1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Search redirect virus.

Discussion in 'Malware and Virus Removal Archive' started by jbh, 2012/05/09.

Thread Status:
Not open for further replies.
Page 1 of 2
  1. 2012/05/09
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    [Inactive] Search redirect virus.

    I must have a search redirect virus and I don't know how to get rid of it....Help very much appreciated!

    MBAM

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.06.06

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 7.0.6001.18000
    hayter :: BRENDAPC [administrator]

    5/9/2012 3:04:22 PM
    mbam-log-2012-05-09 (15-04-22).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 387199
    Time elapsed: 1 hour(s), 53 minute(s), 56 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
    jbh,
    #1
  2. 2012/05/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2012/05/10
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    Thank you for your response.

    Below are the logs you requested except for gmer.exe would not run...I renamed the file and still got the blue screen of death: page_fault_in_nonpage__area.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-05-10 14:05:44
    -----------------------------
    14:05:44.909 OS Version: Windows 6.0.6001 Service Pack 1
    14:05:44.910 Number of processors: 2 586 0x4802
    14:05:44.913 ComputerName: BRENDAPC UserName: hayter
    14:05:50.544 Initialize success
    14:06:15.991 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
    14:06:16.000 Disk 0 Vendor: SAMSUNG_ YF10 Size: 114473MB BusType: 6
    14:06:16.119 Disk 0 MBR read successfully
    14:06:16.127 Disk 0 MBR scan
    14:06:16.135 Disk 0 unknown MBR code
    14:06:16.147 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 108077 MB offset 63
    14:06:16.187 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6393 MB offset 221343570
    14:06:16.201 Disk 0 scanning sectors +234436545
    14:06:16.292 Disk 0 scanning C:\Windows\system32\drivers
    14:06:27.787 Service scanning
    14:06:48.687 Modules scanning
    14:06:56.976 Disk 0 trace - called modules:
    14:06:56.999 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    14:06:57.005 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85024ac8]
    14:06:57.012 3 CLASSPNP.SYS[82ba1745] -> nt!IofCallDriver -> [0x84482808]
    14:06:57.020 5 acpi.sys[806086a0] -> nt!IofCallDriver -> \Device\00000063[0x84494100]
    14:06:57.027 Scan finished successfully
    14:08:11.431 Disk 0 MBR has been saved successfully to "C:\Users\hayter\Desktop\MBR.dat "
    14:08:11.440 The log file has been saved successfully to "C:\Users\hayter\Desktop\aswMBR.txt "
     
    jbh,
    #3
  5. 2012/05/10
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000
    Run by hayter at 14:09:28 on 2012-05-10
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.262 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.6\youtubedownloaderToolbarIE.dll
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: HDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\hughesnet download manager\iefdm2.dll
    BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.6\youtubedownloaderToolbarIE.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files\youtube downloader toolbar\ie\5.6\youtubedownloaderToolbarIE.dll
    uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    uRun: [Google Update] "c:\users\hayter\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [HughesNet Download Manager] "c:\program files\hughesnet download manager\HDM.exe" -autorun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [wcmsas] rundll32.exe "c:\users\hayter\appdata\local\temp\wcmsas.dll ",LoadMemory
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe "
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe "
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
    mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe "
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    StartupFolder: c:\users\hayter\appdata\roaming\micros~1\windows\startm~1\programs\startup\hughes~1.lnk - c:\program files\hughesnetstatusmeter\hughesnetstatusmeter\HughesNetStatusMeter.exe
    StartupFolder: c:\users\hayter\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlall.htm
    IE: Download selected with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlselected.htm
    IE: Download video with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dlfvideo.htm
    IE: Download with HughesNet Download Manager - file://c:\program files\hughesnet download manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{B692EF62-80D2-495B-A8F4-89ACF15C8135} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{F60B79D2-0475-4513-9FFB-CFAE8E02E19C} : DhcpNameServer = 67.142.160.8 67.142.160.9
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\hayter\appdata\roaming\mozilla\firefox\profiles\4cli9fxe.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\users\hayter\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-23 494424]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-4-23 785304]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-6 136176]
    S3 Flash1;Flash1;c:\swsetup\sp38062\winphlash\FLASH1.sys [2006-3-1 3456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-6 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-05-03 22:08:25 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-03 22:07:56 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-05-03 22:07:56 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    2012-04-29 21:17:22 -------- d-----w- c:\program files\Shape Collage
    2012-04-28 14:46:44 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
    2012-04-28 14:45:07 -------- d-----w- c:\program files\Application Updater
    2012-04-28 14:45:06 -------- d-----w- c:\program files\common files\Spigot
    2012-04-28 14:45:05 -------- d-----w- c:\program files\YouTube Downloader Toolbar
    2012-04-28 14:41:09 -------- d-----w- c:\program files\YTD YouTube Downloader & Converter
    2012-04-27 15:59:46 -------- d-----w- c:\users\hayter\appdata\local\OCCT
    2012-04-27 15:55:20 -------- d-----w- c:\program files\OCCTPT
    2012-04-27 15:52:31 -------- d--h--w- c:\windows\msdownld.tmp
    2012-04-27 15:52:28 -------- d-----w- c:\windows\system32\directx
    2012-04-24 02:17:47 -------- d-----w- c:\users\hayter\appdata\roaming\FreshDiagnose
    2012-04-24 02:13:54 -------- d-----w- c:\program files\FreshDevices
    2012-04-23 23:35:59 114176 ----a-w- c:\windows\system32\PCWizard.cpl
    2012-04-23 23:35:57 -------- d-----w- c:\program files\CPUID
    2012-04-17 18:56:51 -------- d-----w- c:\program files\iPod
    .
    ==================== Find3M ====================
    .
    2012-05-10 18:48:18 170195877 ----a-w- c:\windows\DUMP9cab.tmp
    2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    .
    ============= FINISH: 14:10:57.41 ===============
     
    jbh,
    #4
  6. 2012/05/10
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/11/2011 4:22:07 PM
    System Uptime: 5/10/2012 1:55:11 PM (1 hours ago)
    .
    Motherboard: Wistron | | 30B5
    Processor: AMD Turion(tm) 64 X2 | U1 | 1600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 106 GiB total, 56.238 GiB free.
    D: is FIXED (NTFS) - 6 GiB total, 0.682 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Dreamweaver CS5.5
    Adobe Flash Player 11 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8
    Adobe Widget Browser
    Advanced SystemCare 5
    Ancient Sudoku
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASL_HS_Installer32
    AutoUpdate
    AVG 2012
    Bejeweled 2 Deluxe
    Big Kahuna Reef
    Blackhawk Striker 2
    Blasterball 3
    Boggle Supreme
    Bonjour
    Bookworm Deluxe
    Broadcom 802.11 Wireless LAN Adapter
    Chuzzle Deluxe
    Conexant HD Audio
    Crystal Maze
    DivX
    Family Feud
    FATE
    Final Drive Nitro
    Flip Words
    FreshDiagnose
    Google Chrome
    Google Earth
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Easy Setup - Core
    HP Easy Setup - Frontend
    HP Help and Support
    HP Pavilion Webcam Driver for Vista v061.001.00006
    HP Quick Launch Buttons 6.10 B9
    HP QuickPlay 3.0
    HP Update
    HP User Guide 0052
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HughesNet Download Manager 1.2
    HughesNet Status Meter
    iCloud
    Insaniquarium Deluxe
    IrfanView (remove only)
    iTunes
    Java(TM) SE Runtime Environment 6
    Jewel Quest
    LightScribe 1.4.124.1
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 5.0
    NVIDIA Drivers
    OCCT 4.2.0
    Otto
    PC Wizard 2012.2.0
    Penguins!
    Poker Superstars 2
    Polar Bowler
    Polar Golfer
    Polar Tubing
    QuickTime
    Roxio Creator Audio
    Roxio Creator Basic v9
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator EasyArchive
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio MyDVD Basic v9
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Shape Collage
    Sonic Activation Module
    Synaptics Pointing Device Driver
    T-Crisis 3 100% A.I. version 3.5.12
    The Apprentice
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Yahoo! Toolbar for Internet Explorer
    YouTube Downloader Toolbar v5.6
    YTD YouTube Downloader & Converter 3.6
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/8/2012 7:18:00 AM, Error: EventLog [6008] - The previous system shutdown at 7:16:09 AM on 5/8/2012 was unexpected.
    5/6/2012 9:18:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the XAudioService service to connect.
    5/6/2012 9:18:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
    5/6/2012 9:18:55 PM, Error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/6/2012 9:18:55 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    5/6/2012 9:18:55 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/6/2012 9:17:17 PM, Error: EventLog [6008] - The previous system shutdown at 8:10:32 PM on 5/6/2012 was unexpected.
    5/6/2012 5:34:39 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 001A73147BEA has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    5/5/2012 7:23:30 AM, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070002.
    5/10/2012 1:55:58 PM, Error: EventLog [6008] - The previous system shutdown at 1:54:44 PM on 5/10/2012 was unexpected.
    5/10/2012 1:53:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    5/10/2012 1:53:42 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/10/2012 1:48:38 PM, Error: EventLog [6008] - The previous system shutdown at 1:46:30 PM on 5/10/2012 was unexpected.
    .
    ==== End Of File ===========================
     
    jbh,
    #5
  7. 2012/05/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2012/05/10
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    ComboFix 12-05-10.04 - hayter 05/10/2012 20:21:06.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.287 [GMT -5:00]
    Running from: c:\users\hayter\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-11 01:35 . 2012-05-11 01:35 -------- d-----w- c:\users\hayter\AppData\Local\temp
    2012-05-11 01:35 . 2012-05-11 01:35 -------- d-----w- c:\users\john\AppData\Local\temp
    2012-05-11 01:35 . 2012-05-11 01:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-03 22:08 . 2012-05-03 22:08 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-05-03 22:07 . 2012-05-03 22:07 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
    2012-05-03 22:07 . 2012-05-03 22:07 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
    2012-04-29 21:17 . 2012-04-29 21:17 -------- d-----w- c:\program files\Shape Collage
    2012-04-28 14:46 . 2012-04-28 14:46 -------- d-----w- c:\programdata\YTD YouTube Downloader & Converter
    2012-04-28 14:45 . 2012-04-28 14:45 -------- d-----w- c:\program files\Application Updater
    2012-04-28 14:45 . 2012-04-28 14:45 -------- d-----w- c:\program files\Common Files\Spigot
    2012-04-28 14:45 . 2012-04-28 14:45 -------- d-----w- c:\program files\YouTube Downloader Toolbar
    2012-04-28 14:41 . 2012-04-28 14:41 -------- d-----w- c:\program files\YTD YouTube Downloader & Converter
    2012-04-27 15:59 . 2012-04-27 15:59 -------- d-----w- c:\users\hayter\AppData\Local\OCCT
    2012-04-27 15:55 . 2012-04-27 15:55 -------- d-----w- c:\program files\OCCTPT
    2012-04-27 15:52 . 2012-04-27 15:55 -------- d--h--w- c:\windows\msdownld.tmp
    2012-04-24 02:17 . 2012-04-24 02:18 -------- d-----w- c:\users\hayter\AppData\Roaming\FreshDiagnose
    2012-04-24 02:13 . 2012-04-24 02:13 -------- d-----w- c:\program files\FreshDevices
    2012-04-23 23:35 . 2012-02-14 16:49 114176 ----a-w- c:\windows\system32\PCWizard.cpl
    2012-04-23 23:35 . 2012-04-23 23:35 -------- d-----w- c:\program files\CPUID
    2012-04-17 18:56 . 2012-04-17 18:56 -------- d-----w- c:\program files\iPod
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-10 18:48 . 2011-10-11 21:16 170195877 ----a-w- c:\windows\DUMP9cab.tmp
    2012-04-04 20:56 . 2011-12-24 17:25 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-05-03 22:07 . 2011-12-23 16:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 5 "= "c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-23 619352]
    "HughesNet Download Manager "= "c:\program files\HughesNet Download Manager\HDM.exe" [2009-10-27 3563566]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "MobileDocuments "= "c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-01-09 77824]
    "APSDaemon "= "c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
    "WAWifiMessage "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "AdobeAAMUpdater-1.0 "= "c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    "AdobeCS5.5ServiceManager "= "c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
    "HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "SearchSettings "= "c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-04-24 983904]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher "= "c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
    .
    c:\users\hayter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    HughesNetStatusMeter.lnk - c:\program files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe [2011-12-30 142336]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle "= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux "=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
    2006-11-10 18:50 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2006-11-06 18:58 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2006-11-24 23:33 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring "=dword:00000001
    .
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-23 494424]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-07 00:32]
    .
    2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-07 00:32]
    .
    2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3738667107-1251832668-1167962564-1000Core.job
    - c:\users\hayter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 21:26]
    .
    2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3738667107-1251832668-1167962564-1000UA.job
    - c:\users\hayter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-23 21:26]
    .
    2012-04-28 c:\windows\Tasks\HPCeeScheduleForhayter.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-01-09 00:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: Download all with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dlall.htm
    IE: Download selected with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dlselected.htm
    IE: Download video with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dlfvideo.htm
    IE: Download with HughesNet Download Manager - file://c:\program files\HughesNet Download Manager\dllink.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\hayter\AppData\Roaming\Mozilla\Firefox\Profiles\4cli9fxe.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-10 20:35
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2012-05-10 20:41:08
    ComboFix-quarantined-files.txt 2012-05-11 01:41
    ComboFix2.txt 2012-05-11 00:36
    .
    Pre-Run: 62,935,150,592 bytes free
    Post-Run: 62,700,470,272 bytes free
    .
    - - End Of File - - CD378D94443A6D5B7FB4EC8DE61ED841
     
    jbh,
    #7
  9. 2012/05/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Looks good.

    How is redirection?

    Uninstall Advanced SystemCare 5
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==============================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #8
  10. 2012/05/11
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    Advanced system care uninstalled......Yes, still having trouble with redirection.

    OTL logfile created on: 5/11/2012 6:59:39 PM - Run 1
    OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\hayter\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    957.88 Mb Total Physical Memory | 445.68 Mb Available Physical Memory | 46.53% Memory free
    2.13 Gb Paging File | 1.19 Gb Available in Paging File | 55.88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 105.54 Gb Total Space | 58.21 Gb Free Space | 55.15% Space Free | Partition Type: NTFS
    Drive D: | 6.24 Gb Total Space | 0.68 Gb Free Space | 10.92% Space Free | Partition Type: NTFS

    Computer Name: BRENDAPC | User Name: hayter | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/11 08:13:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\hayter\Desktop\OTL.exe
    PRC - [2012/04/23 20:38:30 | 000,785,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2011/10/13 20:09:13 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/01/09 05:16:37 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    PRC - [2006/11/24 18:34:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    PRC - [2006/11/24 18:34:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
    SRV - [2012/05/03 17:07:56 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/23 20:38:30 | 000,785,304 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/11/24 18:34:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
    SRV - [2006/11/24 18:34:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
    SRV - [2006/06/26 12:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
    SRV - [2004/10/22 06:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\hayter\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2009/06/24 12:38:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/03/04 03:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2007/07/10 07:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/12/22 20:28:56 | 000,100,648 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2006/11/18 12:52:54 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
    DRV - [2006/11/15 12:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/15 07:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2006/11/15 05:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2006/09/15 03:44:18 | 000,011,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2006/06/28 12:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2006/06/28 12:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2006/03/01 17:54:48 | 000,003,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\SwSetup\SP38062\winphlash\FLASH1.sys -- (Flash1)
    DRV - [2004/10/26 11:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
    IE - HKLM\..\SearchScopes,DefaultScope = {7181A5E8-DC08-4D9A-9437-4B45DF5F65EB}
    IE - HKLM\..\SearchScopes\{00A61C49-8685-409D-B388-20EDF5DA1F85}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
    IE - HKLM\..\SearchScopes\{458FD297-533E-41E6-8692-1AE06E80D7AB}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{7181A5E8-DC08-4D9A-9437-4B45DF5F65EB}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
    IE - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\..\SearchScopes,DefaultScope = {7181A5E8-DC08-4D9A-9437-4B45DF5F65EB}
    IE - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\..\SearchScopes\{00A61C49-8685-409D-B388-20EDF5DA1F85}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVNUS7
    IE - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\..\SearchScopes\{458FD297-533E-41E6-8692-1AE06E80D7AB}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\..\SearchScopes\{7181A5E8-DC08-4D9A-9437-4B45DF5F65EB}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
    IE - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo "
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811 "
    FF - prefs.js..browser.search.selectedEngine: "Google "
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "www.yahoo.com "
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= "
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hayter\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hayter\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 17:07:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{075ACC7A-7AC9-11E1-826D-B8AC6F996F26}: C:\Users\hayter\AppData\Local\{075ACC7A-7AC9-11E1-826D-B8AC6F996F26}\ [2012/03/30 19:32:50 | 000,000,000 | ---D | M]

    [2011/10/11 14:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hayter\AppData\Roaming\Mozilla\Extensions
    [2012/04/28 23:21:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hayter\AppData\Roaming\Mozilla\Firefox\Profiles\4cli9fxe.default\extensions
    [2011/12/23 11:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/05/03 17:08:09 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
    [2012/04/28 23:21:38 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
    [2012/03/30 19:32:50 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\HAYTER\APPDATA\LOCAL\{075ACC7A-7AC9-11E1-826D-B8AC6F996F26}
    [2011/10/13 17:21:05 | 000,583,875 | ---- | M] () (No name found) -- C:\USERS\HAYTER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4CLI9FXE.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2012/05/03 17:07:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/19 22:09:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/19 22:09:20 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\hayter\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\hayter\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\hayter\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\hayter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\hayter\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\hayter\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AVG Safe Search = C:\Users\hayter\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
    CHR - Extension: Gmail = C:\Users\hayter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/05/10 19:28:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (HDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\HughesNet Download Manager\iefdm2.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000..\Run: [HughesNet Download Manager] C:\Program Files\HughesNet Download Manager\HDM.exe (HughesNet.com)
    O4 - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
    O4 - Startup: C:\Users\hayter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HughesNetStatusMeter.lnk = C:\Program Files\HughesNetStatusMeter\HughesNetStatusMeter\HughesNetStatusMeter.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3738667107-1251832668-1167962564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download all with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlall.htm ()
    O8 - Extra context menu item: Download selected with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlselected.htm ()
    O8 - Extra context menu item: Download video with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dlfvideo.htm ()
    O8 - Extra context menu item: Download with HughesNet Download Manager - C:\Program Files\HughesNet Download Manager\dllink.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B692EF62-80D2-495B-A8F4-89ACF15C8135}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F60B79D2-0475-4513-9FFB-CFAE8E02E19C}: DhcpNameServer = 67.142.160.8 67.142.160.9
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img5.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img5.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/01/09 04:59:58 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - File not found
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/11 08:13:01 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\hayter\Desktop\OTL.exe
    [2012/05/11 08:13:01 | 000,000,000 | ---D | C] -- C:\desktop
    [2012/05/10 21:05:07 | 000,000,000 | ---D | C] -- C:\Users\hayter\Desktop\windowsbbs
    [2012/05/10 20:41:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/05/10 20:41:11 | 000,000,000 | ---D | C] -- C:\Users\hayter\AppData\Local\temp
    [2012/05/10 20:16:52 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/05/10 19:59:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/05/10 19:03:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/05/10 19:03:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/05/10 19:03:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/05/10 19:03:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/05/10 19:02:47 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/10 18:03:46 | 004,489,310 | R--- | C] (Swearware) -- C:\Users\hayter\Desktop\ComboFix.exe
    [2012/05/10 08:04:00 | 000,000,000 | ---D | C] -- C:\Users\hayter\Desktop\Desktop
    [2012/05/03 17:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/05/03 17:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/04/29 16:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Shape Collage
    [2012/04/28 09:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD YouTube Downloader & Converter
    [2012/04/28 09:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
    [2012/04/28 09:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2012/04/28 09:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
    [2012/04/28 09:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD YouTube Downloader & Converter
    [2012/04/28 09:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\YTD YouTube Downloader & Converter
    [2012/04/27 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\hayter\AppData\Local\OCCT
    [2012/04/27 10:55:21 | 000,000,000 | ---D | C] -- C:\Users\hayter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT
    [2012/04/27 10:55:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT
    [2012/04/27 10:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\OCCTPT
    [2012/04/27 10:52:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
    [2012/04/23 21:17:47 | 000,000,000 | ---D | C] -- C:\Users\hayter\AppData\Roaming\FreshDiagnose
    [2012/04/23 21:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreshDevices
    [2012/04/23 21:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\FreshDevices
    [2012/04/23 18:35:59 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\System32\PCWizard.cpl
    [2012/04/23 18:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
    [2012/04/23 18:35:57 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
    [2012/04/17 14:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/04/17 13:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/05/11 18:52:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/11 18:52:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/11 18:51:59 | 000,047,820 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/05/11 18:51:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/11 14:55:09 | 000,047,820 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/05/11 08:13:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\hayter\Desktop\OTL.exe
    [2012/05/11 07:51:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/10 21:45:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3738667107-1251832668-1167962564-1000UA.job
    [2012/05/10 20:06:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/10 20:06:17 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
    [2012/05/10 19:28:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/05/10 18:10:18 | 004,489,310 | R--- | M] (Swearware) -- C:\Users\hayter\Desktop\ComboFix.exe
    [2012/05/10 17:00:58 | 167,954,757 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/05/09 14:45:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3738667107-1251832668-1167962564-1000Core.job
    [2012/05/07 20:28:07 | 000,041,050 | ---- | M] () -- C:\Users\hayter\Desktop\Ben+Adorned+in+Ferns+5+4+12.jpg
    [2012/05/03 21:43:37 | 000,079,809 | ---- | M] () -- C:\Users\hayter\Desktop\Savannah AKA Piopy.jpg
    [2012/05/03 21:26:33 | 000,014,848 | ---- | M] () -- C:\Users\hayter\Desktop\dr. who.jpg
    [2012/05/02 19:17:46 | 000,035,482 | ---- | M] () -- C:\Users\hayter\Desktop\2008_0615 Purple and White Passion Flower.jpg
    [2012/05/01 20:54:10 | 000,002,009 | ---- | M] () -- C:\Users\hayter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/05/01 20:54:09 | 000,002,047 | ---- | M] () -- C:\Users\hayter\Desktop\Google Chrome.lnk
    [2012/05/01 16:59:19 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/05/01 16:59:18 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/05/01 13:55:38 | 001,300,461 | ---- | M] () -- C:\Users\hayter\Desktop\IMG_0773.JPG
    [2012/05/01 13:55:36 | 001,318,558 | ---- | M] () -- C:\Users\hayter\Desktop\IMG_0772.JPG
    [2012/05/01 13:55:31 | 001,319,624 | ---- | M] () -- C:\Users\hayter\Desktop\IMG_0771.JPG
    [2012/05/01 13:55:23 | 001,482,696 | ---- | M] () -- C:\Users\hayter\Desktop\IMG_0770.JPG
    [2012/05/01 13:55:03 | 001,448,353 | ---- | M] () -- C:\Users\hayter\Desktop\IMG_0769.JPG
    [2012/05/01 13:55:00 | 001,461,275 | ---- | M] () -- C:\Users\hayter\Desktop\IMG_0768.JPG
    [2012/05/01 13:54:55 | 001,482,192 | ---- | M] () -- C:\Users\hayter\Desktop\IMG_0767.JPG
    [2012/04/30 19:19:49 | 000,003,584 | ---- | M] () -- C:\Users\hayter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/30 19:18:11 | 128,235,819 | ---- | M] () -- C:\Users\hayter\Desktop\DigiExpress - iPhone 4 Screen Installation Repair ATT GSM.wmv
    [2012/04/29 16:17:23 | 000,000,895 | ---- | M] () -- C:\Users\Public\Desktop\Shape Collage.lnk
    [2012/04/28 10:06:33 | 387,588,586 | ---- | M] () -- C:\Users\hayter\Documents\DigiExpress - iPhone 4 Screen Installation Repair ATT GSM.mp4
    [2012/04/28 09:41:13 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
    [2012/04/27 22:53:18 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhayter.job
    [2012/04/27 13:32:48 | 001,016,023 | ---- | M] () -- C:\Users\hayter\Desktop\siamese foster mom.JPG
    [2012/04/27 11:39:28 | 001,111,859 | ---- | M] () -- C:\Users\hayter\Desktop\IMG_0746.JPG
    [2012/04/27 10:55:26 | 000,000,800 | ---- | M] () -- C:\Users\hayter\Desktop\OCCT.lnk
    [2012/04/26 08:17:10 | 000,002,651 | ---- | M] () -- C:\Users\hayter\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2012/04/25 13:41:30 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/23 21:14:03 | 000,001,011 | ---- | M] () -- C:\Users\hayter\Desktop\FreshDiagnose.lnk
    [2012/04/23 18:36:13 | 000,000,989 | ---- | M] () -- C:\Users\hayter\Desktop\PC Wizard 2012.lnk
    [2012/04/20 12:14:29 | 000,011,829 | ---- | M] () -- C:\Users\hayter\Desktop\hoof shoes.jpg
    [2012/04/17 14:03:08 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/04/17 13:38:48 | 000,000,628 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/05/10 19:03:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/05/10 19:03:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/05/10 19:03:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/05/10 19:03:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/05/10 19:03:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/10 14:56:51 | 167,954,757 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/05/07 20:27:48 | 000,041,050 | ---- | C] () -- C:\Users\hayter\Desktop\Ben+Adorned+in+Ferns+5+4+12.jpg
    [2012/05/03 21:43:33 | 000,079,809 | ---- | C] () -- C:\Users\hayter\Desktop\Savannah AKA Piopy.jpg
    [2012/05/03 21:26:07 | 000,014,848 | ---- | C] () -- C:\Users\hayter\Desktop\dr. who.jpg
    [2012/05/02 19:17:23 | 000,035,482 | ---- | C] () -- C:\Users\hayter\Desktop\2008_0615 Purple and White Passion Flower.jpg
    [2012/05/02 07:54:31 | 001,482,696 | ---- | C] () -- C:\Users\hayter\Desktop\IMG_0770.JPG
    [2012/05/02 07:54:30 | 001,461,275 | ---- | C] () -- C:\Users\hayter\Desktop\IMG_0768.JPG
    [2012/05/02 07:54:30 | 001,448,353 | ---- | C] () -- C:\Users\hayter\Desktop\IMG_0769.JPG
    [2012/05/02 07:54:29 | 001,482,192 | ---- | C] () -- C:\Users\hayter\Desktop\IMG_0767.JPG
    [2012/05/02 07:54:28 | 001,300,461 | ---- | C] () -- C:\Users\hayter\Desktop\IMG_0773.JPG
    [2012/05/02 07:54:26 | 001,318,558 | ---- | C] () -- C:\Users\hayter\Desktop\IMG_0772.JPG
    [2012/05/02 07:54:25 | 001,319,624 | ---- | C] () -- C:\Users\hayter\Desktop\IMG_0771.JPG
    [2012/04/30 19:19:49 | 000,003,584 | ---- | C] () -- C:\Users\hayter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/04/30 16:23:47 | 128,235,819 | ---- | C] () -- C:\Users\hayter\Desktop\DigiExpress - iPhone 4 Screen Installation Repair ATT GSM.wmv
    [2012/04/29 16:17:23 | 000,000,895 | ---- | C] () -- C:\Users\Public\Desktop\Shape Collage.lnk
    [2012/04/28 19:53:25 | 001,111,859 | ---- | C] () -- C:\Users\hayter\Desktop\IMG_0746.JPG
    [2012/04/28 19:53:22 | 001,016,023 | ---- | C] () -- C:\Users\hayter\Desktop\siamese foster mom.JPG
    [2012/04/28 09:47:24 | 387,588,586 | ---- | C] () -- C:\Users\hayter\Documents\DigiExpress - iPhone 4 Screen Installation Repair ATT GSM.mp4
    [2012/04/28 09:41:13 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\YTD YouTube Downloader & Converter.lnk
    [2012/04/27 10:55:26 | 000,000,800 | ---- | C] () -- C:\Users\hayter\Desktop\OCCT.lnk
    [2012/04/23 21:14:03 | 000,001,011 | ---- | C] () -- C:\Users\hayter\Desktop\FreshDiagnose.lnk
    [2012/04/23 18:36:13 | 000,000,989 | ---- | C] () -- C:\Users\hayter\Desktop\PC Wizard 2012.lnk
    [2012/04/20 12:13:37 | 000,011,829 | ---- | C] () -- C:\Users\hayter\Desktop\hoof shoes.jpg
    [2012/04/17 14:03:08 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/03/31 19:27:44 | 000,001,081 | ---- | C] () -- C:\Users\hayter\AppData\Roaming\tetricrisis-data-3.5.12
    [2012/02/20 13:19:13 | 000,000,680 | ---- | C] () -- C:\Users\hayter\AppData\Local\d3d9caps.dat
    [2012/01/21 13:12:30 | 000,047,820 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2012/01/21 13:12:30 | 000,047,820 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2011/12/25 21:48:11 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2011/12/23 17:42:17 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/12/23 17:42:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/12/23 12:48:49 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
    [2011/12/16 07:25:20 | 000,000,000 | ---- | C] () -- C:\Users\hayter\AppData\Local\{538DFFCF-996F-4319-8C76-5F9337D07EDE}
    [2011/10/11 18:16:06 | 000,013,072 | ---- | C] () -- C:\Users\hayter\AppData\Roaming\nvModes.001
    [2011/10/11 18:16:04 | 000,013,072 | ---- | C] () -- C:\Users\hayter\AppData\Roaming\nvModes.dat

    ========== LOP Check ==========

    [2012/01/08 14:16:34 | 000,000,000 | ---D | M] -- C:\Users\hayter\AppData\Roaming\AVG
    [2011/10/11 18:53:07 | 000,000,000 | ---D | M] -- C:\Users\hayter\AppData\Roaming\AVG2012
    [2011/12/18 18:57:09 | 000,000,000 | ---D | M] -- C:\Users\hayter\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/12/30 15:19:38 | 000,000,000 | ---D | M] -- C:\Users\hayter\AppData\Roaming\com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.1
    [2012/04/23 21:18:13 | 000,000,000 | ---D | M] -- C:\Users\hayter\AppData\Roaming\FreshDiagnose
    [2012/05/10 20:14:13 | 000,000,000 | ---D | M] -- C:\Users\hayter\AppData\Roaming\HughesNet Download Manager
    [2011/12/23 11:50:32 | 000,000,000 | ---D | M] -- C:\Users\hayter\AppData\Roaming\IObit
    [2011/11/15 14:12:20 | 000,000,000 | ---D | M] -- C:\Users\hayter\AppData\Roaming\IrfanView
    [2011/12/23 13:31:45 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\AVG2012
    [2011/12/23 18:28:59 | 000,000,000 | ---D | M] -- C:\Users\john\AppData\Roaming\IObit
    [2012/05/10 20:04:42 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2007/01/09 04:59:58 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2011/11/05 20:43:41 | 000,000,086 | ---- | M] () -- C:\bcmwl6.log
    [2009/04/11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/11/09 07:48:09 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/05/10 20:41:09 | 000,010,135 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/01/09 05:17:16 | 000,000,062 | ---- | M] () -- C:\FINIS_IT.TXT
    [2012/05/10 20:06:17 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/15 19:36:24 | 000,001,462 | ---- | M] () -- C:\Napp7.log
    [2012/05/10 20:06:14 | 1318,981,632 | -HS- | M] () -- C:\pagefile.sys
    [2007/01/09 05:16:52 | 000,021,666 | ---- | M] () -- C:\sunjava.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2012/02/20 17:52:06 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 16:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/03/18 21:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD8S.DLL
    [2007/03/18 21:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP8S.DLL
    [2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/12/23 00:20:28 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/02/20 12:40:49 | 000,000,286 | -HS- | M] () -- C:\Users\hayter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/05/10 18:10:18 | 004,489,310 | R--- | M] (Swearware) -- C:\Users\hayter\Desktop\ComboFix.exe
    [2012/05/11 08:13:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\hayter\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/05/10 20:06:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/11 07:51:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/09 14:45:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3738667107-1251832668-1167962564-1000Core.job
    [2012/05/10 21:45:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3738667107-1251832668-1167962564-1000UA.job
    [2012/04/27 22:53:18 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhayter.job
    [2012/05/10 20:06:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/05/10 20:04:42 | 000,032,548 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/02/20 18:45:14 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/02/20 18:44:45 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2007/01/09 03:58:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2007/01/09 03:58:36 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/10/11 14:16:41 | 000,000,402 | -HS- | M] () -- C:\Users\hayter\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/05/11 18:51:59 | 000,047,820 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >
     
    jbh,
    #9
  11. 2012/05/11
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    OTL Extras logfile created on: 5/11/2012 6:59:39 PM - Run 1
    OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\hayter\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    957.88 Mb Total Physical Memory | 445.68 Mb Available Physical Memory | 46.53% Memory free
    2.13 Gb Paging File | 1.19 Gb Available in Paging File | 55.88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 105.54 Gb Total Space | 58.21 Gb Free Space | 55.15% Space Free | Partition Type: NTFS
    Drive D: | 6.24 Gb Total Space | 0.68 Gb Free Space | 10.92% Space Free | Partition Type: NTFS

    Computer Name: BRENDAPC | User Name: hayter | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-3738667107-1251832668-1167962564-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2B432150-7783-4B4C-8238-E0712655D211}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{332513B4-BEA6-43AE-9BB7-FE18F8198665}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5B644AE5-A78E-402D-8984-DEFE449BA60C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{92375588-432D-40E9-B131-CA776B595D80}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{9B4C5C76-7F79-46B2-89E8-35982DC21A94}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{A6DB79CC-3AD3-4C0C-81D5-A0DC874EDB7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B6F4AB89-291A-4F22-A4ED-F9893BA16D4A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{DFDEC501-1393-488B-B89A-FD92040FFAC9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FD17AA83-DB3D-4BD2-B567-973EF297100D}" = lport=10243 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{067F4508-9D97-4BCA-BC5D-61B6AEA27618}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{06CE721B-5E9B-4715-AAB7-F7575DC6FEEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0D47E0DF-27C5-4DCC-B20B-CFEDC3BF92DB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{195D4212-B096-4D4B-9F06-7EF22F6192F7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{2658E8EB-A1BA-4452-AEBC-AB5C5D0D1300}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{332439A2-7F0A-4D39-8C0D-38707C6B26F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3927684C-8F1E-4942-9915-8E7A6B8166A5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3EAED599-130F-4829-8966-0C1E965A8A59}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{46801876-8BDC-4703-B198-7D91C512F29E}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{485F5174-0DA0-4B17-8E78-A20A9DE80021}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4F82E09F-C2B4-4294-B4EC-2BDA294B6918}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5DABBFE9-AE37-46DB-9FDB-4BE3A7F9BB9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5EED45F5-1F6C-447E-8FD4-22CF57E9D9A9}" = protocol=6 | dir=out | app=system |
    "{6A580F5B-2B64-462F-A781-011AAE9C23D3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{89D25385-3D91-40F3-82AA-FEED185850E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8EDB905D-498A-44CA-A96C-29BEED9BB2DB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{92D986D9-98E0-4D7E-B1FA-23FE99CA0896}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{95684FAA-843A-4491-99C6-301B457E9174}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{96220D6D-FCDB-49E9-AF44-2A46773CAC60}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{963F55EC-3E67-4A1D-B4B4-EF1701CC151E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{9ED03B54-17CE-4816-9F99-0CF5801D2571}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{A4239DA1-D381-4F61-A68A-B337E97DF87C}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{B449A352-22AA-4984-B2D0-C3DCCA90CB2D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E3373737-6474-4356-84F9-BD7C2E40272D}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{E5A68D12-64EC-46DA-8FAC-DF74D32C433E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{E6800EA7-7612-4484-8894-5760C90D0B52}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E85C5CA2-39AB-4AE4-9689-578C99B7796F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E9255EB6-A65E-46E7-B9DF-27DC64E922DE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "TCP Query User{ACEB3600-3A4D-48A5-B527-0C69CCF5CE9A}C:\users\hayter\downloads\tinyumbrella-5.10.07.exe" = protocol=6 | dir=in | app=c:\users\hayter\downloads\tinyumbrella-5.10.07.exe |
    "UDP Query User{BE0ACCCF-755E-4227-8B9A-A3C0DC0D2DEA}C:\users\hayter\downloads\tinyumbrella-5.10.07.exe" = protocol=17 | dir=in | app=c:\users\hayter\downloads\tinyumbrella-5.10.07.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{2EB87B4B-E71F-488A-8CC2-AB0DC1A87EA4}_is1" = T-Crisis 3 100% A.I. version 3.5.12
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00006
    "{60DBEED5-6A01-44D4-86E4-1F4048DA5834}_is1" = HughesNet Download Manager 1.2
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6FE30813-AC60-40A3-BE53-F6713A1F3893}" = HP Wireless Assistant
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91DBD16F-BA92-4B2E-A65A-56DB3EE67AC4}" = HP User Guide 0052
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CB5F1FBF-57DB-4E22-83B0-FEC53C389762}" = YouTube Downloader Toolbar v5.6
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
    "{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
    "{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
    "{E52AAE8C-539F-1DAF-994E-7417BE45A3E8}" = HughesNet Status Meter
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
    "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
    "com.hughesnet.HughesNetStatusMeter.92D257A0BA68956E9AA1D50589E83FF4134CD6A8.1" = HughesNet Status Meter
    "FreshDevices - FreshDiagnose_is1" = FreshDiagnose
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "IrfanView" = IrfanView (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA Drivers" = NVIDIA Drivers
    "OCCT" = OCCT 4.2.0
    "PC Wizard 2012_is1" = PC Wizard 2012.2.0
    "ShapeCollage" = Shape Collage
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WT014844" = The Apprentice
    "WT014845" = Bejeweled 2 Deluxe
    "WT014846" = Big Kahuna Reef
    "WT014847" = Blackhawk Striker 2
    "WT014848" = Boggle Supreme
    "WT014849" = Bookworm Deluxe
    "WT014851" = Chuzzle Deluxe
    "WT014852" = Crystal Maze
    "WT014853" = Family Feud
    "WT014855" = Final Drive Nitro
    "WT014856" = Flip Words
    "WT014857" = Insaniquarium Deluxe
    "WT014858" = Jewel Quest
    "WT014860" = Otto
    "WT014861" = Penguins!
    "WT014862" = Polar Golfer
    "WT014863" = Polar Tubing
    "WT014888" = Polar Bowler
    "WT014902" = Ancient Sudoku
    "WT014905" = Poker Superstars 2
    "WT015733" = FATE
    "WT015797" = Blasterball 3
    "Yahoo! Companion" = Yahoo! Toolbar for Internet Explorer

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3738667107-1251832668-1167962564-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/30/2012 6:45:58 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4091719

    Error - 3/30/2012 6:45:58 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4091719

    Error - 3/30/2012 6:45:59 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/30/2012 6:45:59 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4092764

    Error - 3/30/2012 6:45:59 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4092764

    Error - 3/30/2012 6:46:00 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/30/2012 6:46:00 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4094028

    Error - 3/30/2012 6:46:00 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4094028

    Error - 3/30/2012 6:46:02 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 3/30/2012 6:46:02 PM | Computer Name = BRENDAPC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4095260

    [ System Events ]
    Error - 5/10/2012 8:47:37 PM | Computer Name = Brendapc | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 7:45:02 PM on 5/10/2012 was unexpected.

    Error - 5/10/2012 8:47:49 PM | Computer Name = Brendapc | Source = HTTP | ID = 15016
    Description =

    Error - 5/10/2012 8:48:47 PM | Computer Name = Brendapc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 5/10/2012 9:06:35 PM | Computer Name = Brendapc | Source = HTTP | ID = 15016
    Description =

    Error - 5/10/2012 9:07:50 PM | Computer Name = Brendapc | Source = Service Control Manager | ID = 7000
    Description =

    Error - 5/10/2012 9:16:48 PM | Computer Name = Brendapc | Source = Service Control Manager | ID = 7034
    Description =

    Error - 5/10/2012 9:19:45 PM | Computer Name = Brendapc | Source = Service Control Manager | ID = 7030
    Description =

    Error - 5/10/2012 9:29:35 PM | Computer Name = Brendapc | Source = Service Control Manager | ID = 7030
    Description =

    Error - 5/10/2012 9:35:12 PM | Computer Name = Brendapc | Source = Service Control Manager | ID = 7030
    Description =

    Error - 5/11/2012 7:56:21 PM | Computer Name = Brendapc | Source = Service Control Manager | ID = 7034
    Description =


    < End of report >
     
    jbh,
    #10
  12. 2012/05/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Which browser is getting redirected?

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
    broni,
    #11
  13. 2012/05/12
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    Firefox 12.0


    15:27:46.0727 4816 Current date / time: 2012/05/12 15:27:46.0726
    15:27:46.0727 4816 SystemInfo:
    15:27:46.0727 4816
    15:27:46.0727 4816 OS Version: 6.0.6001 ServicePack: 1.0
    15:27:46.0727 4816 Product type: Workstation
    15:27:46.0727 4816 ComputerName: BRENDAPC
    15:27:46.0728 4816 UserName: hayter
    15:27:46.0728 4816 Windows directory: C:\Windows
    15:27:46.0728 4816 System windows directory: C:\Windows
    15:27:46.0728 4816 Processor architecture: Intel x86
    15:27:46.0728 4816 Number of processors: 2
    15:27:46.0728 4816 Page size: 0x1000
    15:27:46.0728 4816 Boot type: Normal boot
    15:27:46.0728 4816 ============================================================
    15:27:49.0710 4816 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    15:27:49.0734 4816 ============================================================
    15:27:49.0734 4816 \Device\Harddisk0\DR0:
    15:27:49.0735 4816 MBR partitions:
    15:27:49.0735 4816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD316F13
    15:27:49.0735 4816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD316F52, BlocksNum 0xC7C86F
    15:27:49.0735 4816 ============================================================
    15:27:49.0824 4816 C: <-> \Device\Harddisk0\DR0\Partition0
    15:27:49.0883 4816 D: <-> \Device\Harddisk0\DR0\Partition1
    15:27:49.0883 4816 ============================================================
    15:27:49.0883 4816 Initialize success
    15:27:49.0883 4816 ============================================================
    15:27:58.0470 4876 ============================================================
    15:27:58.0471 4876 Scan started
    15:27:58.0471 4876 Mode: Manual;
    15:27:58.0471 4876 ============================================================
    15:28:00.0261 4876 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    15:28:00.0275 4876 ACPI - ok
    15:28:00.0436 4876 AddFiltr (e6d2486ec85a36b8336ed456d0317d96) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    15:28:00.0445 4876 AddFiltr - ok
    15:28:00.0533 4876 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    15:28:00.0549 4876 adp94xx - ok
    15:28:00.0608 4876 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    15:28:00.0622 4876 adpahci - ok
    15:28:00.0643 4876 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    15:28:00.0649 4876 adpu160m - ok
    15:28:00.0678 4876 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    15:28:00.0684 4876 adpu320 - ok
    15:28:00.0722 4876 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    15:28:00.0724 4876 AeLookupSvc - ok
    15:28:00.0777 4876 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    15:28:00.0785 4876 AFD - ok
    15:28:00.0810 4876 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    15:28:00.0813 4876 agp440 - ok
    15:28:00.0830 4876 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    15:28:00.0848 4876 aic78xx - ok
    15:28:00.0879 4876 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    15:28:00.0882 4876 ALG - ok
    15:28:00.0899 4876 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    15:28:00.0901 4876 aliide - ok
    15:28:00.0931 4876 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    15:28:00.0934 4876 amdagp - ok
    15:28:00.0941 4876 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    15:28:00.0943 4876 amdide - ok
    15:28:00.0952 4876 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    15:28:00.0956 4876 AmdK7 - ok
    15:28:00.0988 4876 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    15:28:00.0991 4876 AmdK8 - ok
    15:28:01.0032 4876 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    15:28:01.0034 4876 Appinfo - ok
    15:28:01.0204 4876 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    15:28:01.0208 4876 Apple Mobile Device - ok
    15:28:01.0446 4876 Application Updater (f4c5530d92fa7f9a41c19edfc4c51bd4) C:\Program Files\Application Updater\ApplicationUpdater.exe
    15:28:01.0473 4876 Application Updater - ok
    15:28:01.0535 4876 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    15:28:01.0538 4876 arc - ok
    15:28:01.0551 4876 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    15:28:01.0554 4876 arcsas - ok
    15:28:01.0590 4876 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:28:01.0592 4876 AsyncMac - ok
    15:28:01.0649 4876 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    15:28:01.0650 4876 atapi - ok
    15:28:01.0713 4876 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    15:28:01.0721 4876 AudioEndpointBuilder - ok
    15:28:01.0729 4876 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    15:28:01.0733 4876 Audiosrv - ok
    15:28:01.0903 4876 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
    15:28:01.0945 4876 BCM43XV - ok
    15:28:01.0982 4876 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
    15:28:02.0002 4876 BCM43XX - ok
    15:28:02.0197 4876 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    15:28:02.0198 4876 Beep - ok
    15:28:02.0260 4876 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
    15:28:02.0269 4876 BFE - ok
    15:28:02.0391 4876 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
    15:28:02.0420 4876 BITS - ok
    15:28:02.0430 4876 blbdrive - ok
    15:28:02.0622 4876 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    15:28:02.0636 4876 Bonjour Service - ok
    15:28:02.0685 4876 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    15:28:02.0690 4876 bowser - ok
    15:28:02.0727 4876 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    15:28:02.0730 4876 BrFiltLo - ok
    15:28:02.0743 4876 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    15:28:02.0746 4876 BrFiltUp - ok
    15:28:02.0794 4876 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    15:28:02.0797 4876 Browser - ok
    15:28:02.0809 4876 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    15:28:02.0812 4876 Brserid - ok
    15:28:02.0835 4876 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    15:28:02.0838 4876 BrSerWdm - ok
    15:28:02.0844 4876 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    15:28:02.0845 4876 BrUsbMdm - ok
    15:28:02.0871 4876 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    15:28:02.0873 4876 BrUsbSer - ok
    15:28:02.0882 4876 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    15:28:02.0884 4876 BTHMODEM - ok
    15:28:02.0989 4876 catchme - ok
    15:28:03.0035 4876 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:28:03.0038 4876 cdfs - ok
    15:28:03.0074 4876 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    15:28:03.0077 4876 cdrom - ok
    15:28:03.0107 4876 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    15:28:03.0109 4876 CertPropSvc - ok
    15:28:03.0142 4876 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    15:28:03.0144 4876 circlass - ok
    15:28:03.0272 4876 CLCapSvc (9ee919b88977505bc3afd499ac2dd59b) C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    15:28:03.0275 4876 CLCapSvc - ok
    15:28:03.0336 4876 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    15:28:03.0343 4876 CLFS - ok
    15:28:03.0420 4876 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:28:03.0426 4876 clr_optimization_v2.0.50727_32 - ok
    15:28:03.0525 4876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:28:03.0532 4876 clr_optimization_v4.0.30319_32 - ok
    15:28:03.0585 4876 CLSched (0185bc0bebad66241c2b31e88d6f1f1f) C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    15:28:03.0587 4876 CLSched - ok
    15:28:03.0647 4876 CLTNetCnService - ok
    15:28:03.0687 4876 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    15:28:03.0689 4876 CmBatt - ok
    15:28:03.0719 4876 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    15:28:03.0721 4876 cmdide - ok
    15:28:03.0781 4876 CnxtHdAudService (b6e7991e3d6146c04c85cd31af22a381) C:\Windows\system32\drivers\CHDRT32.sys
    15:28:03.0787 4876 CnxtHdAudService - ok
    15:28:03.0833 4876 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    15:28:03.0836 4876 Compbatt - ok
    15:28:03.0842 4876 COMSysApp - ok
    15:28:03.0855 4876 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    15:28:03.0857 4876 crcdisk - ok
    15:28:03.0865 4876 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    15:28:03.0867 4876 Crusoe - ok
    15:28:03.0913 4876 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
    15:28:03.0917 4876 CryptSvc - ok
    15:28:04.0025 4876 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    15:28:04.0047 4876 DcomLaunch - ok
    15:28:04.0104 4876 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    15:28:04.0107 4876 DfsC - ok
    15:28:04.0342 4876 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
    15:28:04.0387 4876 DFSR - ok
    15:28:04.0599 4876 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
    15:28:04.0609 4876 Dhcp - ok
    15:28:04.0689 4876 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    15:28:04.0693 4876 disk - ok
    15:28:04.0739 4876 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
    15:28:04.0746 4876 Dnscache - ok
    15:28:04.0814 4876 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
    15:28:04.0822 4876 dot3svc - ok
    15:28:04.0881 4876 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    15:28:04.0889 4876 DPS - ok
    15:28:04.0924 4876 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    15:28:04.0927 4876 drmkaud - ok
    15:28:05.0042 4876 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    15:28:05.0166 4876 DXGKrnl - ok
    15:28:05.0269 4876 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys
    15:28:05.0279 4876 E100B - ok
    15:28:05.0326 4876 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    15:28:05.0332 4876 E1G60 - ok
    15:28:05.0359 4876 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
    15:28:05.0362 4876 eabfiltr - ok
    15:28:05.0453 4876 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    15:28:05.0457 4876 EapHost - ok
    15:28:05.0537 4876 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    15:28:05.0545 4876 Ecache - ok
    15:28:05.0660 4876 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    15:28:05.0673 4876 ehRecvr - ok
    15:28:05.0728 4876 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    15:28:05.0734 4876 ehSched - ok
    15:28:05.0759 4876 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    15:28:05.0761 4876 ehstart - ok
    15:28:05.0840 4876 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    15:28:05.0849 4876 elxstor - ok
    15:28:05.0932 4876 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
    15:28:05.0945 4876 EMDMgmt - ok
    15:28:06.0029 4876 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
    15:28:06.0038 4876 EventSystem - ok
    15:28:06.0088 4876 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    15:28:06.0093 4876 exfat - ok
    15:28:06.0133 4876 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    15:28:06.0137 4876 fastfat - ok
    15:28:06.0157 4876 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    15:28:06.0160 4876 fdc - ok
    15:28:06.0202 4876 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    15:28:06.0204 4876 fdPHost - ok
    15:28:06.0226 4876 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    15:28:06.0228 4876 FDResPub - ok
    15:28:06.0250 4876 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    15:28:06.0253 4876 FileInfo - ok
    15:28:06.0286 4876 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    15:28:06.0288 4876 Filetrace - ok
    15:28:06.0376 4876 Flash1 (c532970d4dc83c42c2af56943f2998ae) C:\SwSetup\SP38062\winphlash\Flash1.sys
    15:28:06.0378 4876 Flash1 - ok
    15:28:06.0389 4876 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    15:28:06.0393 4876 flpydisk - ok
    15:28:06.0457 4876 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    15:28:06.0465 4876 FltMgr - ok
    15:28:06.0573 4876 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    15:28:06.0577 4876 FontCache3.0.0.0 - ok
    15:28:06.0693 4876 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
    15:28:06.0694 4876 FreshIO - ok
    15:28:06.0710 4876 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    15:28:06.0712 4876 Fs_Rec - ok
    15:28:06.0734 4876 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    15:28:06.0737 4876 gagp30kx - ok
    15:28:06.0778 4876 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    15:28:06.0779 4876 GEARAspiWDM - ok
    15:28:06.0875 4876 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
    15:28:06.0888 4876 gpsvc - ok
    15:28:06.0955 4876 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:28:06.0959 4876 gupdate - ok
    15:28:06.0965 4876 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:28:06.0968 4876 gupdatem - ok
    15:28:07.0001 4876 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
    15:28:07.0003 4876 HBtnKey - ok
    15:28:07.0056 4876 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys
    15:28:07.0061 4876 HdAudAddService - ok
    15:28:07.0108 4876 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    15:28:07.0111 4876 HDAudBus - ok
    15:28:07.0152 4876 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    15:28:07.0154 4876 HidBth - ok
    15:28:07.0161 4876 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    15:28:07.0164 4876 HidIr - ok
    15:28:07.0197 4876 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
    15:28:07.0199 4876 hidserv - ok
    15:28:07.0227 4876 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    15:28:07.0229 4876 HidUsb - ok
    15:28:07.0296 4876 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    15:28:07.0300 4876 hkmsvc - ok
    15:28:07.0372 4876 HP Health Check Service (6d23619a883bf87e0dfa6658fddecec0) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    15:28:07.0374 4876 HP Health Check Service - ok
    15:28:07.0383 4876 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    15:28:07.0386 4876 HpCISSs - ok
    15:28:07.0443 4876 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    15:28:07.0444 4876 hpqwmiex - ok
    15:28:07.0498 4876 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    15:28:07.0519 4876 HSFHWAZL - ok
    15:28:07.0643 4876 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    15:28:07.0664 4876 HSF_DPV - ok
    15:28:07.0717 4876 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    15:28:07.0723 4876 HSXHWAZL - ok
    15:28:07.0799 4876 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    15:28:07.0817 4876 HTTP - ok
    15:28:07.0906 4876 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    15:28:07.0910 4876 i2omp - ok
    15:28:07.0961 4876 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    15:28:07.0965 4876 i8042prt - ok
    15:28:08.0132 4876 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
    15:28:08.0163 4876 ialm - ok
    15:28:08.0392 4876 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    15:28:08.0398 4876 iaStorV - ok
    15:28:08.0538 4876 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    15:28:08.0544 4876 IDriverT - ok
    15:28:08.0737 4876 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:28:08.0767 4876 idsvc - ok
    15:28:08.0932 4876 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    15:28:08.0936 4876 iirsp - ok
    15:28:09.0022 4876 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
    15:28:09.0034 4876 IKEEXT - ok
    15:28:09.0057 4876 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    15:28:09.0058 4876 intelide - ok
    15:28:09.0068 4876 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    15:28:09.0070 4876 intelppm - ok
    15:28:09.0118 4876 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    15:28:09.0122 4876 IPBusEnum - ok
    15:28:09.0156 4876 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:28:09.0158 4876 IpFilterDriver - ok
    15:28:09.0200 4876 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
    15:28:09.0207 4876 iphlpsvc - ok
    15:28:09.0212 4876 IpInIp - ok
    15:28:09.0228 4876 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    15:28:09.0231 4876 IPMIDRV - ok
    15:28:09.0269 4876 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    15:28:09.0273 4876 IPNAT - ok
    15:28:09.0465 4876 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
    15:28:09.0480 4876 iPod Service - ok
    15:28:09.0518 4876 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    15:28:09.0521 4876 IRENUM - ok
    15:28:09.0561 4876 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    15:28:09.0565 4876 isapnp - ok
    15:28:09.0628 4876 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    15:28:09.0636 4876 iScsiPrt - ok
    15:28:09.0658 4876 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    15:28:09.0661 4876 iteatapi - ok
    15:28:09.0679 4876 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    15:28:09.0683 4876 iteraid - ok
    15:28:09.0729 4876 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    15:28:09.0731 4876 kbdclass - ok
    15:28:09.0772 4876 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    15:28:09.0774 4876 kbdhid - ok
    15:28:09.0806 4876 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    15:28:09.0809 4876 KeyIso - ok
    15:28:09.0862 4876 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    15:28:09.0874 4876 KSecDD - ok
    15:28:09.0948 4876 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    15:28:09.0959 4876 KtmRm - ok
    15:28:10.0009 4876 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
    15:28:10.0015 4876 LanmanServer - ok
    15:28:10.0060 4876 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    15:28:10.0067 4876 LanmanWorkstation - ok
    15:28:10.0210 4876 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    15:28:10.0212 4876 LightScribeService - ok
    15:28:10.0493 4876 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    15:28:10.0507 4876 lltdio - ok
    15:28:10.0640 4876 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    15:28:10.0650 4876 lltdsvc - ok
    15:28:10.0721 4876 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    15:28:10.0727 4876 lmhosts - ok
    15:28:10.0780 4876 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    15:28:10.0785 4876 LSI_FC - ok
    15:28:10.0841 4876 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    15:28:10.0846 4876 LSI_SAS - ok
    15:28:10.0864 4876 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    15:28:10.0872 4876 LSI_SCSI - ok
    15:28:10.0922 4876 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    15:28:10.0925 4876 luafv - ok
    15:28:10.0960 4876 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
    15:28:10.0962 4876 MBAMProtector - ok
    15:28:11.0092 4876 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    15:28:11.0107 4876 MBAMService - ok
    15:28:11.0147 4876 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    15:28:11.0151 4876 Mcx2Svc - ok
    15:28:11.0180 4876 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    15:28:11.0182 4876 mdmxsdk - ok
    15:28:11.0193 4876 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    15:28:11.0195 4876 megasas - ok
    15:28:11.0214 4876 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    15:28:11.0217 4876 MMCSS - ok
    15:28:11.0252 4876 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    15:28:11.0254 4876 Modem - ok
    15:28:11.0300 4876 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    15:28:11.0301 4876 monitor - ok
    15:28:11.0348 4876 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    15:28:11.0351 4876 mouclass - ok
    15:28:11.0367 4876 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
    15:28:11.0369 4876 mouhid - ok
    15:28:11.0408 4876 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    15:28:11.0411 4876 MountMgr - ok
    15:28:11.0503 4876 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    15:28:11.0507 4876 MozillaMaintenance - ok
    15:28:11.0539 4876 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    15:28:11.0543 4876 mpio - ok
    15:28:11.0577 4876 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    15:28:11.0580 4876 mpsdrv - ok
    15:28:11.0656 4876 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
    15:28:11.0667 4876 MpsSvc - ok
    15:28:11.0688 4876 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    15:28:11.0691 4876 Mraid35x - ok
    15:28:11.0728 4876 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    15:28:11.0732 4876 MRxDAV - ok
    15:28:11.0782 4876 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    15:28:11.0786 4876 mrxsmb - ok
    15:28:11.0817 4876 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    15:28:11.0824 4876 mrxsmb10 - ok
    15:28:11.0872 4876 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    15:28:11.0875 4876 mrxsmb20 - ok
    15:28:11.0892 4876 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    15:28:11.0894 4876 msahci - ok
    15:28:11.0910 4876 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    15:28:11.0913 4876 msdsm - ok
    15:28:11.0948 4876 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    15:28:11.0954 4876 MSDTC - ok
    15:28:11.0995 4876 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    15:28:11.0997 4876 Msfs - ok
    15:28:12.0033 4876 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    15:28:12.0035 4876 msisadrv - ok
    15:28:12.0079 4876 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    15:28:12.0085 4876 MSiSCSI - ok
    15:28:12.0100 4876 msiserver - ok
    15:28:12.0170 4876 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    15:28:12.0173 4876 MSKSSRV - ok
    15:28:12.0192 4876 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    15:28:12.0194 4876 MSPCLOCK - ok
    15:28:12.0213 4876 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    15:28:12.0214 4876 MSPQM - ok
    15:28:12.0266 4876 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    15:28:12.0271 4876 MsRPC - ok
    15:28:12.0294 4876 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    15:28:12.0296 4876 mssmbios - ok
    15:28:12.0317 4876 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    15:28:12.0319 4876 MSTEE - ok
    15:28:12.0341 4876 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    15:28:12.0343 4876 Mup - ok
    15:28:12.0397 4876 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
    15:28:12.0407 4876 napagent - ok
    15:28:12.0450 4876 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    15:28:12.0455 4876 NativeWifiP - ok
    15:28:12.0552 4876 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    15:28:12.0566 4876 NDIS - ok
    15:28:12.0613 4876 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    15:28:12.0615 4876 NdisTapi - ok
    15:28:12.0655 4876 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    15:28:12.0657 4876 Ndisuio - ok
    15:28:12.0707 4876 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    15:28:12.0711 4876 NdisWan - ok
    15:28:12.0756 4876 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    15:28:12.0758 4876 NDProxy - ok
    15:28:12.0782 4876 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    15:28:12.0784 4876 NetBIOS - ok
    15:28:12.0845 4876 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    15:28:12.0851 4876 netbt - ok
    15:28:12.0896 4876 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    15:28:12.0898 4876 Netlogon - ok
    15:28:12.0937 4876 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    15:28:12.0946 4876 Netman - ok
    15:28:13.0005 4876 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    15:28:13.0018 4876 netprofm - ok
    15:28:13.0133 4876 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:28:13.0138 4876 NetTcpPortSharing - ok
    15:28:13.0197 4876 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    15:28:13.0200 4876 nfrd960 - ok
    15:28:13.0250 4876 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    15:28:13.0256 4876 NlaSvc - ok
    15:28:13.0288 4876 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    15:28:13.0290 4876 Npfs - ok
    15:28:13.0333 4876 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    15:28:13.0336 4876 nsi - ok
    15:28:13.0390 4876 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    15:28:13.0392 4876 nsiproxy - ok
    15:28:13.0547 4876 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    15:28:13.0584 4876 Ntfs - ok
    15:28:13.0603 4876 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    15:28:13.0605 4876 ntrigdigi - ok
    15:28:13.0649 4876 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    15:28:13.0651 4876 Null - ok
    15:28:13.0791 4876 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    15:28:13.0817 4876 NVENETFD - ok
    15:28:14.0724 4876 nvlddmkm (d65bc32c1795191b7f2b028351ab4fe2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    15:28:15.0053 4876 nvlddmkm - ok
    15:28:15.0275 4876 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    15:28:15.0279 4876 nvraid - ok
    15:28:15.0295 4876 nvsmu (adfdd343b1d3a9e061f17c730f1e83dc) C:\Windows\system32\DRIVERS\nvsmu.sys
    15:28:15.0297 4876 nvsmu - ok
    15:28:15.0327 4876 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    15:28:15.0329 4876 nvstor - ok
    15:28:15.0367 4876 nvstor32 (4c93d50bca15b3bfcab07306b258b248) C:\Windows\system32\DRIVERS\nvstor32.sys
    15:28:15.0368 4876 nvstor32 - ok
    15:28:15.0421 4876 nvsvc (a8c043670699c956d56b9f1f3daefc98) C:\Windows\system32\nvvsvc.exe
    15:28:15.0429 4876 nvsvc - ok
    15:28:15.0464 4876 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    15:28:15.0468 4876 nv_agp - ok
    15:28:15.0473 4876 NwlnkFlt - ok
    15:28:15.0483 4876 NwlnkFwd - ok
    15:28:15.0896 4876 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    15:28:15.0912 4876 odserv - ok
    15:28:15.0983 4876 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    15:28:15.0989 4876 ohci1394 - ok
    15:28:16.0048 4876 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    15:28:16.0056 4876 ose - ok
    15:28:16.0152 4876 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    15:28:16.0168 4876 p2pimsvc - ok
    15:28:16.0196 4876 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    15:28:16.0205 4876 p2psvc - ok
    15:28:16.0243 4876 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    15:28:16.0247 4876 Parport - ok
    15:28:16.0287 4876 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    15:28:16.0289 4876 partmgr - ok
    15:28:16.0308 4876 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    15:28:16.0310 4876 Parvdm - ok
    15:28:16.0349 4876 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    15:28:16.0353 4876 PcaSvc - ok
    15:28:16.0407 4876 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    15:28:16.0413 4876 pci - ok
    15:28:16.0448 4876 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    15:28:16.0450 4876 pciide - ok
    15:28:16.0484 4876 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    15:28:16.0490 4876 pcmcia - ok
    15:28:16.0593 4876 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    15:28:16.0613 4876 PEAUTH - ok
    15:28:16.0820 4876 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    15:28:16.0872 4876 pla - ok
    15:28:17.0050 4876 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
    15:28:17.0058 4876 PlugPlay - ok
    15:28:17.0172 4876 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    15:28:17.0180 4876 PNRPAutoReg - ok
    15:28:17.0200 4876 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    15:28:17.0218 4876 PNRPsvc - ok
    15:28:17.0297 4876 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
    15:28:17.0307 4876 PolicyAgent - ok
    15:28:17.0410 4876 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    15:28:17.0412 4876 PptpMiniport - ok
    15:28:17.0442 4876 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    15:28:17.0444 4876 Processor - ok
    15:28:17.0504 4876 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
    15:28:17.0511 4876 ProfSvc - ok
    15:28:17.0552 4876 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    15:28:17.0554 4876 ProtectedStorage - ok
    15:28:17.0602 4876 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    15:28:17.0604 4876 PSched - ok
    15:28:17.0648 4876 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
    15:28:17.0650 4876 PxHelp20 - ok
    15:28:17.0763 4876 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    15:28:17.0783 4876 ql2300 - ok
    15:28:17.0798 4876 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    15:28:17.0802 4876 ql40xx - ok
    15:28:17.0865 4876 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    15:28:17.0874 4876 QWAVE - ok
    15:28:17.0908 4876 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    15:28:17.0910 4876 QWAVEdrv - ok
    15:28:17.0948 4876 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    15:28:17.0950 4876 RasAcd - ok
    15:28:17.0998 4876 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    15:28:18.0003 4876 RasAuto - ok
    15:28:18.0044 4876 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    15:28:18.0047 4876 Rasl2tp - ok
    15:28:18.0094 4876 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
    15:28:18.0103 4876 RasMan - ok
    15:28:18.0124 4876 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    15:28:18.0127 4876 RasPppoe - ok
    15:28:18.0150 4876 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    15:28:18.0153 4876 RasSstp - ok
    15:28:18.0189 4876 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    15:28:18.0196 4876 rdbss - ok
    15:28:18.0208 4876 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    15:28:18.0209 4876 RDPCDD - ok
    15:28:18.0292 4876 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    15:28:18.0298 4876 rdpdr - ok
    15:28:18.0304 4876 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    15:28:18.0306 4876 RDPENCDD - ok
    15:28:18.0356 4876 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    15:28:18.0362 4876 RDPWD - ok
    15:28:18.0406 4876 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    15:28:18.0411 4876 RemoteAccess - ok
    15:28:18.0450 4876 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
    15:28:18.0456 4876 RemoteRegistry - ok
    15:28:18.0482 4876 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
    15:28:18.0485 4876 rimmptsk - ok
    15:28:18.0540 4876 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
    15:28:18.0543 4876 rimsptsk - ok
    15:28:18.0552 4876 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
    15:28:18.0554 4876 rismxdp - ok
    15:28:18.0827 4876 RoxMediaDB9 (ad1411a7ea50f2f97a73a3f51153066e) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    15:28:18.0864 4876 RoxMediaDB9 - ok
    15:28:18.0895 4876 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    15:28:18.0901 4876 RpcLocator - ok
    15:28:19.0025 4876 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    15:28:19.0041 4876 RpcSs - ok
    15:28:19.0128 4876 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    15:28:19.0133 4876 rspndr - ok
    15:28:19.0174 4876 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    15:28:19.0179 4876 SamSs - ok
    15:28:19.0231 4876 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    15:28:19.0237 4876 sbp2port - ok
    15:28:19.0298 4876 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
    15:28:19.0303 4876 SCardSvr - ok
    15:28:19.0394 4876 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
    15:28:19.0410 4876 Schedule - ok
    15:28:19.0442 4876 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    15:28:19.0443 4876 SCPolicySvc - ok
    15:28:19.0487 4876 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    15:28:19.0490 4876 sdbus - ok
    15:28:19.0693 4876 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    15:28:19.0704 4876 SDRSVC - ok
    15:28:19.0725 4876 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    15:28:19.0728 4876 secdrv - ok
    15:28:19.0786 4876 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    15:28:19.0790 4876 seclogon - ok
    15:28:19.0808 4876 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
    15:28:19.0813 4876 SENS - ok
    15:28:19.0839 4876 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    15:28:19.0841 4876 Serenum - ok
    15:28:19.0856 4876 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    15:28:19.0859 4876 Serial - ok
    15:28:19.0902 4876 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    15:28:19.0904 4876 sermouse - ok
    15:28:19.0958 4876 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    15:28:19.0963 4876 SessionEnv - ok
    15:28:19.0970 4876 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    15:28:19.0972 4876 sffdisk - ok
    15:28:19.0995 4876 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    15:28:19.0997 4876 sffp_mmc - ok
    15:28:20.0011 4876 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    15:28:20.0013 4876 sffp_sd - ok
    15:28:20.0028 4876 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    15:28:20.0030 4876 sfloppy - ok
    15:28:20.0113 4876 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    15:28:20.0127 4876 SharedAccess - ok
    15:28:20.0218 4876 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
    15:28:20.0227 4876 ShellHWDetection - ok
    15:28:20.0251 4876 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    15:28:20.0254 4876 sisagp - ok
    15:28:20.0279 4876 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    15:28:20.0282 4876 SiSRaid2 - ok
    15:28:20.0309 4876 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    15:28:20.0312 4876 SiSRaid4 - ok
    15:28:20.0670 4876 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
    15:28:20.0749 4876 slsvc - ok
    15:28:20.0969 4876 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
    15:28:20.0979 4876 SLUINotify - ok
    15:28:21.0062 4876 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    15:28:21.0069 4876 Smb - ok
    15:28:21.0146 4876 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    15:28:21.0154 4876 SNMPTRAP - ok
    15:28:21.0196 4876 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    15:28:21.0199 4876 spldr - ok
    15:28:21.0249 4876 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
    15:28:21.0256 4876 Spooler - ok
    15:28:21.0343 4876 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    15:28:21.0352 4876 srv - ok
    15:28:21.0388 4876 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    15:28:21.0393 4876 srv2 - ok
    15:28:21.0417 4876 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    15:28:21.0422 4876 srvnet - ok
    15:28:21.0468 4876 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    15:28:21.0475 4876 SSDPSRV - ok
    15:28:21.0568 4876 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    15:28:21.0574 4876 SstpSvc - ok
    15:28:21.0676 4876 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
    15:28:21.0693 4876 stisvc - ok
    15:28:21.0840 4876 stllssvr (b254b1434208f280edf3785613dcc41b) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    15:28:21.0843 4876 stllssvr - ok
    15:28:21.0887 4876 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    15:28:21.0889 4876 swenum - ok
    15:28:21.0954 4876 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
    15:28:21.0964 4876 swprv - ok
    15:28:22.0011 4876 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    15:28:22.0014 4876 Symc8xx - ok
    15:28:22.0060 4876 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    15:28:22.0062 4876 Sym_hi - ok
    15:28:22.0089 4876 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    15:28:22.0091 4876 Sym_u3 - ok
    15:28:22.0146 4876 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
    15:28:22.0151 4876 SynTP - ok
    15:28:22.0258 4876 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
    15:28:22.0273 4876 SysMain - ok
    15:28:22.0307 4876 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    15:28:22.0313 4876 TabletInputService - ok
    15:28:22.0371 4876 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
    15:28:22.0401 4876 TapiSrv - ok
    15:28:22.0458 4876 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    15:28:22.0467 4876 TBS - ok
    15:28:22.0587 4876 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    15:28:22.0606 4876 Tcpip - ok
    15:28:22.0621 4876 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    15:28:22.0630 4876 Tcpip6 - ok
    15:28:22.0666 4876 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    15:28:22.0668 4876 tcpipreg - ok
    15:28:22.0706 4876 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    15:28:22.0708 4876 TDPIPE - ok
    15:28:22.0738 4876 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    15:28:22.0740 4876 TDTCP - ok
    15:28:22.0788 4876 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    15:28:22.0792 4876 tdx - ok
    15:28:22.0828 4876 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    15:28:22.0831 4876 TermDD - ok
    15:28:22.0909 4876 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
    15:28:22.0924 4876 TermService - ok
    15:28:22.0985 4876 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
    15:28:22.0991 4876 Themes - ok
    15:28:23.0038 4876 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    15:28:23.0041 4876 THREADORDER - ok
    15:28:23.0082 4876 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    15:28:23.0088 4876 TrkWks - ok
    15:28:23.0153 4876 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
    15:28:23.0155 4876 TrustedInstaller - ok
    15:28:23.0217 4876 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    15:28:23.0220 4876 tssecsrv - ok
    15:28:23.0254 4876 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    15:28:23.0258 4876 tunmp - ok
    15:28:23.0281 4876 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    15:28:23.0285 4876 tunnel - ok
    15:28:23.0327 4876 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    15:28:23.0330 4876 uagp35 - ok
    15:28:23.0391 4876 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    15:28:23.0397 4876 udfs - ok
    15:28:23.0447 4876 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    15:28:23.0452 4876 UI0Detect - ok
    15:28:23.0457 4876 UIUSys - ok
    15:28:23.0488 4876 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    15:28:23.0491 4876 uliagpkx - ok
    15:28:23.0522 4876 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    15:28:23.0528 4876 uliahci - ok
    15:28:23.0542 4876 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    15:28:23.0546 4876 UlSata - ok
    15:28:23.0564 4876 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    15:28:23.0568 4876 ulsata2 - ok
    15:28:23.0606 4876 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    15:28:23.0608 4876 umbus - ok
    15:28:23.0671 4876 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    15:28:23.0681 4876 upnphost - ok
    15:28:23.0722 4876 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
    15:28:23.0725 4876 USBAAPL - ok
    15:28:23.0775 4876 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    15:28:23.0778 4876 usbccgp - ok
    15:28:23.0790 4876 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    15:28:23.0793 4876 usbcir - ok
     
    jbh,
    #12
  14. 2012/05/12
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    15:28:23.0819 4876 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    15:28:23.0822 4876 usbehci - ok
    15:28:23.0858 4876 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    15:28:23.0864 4876 usbhub - ok
    15:28:23.0908 4876 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
    15:28:23.0910 4876 usbohci - ok
    15:28:23.0945 4876 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    15:28:23.0948 4876 usbprint - ok
    15:28:24.0043 4876 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    15:28:24.0046 4876 usbscan - ok
    15:28:24.0079 4876 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    15:28:24.0082 4876 USBSTOR - ok
    15:28:24.0118 4876 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    15:28:24.0120 4876 usbuhci - ok
    15:28:24.0164 4876 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    15:28:24.0169 4876 usbvideo - ok
    15:28:24.0207 4876 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
    15:28:24.0211 4876 UxSms - ok
    15:28:24.0289 4876 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
    15:28:24.0309 4876 vds - ok
    15:28:24.0341 4876 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    15:28:24.0353 4876 vga - ok
    15:28:24.0404 4876 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    15:28:24.0406 4876 VgaSave - ok
    15:28:24.0420 4876 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    15:28:24.0422 4876 viaagp - ok
    15:28:24.0431 4876 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    15:28:24.0433 4876 ViaC7 - ok
    15:28:24.0440 4876 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    15:28:24.0442 4876 viaide - ok
    15:28:24.0482 4876 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    15:28:24.0485 4876 volmgr - ok
    15:28:24.0525 4876 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    15:28:24.0533 4876 volmgrx - ok
    15:28:24.0585 4876 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    15:28:24.0592 4876 volsnap - ok
    15:28:24.0638 4876 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    15:28:24.0642 4876 vsmraid - ok
    15:28:24.0782 4876 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
    15:28:24.0821 4876 VSS - ok
    15:28:24.0894 4876 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
    15:28:24.0905 4876 W32Time - ok
    15:28:24.0973 4876 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    15:28:24.0975 4876 WacomPen - ok
    15:28:25.0014 4876 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:28:25.0017 4876 Wanarp - ok
    15:28:25.0023 4876 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    15:28:25.0024 4876 Wanarpv6 - ok
    15:28:25.0085 4876 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
    15:28:25.0098 4876 wcncsvc - ok
    15:28:25.0136 4876 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    15:28:25.0140 4876 WcsPlugInService - ok
    15:28:25.0170 4876 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    15:28:25.0173 4876 Wd - ok
    15:28:25.0261 4876 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    15:28:25.0275 4876 Wdf01000 - ok
    15:28:25.0313 4876 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    15:28:25.0324 4876 WdiServiceHost - ok
    15:28:25.0334 4876 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    15:28:25.0342 4876 WdiSystemHost - ok
    15:28:25.0406 4876 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
    15:28:25.0414 4876 WebClient - ok
    15:28:25.0465 4876 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    15:28:25.0472 4876 Wecsvc - ok
    15:28:25.0517 4876 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    15:28:25.0523 4876 wercplsupport - ok
    15:28:25.0604 4876 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
    15:28:25.0614 4876 WerSvc - ok
    15:28:25.0710 4876 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    15:28:25.0725 4876 winachsf - ok
    15:28:25.0858 4876 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    15:28:25.0869 4876 WinDefend - ok
    15:28:25.0892 4876 WinHttpAutoProxySvc - ok
    15:28:26.0133 4876 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
    15:28:26.0140 4876 Winmgmt - ok
    15:28:26.0300 4876 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    15:28:26.0329 4876 WinRM - ok
    15:28:26.0431 4876 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
    15:28:26.0446 4876 Wlansvc - ok
    15:28:26.0525 4876 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    15:28:26.0527 4876 WmiAcpi - ok
    15:28:26.0586 4876 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
    15:28:26.0591 4876 wmiApSrv - ok
    15:28:26.0815 4876 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    15:28:26.0843 4876 WMPNetworkSvc - ok
    15:28:26.0909 4876 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
    15:28:26.0921 4876 WPCSvc - ok
    15:28:26.0981 4876 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
    15:28:26.0992 4876 WPDBusEnum - ok
    15:28:27.0066 4876 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    15:28:27.0072 4876 WpdUsb - ok
    15:28:27.0301 4876 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    15:28:27.0328 4876 WPFFontCache_v0400 - ok
    15:28:27.0375 4876 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    15:28:27.0379 4876 ws2ifsl - ok
    15:28:27.0425 4876 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
    15:28:27.0435 4876 wscsvc - ok
    15:28:27.0446 4876 WSearch - ok
    15:28:27.0698 4876 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    15:28:27.0764 4876 wuauserv - ok
    15:28:27.0979 4876 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    15:28:27.0986 4876 WUDFRd - ok
    15:28:28.0021 4876 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    15:28:28.0031 4876 wudfsvc - ok
    15:28:28.0078 4876 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
    15:28:28.0082 4876 XAudio - ok
    15:28:28.0155 4876 XAudioService (cda0bc78672b50c43649ff34e1fd0ff8) C:\Windows\system32\DRIVERS\xaudio.exe
    15:28:28.0165 4876 XAudioService - ok
    15:28:28.0203 4876 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
    15:28:28.0250 4876 \Device\Harddisk0\DR0 - ok
    15:28:28.0255 4876 Boot (0x1200) (8f50f019fc5c77044abf1e9bd0a27553) \Device\Harddisk0\DR0\Partition0
    15:28:28.0257 4876 \Device\Harddisk0\DR0\Partition0 - ok
    15:28:28.0265 4876 Boot (0x1200) (514478d76ae1fe6c48e559c5daad5e2a) \Device\Harddisk0\DR0\Partition1
    15:28:28.0267 4876 \Device\Harddisk0\DR0\Partition1 - ok
    15:28:28.0270 4876 ============================================================
    15:28:28.0270 4876 Scan finished
    15:28:28.0270 4876 ============================================================
    15:28:28.0288 3260 Detected object count: 0
    15:28:28.0288 3260 Actual detected object count: 0
     
    jbh,
    #13
  15. 2012/05/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please check if IE is getting redirected as well.
     
    broni,
    #14
  16. 2012/05/12
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    I tried google and ie.....it seems to only redirect in firefox....
     
    jbh,
    #15
  17. 2012/05/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
     
    broni,
    #16
  18. 2012/05/12
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 20:15 on 12/05/2012 (hayter)
    Firefox version 12.0 (en-US)

    ========== GooredScan ==========

    (none)

    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [16:18 23/12/2011]

    C:\Users\hayter\Application Data\Mozilla\Firefox\Profiles\4cli9fxe.default\extensions\
    (none)

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b} "= "c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:31 16/10/2011]

    -=E.O.F=-
     
    jbh,
    #17
  19. 2012/05/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #18
  20. 2012/05/15
    jbh

    jbh Inactive Thread Starter

    Joined:
    2004/04/20
    Messages:
    149
    Likes Received:
    0
    Completely uninstalled firefox per instructions, reinstalled and now it works great!

    YOU ROCK!

    Many Thanks!!!!
     
    jbh,
    #19
  21. 2012/05/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Good news :)

    Reinstall AVG at any time.

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
PRC - [2012/04/23 20:38:30 | 000,785,304 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/04/23 20:38:30 | 000,785,304 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
[2012/05/03 17:08:09 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
[2012/04/28 09:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B4227B4

:Files
C:\Program Files\Application Updater\ApplicationUpdater.exe

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan ".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
    broni,
    #20
Page 1 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...