:13 | 000,003,476 | -H-- | M] () -- C:\Users\Willis\Documents\Sturdivant201207.aqalpha
[2012/07/14 19:33:44 | 000,020,107 | ---- | M] () -- C:\Users\Willis\Desktop\ADAMSCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 19:33:42 | 000,000,059 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/07/14 19:32:46 | 000,154,620 | ---- | M] () -- C:\Users\Willis\Desktop\HAMILTONCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 19:29:02 | 000,034,521 | ---- | M] () -- C:\Users\Willis\Desktop\CLERMONTCountyGoldenBuckeyeMerchants-1.pdf
[2012/07/14 19:27:01 | 000,034,349 | ---- | M] () -- C:\Users\Willis\Desktop\WARRENCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 08:55:19 | 000,027,520 | ---- | M] () -- C:\Users\Willis\AppData\Local\dt.dat
[2012/07/12 19:09:45 | 026,581,783 | ---- | M] () -- C:\Users\Willis\Desktop\CDNN2012-3.pdf
[2012/07/12 12:44:06 | 003,013,796 | ---- | M] () -- C:\Users\Willis\Desktop\REPORT_FINAL_071212.pdf
[2012/07/11 15:28:12 | 000,000,000 | -H-- | M] () -- C:\Users\Willis\Documents\Default.rdp
[2012/07/11 07:22:43 | 000,349,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/09 19:27:04 | 000,000,806 | ---- | M] () -- C:\Users\Willis\Desktop\70 Poster B.lnk
[2012/07/09 19:26:45 | 000,000,924 | ---- | M] () -- C:\Users\Willis\Desktop\81 Poster B.lnk
[2012/07/08 07:43:23 | 000,788,480 | ---- | M] () -- C:\Users\Willis\Documents\WillDad11.aq
[2012/07/08 07:43:23 | 000,003,476 | -H-- | M] () -- C:\Users\Willis\Documents\WillDad11.aqalpha
[2012/07/08 07:31:55 | 000,033,636 | ---- | M] () -- C:\Users\Willis\Desktop\PJS July.pdf
[2012/07/04 07:10:00 | 000,252,041 | ---- | M] () -- C:\Users\Willis\Desktop\pg833.epub
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2012/07/25 17:05:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/25 17:05:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/25 17:05:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/25 17:05:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/25 17:05:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/25 12:44:37 | 000,000,918 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/24 20:09:01 | 1878,122,496 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/18 20:51:45 | 024,915,382 | ---- | C] () -- C:\Users\Willis\Desktop\Roehm_Katalog_2010_hi.pdf
[2012/07/17 07:20:44 | 000,000,786 | ---- | C] () -- C:\Users\Willis\Desktop\Labels.lnk
[2012/07/14 19:33:42 | 000,020,107 | ---- | C] () -- C:\Users\Willis\Desktop\ADAMSCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 19:32:42 | 000,154,620 | ---- | C] () -- C:\Users\Willis\Desktop\HAMILTONCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 19:29:00 | 000,034,521 | ---- | C] () -- C:\Users\Willis\Desktop\CLERMONTCountyGoldenBuckeyeMerchants-1.pdf
[2012/07/14 19:25:36 | 000,034,349 | ---- | C] () -- C:\Users\Willis\Desktop\WARRENCountyGoldenBuckeyeMerchants.pdf
[2012/07/14 08:55:19 | 000,027,520 | ---- | C] () -- C:\Users\Willis\AppData\Local\dt.dat
[2012/07/12 19:08:31 | 026,581,783 | ---- | C] () -- C:\Users\Willis\Desktop\CDNN2012-3.pdf
[2012/07/12 12:44:06 | 003,013,796 | ---- | C] () -- C:\Users\Willis\Desktop\REPORT_FINAL_071212.pdf
[2012/07/11 15:28:12 | 000,000,000 | -H-- | C] () -- C:\Users\Willis\Documents\Default.rdp
[2012/07/08 07:43:48 | 000,003,476 | -H-- | C] () -- C:\Users\Willis\Documents\Sturdivant201207.aqalpha
[2012/07/08 07:42:07 | 000,788,480 | ---- | C] () -- C:\Users\Willis\Documents\Sturdivant201207.aq
[2012/07/08 07:31:56 | 000,033,636 | ---- | C] () -- C:\Users\Willis\Desktop\PJS July.pdf
[2012/07/07 06:59:31 | 000,000,924 | ---- | C] () -- C:\Users\Willis\Desktop\81 Poster B.lnk
[2012/07/07 06:59:01 | 000,000,806 | ---- | C] () -- C:\Users\Willis\Desktop\70 Poster B.lnk
[2012/07/04 07:10:00 | 000,252,041 | ---- | C] () -- C:\Users\Willis\Desktop\pg833.epub
[2012/04/11 16:59:30 | 000,008,592 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2012/01/14 11:31:59 | 000,380,928 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
[2012/01/14 11:31:59 | 000,175,104 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012/01/14 11:31:59 | 000,151,552 | ---- | C] () -- C:\Windows\System32\ThumbExtract.dll
[2011/10/11 21:54:25 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDMain.INI
[2011/10/11 21:53:26 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDPMSV.INI
[2011/07/21 19:20:05 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI
[2011/03/20 13:05:22 | 000,000,658 | ---- | C] () -- C:\Windows\ULead32.ini
[2011/03/01 11:14:14 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2011/02/27 18:35:45 | 000,000,000 | ---- | C] () -- C:\Windows\DVEdit.INI
[2011/02/21 10:03:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/09/25 19:15:31 | 000,000,680 | ---- | C] () -- C:\Users\Willis\AppData\Local\d3d9caps.dat
[2010/03/25 16:58:44 | 000,003,678 | ---- | C] () -- C:\Users\Willis\.ganttproject
[2009/08/25 07:08:43 | 000,000,000 | ---- | C] () -- C:\Program Files\error.dat
[2009/08/19 22:10:15 | 000,038,912 | ---- | C] () -- C:\Users\Willis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/19 20:23:32 | 000,003,482 | ---- | C] () -- C:\Users\Willis\AppData\Roaming\wklnhst.dat

========== LOP Check ==========

[2012/07/03 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Applian FLV and Media Player
[2011/02/01 17:52:08 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\AVG
[2009/12/29 19:35:06 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/11 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Downloaded Installations
[2011/10/11 21:53:13 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\FedEx
[2009/10/13 19:27:38 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Flickr
[2011/12/25 11:35:52 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\GARMIN
[2010/07/18 08:42:36 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Individual Software
[2011/11/19 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Juniper Networks
[2011/08/02 16:08:28 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Opera
[2009/08/24 18:59:18 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\pdf995
[2010/02/27 13:25:34 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\QuickVerse11
[2010/01/25 09:23:09 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Stamps.com Internet Postage
[2009/08/19 20:23:36 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\Template
[2012/04/05 15:57:01 | 000,000,000 | ---D | M] -- C:\Users\Willis\AppData\Roaming\webex
[2012/07/25 21:58:43 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
OTL logs are clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I performed all 4 actions. ESET was shut down last night before it finished (~50% complete on progress bar) when Avast! unexpectedly re-enabled (I had chosen "Disable until computer is restarted"). At that point in the scan ESET had found 3 threats. I could not post for further instructions so I shut down from Windows Start button and let the OS shut down ESET. I ran a full ESET scan this morning and it found no threats. Logs follow.

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Secunia PSI (2.0.0.3003)
Java(TM) 6 Update 29
Java(TM) 6 Update 31
Adobe Flash Player 11.3.300.265
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
Farbar Service Scanner Version: 26-07-2012
Ran by Willis (administrator) on 26-07-2012 at 20:45:42
Running from "C:\Users\Willis\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 05:57] - [2012-03-30 08:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

======================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Thank you. Thank you. THANK YOU! You are a Jedi Master, a Ninja, and the bane of all that is evil.

I have performed steps above. OTL Run/Fix log follows my text.

Neither FF nor IE is experiencing a redirect from Google search, and Avast! is providing no threat warnings.

Prior to this infection I used AVG Free, ran MBAM, Secunia PSI, and TFC periodically, kept current on Windows and Flash Updates, always selected "Custom" installations and deselected search bars, toolbars, gadgets, etc., and never let FF/IE/Windows memorize login names nor passwords. I have now replaced AVG with Avast!. In addition to the suggestions above, are there other things I could do to be exceptionally vigilant? Should I run the Avast! Boot-Time scan periodically? Should I run an online ESET scan periodically?

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Willis
->Temp folder emptied: 206504 bytes
->Temporary Internet Files folder emptied: 2756431 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 17473126 bytes
->Flash cache emptied: 904 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 19.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Willis
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Willis
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.1 log created on 07272012_183939
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2012/07/27 18:49:16 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5
Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
3K
adidaman27
A

Latest posts

Back