# I think i have a virus, please help!



## akairi97 (Sep 14, 2010)

I think i may have a virus because, ever since last week, whenever i go to a site it keeps routing me to another site that is not a good site to be on. This has started about a week ago. It first started when so many updates kept popping up on my pc and then my pc kept rebooting itself. It wouldnt let me do a system restore or anything. I downloaded malware and it pulled up a few viruses or malware( im not sure) and i quarantined them, but the virus is still on my pc. Can someone please help me?

I have a windows 7 home premium computer, 32- bit operating system


----------



## akairi97 (Sep 14, 2010)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:56 PM, on 8/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Users\user\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.convergysworkathome.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 11258 bytes


----------



## akairi97 (Sep 14, 2010)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Andrea at 22:49:01 on 2012-08-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1083 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Users\user\Downloads\HijackThis.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FE040ADA-E6F4-40E1-BA87-88A730D4112C} : DhcpNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-8-6 273960]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-4-26 80824]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-3-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-17 129976]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-4-26 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-11 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-11 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-08-21 02:34:11 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{63a356f8-70ad-4f83-ad25-46ead70a4ee9}\offreg.dll
2012-08-20 17:55:44 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{63a356f8-70ad-4f83-ad25-46ead70a4ee9}\mpengine.dll
2012-08-19 05:49:18 6891424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-15 21:51:28 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 21:51:27 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 21:51:26 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 21:51:25 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 21:51:24 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 21:51:24 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 21:51:23 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:21:34 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-15 02:21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-24 19:30:32 -------- d-----w- c:\users\andrea\appdata\roaming\Malwarebytes
2012-07-24 19:30:20 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 19:25:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-24 13:29:23 -------- d-----w- c:\users\andrea\appdata\local\Mozilla
2012-07-24 13:28:43 -------- d-----w- c:\users\andrea\appdata\local\Samsung
2012-07-24 13:28:36 -------- d-----w- c:\users\andrea\appdata\roaming\Samsung
.
==================== Find3M ====================
.
2012-08-15 14:28:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 14:28:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-06 12:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13  88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 22:49:48.41 ===============


----------



## akairi97 (Sep 14, 2010)

attachment


----------



## akairi97 (Sep 14, 2010)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-20 23:11:54
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320418AS rev.CC46
Running: 8flv80bc.exe; Driver: C:\Users\Andrea\AppData\Local\Temp\kxldapob.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A4D3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A86D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Andrea\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2556] ntdll.dll!DbgUiRemoteBreakin 7748F17D 1 Byte [C3]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000003f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


----------



## akairi97 (Sep 14, 2010)

Is there anybody that can help me? I work online and its really affecting me


----------



## akairi97 (Sep 14, 2010)

i know i can be annoying but is there anyone that can assist me?


----------



## CatByte (Feb 24, 2009)

sorry for the wait, the forum has been swamped

please run the following:

Refer to the *ComboFix User's Guide*


 Download ComboFix from the following location:

*Link *

** IMPORTANT !!! Place ComboFix.exe on your Desktop*

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs *here*

Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
 When finished, it shall produce a log for you. Post that log in your next reply

*Note: 
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.*

---------------------------------------------------------------------------------------------

Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message *"illegal operation attempted on registry key that has been marked for deletion"* and no programs will run - please just reboot and that will resolve that error.


----------



## akairi97 (Sep 14, 2010)

ComboFix 12-08-25.04 - Andrea 08/25/2012 23:40:41.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1175 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9997712-386A-4188-91C5-67E9279A45E7}.xps
c:\users\user\g2mdlhlpx.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 03:45 . 2012-08-26 03:46 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2012-08-26 03:45 . 2012-08-26 03:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-26 03:45 . 2012-08-26 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-26 03:37 . 2012-08-26 03:37 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF8AC47-2163-4156-89BD-41A10273DAAB}\MpKsl3588f6c8.sys
2012-08-26 03:36 . 2012-08-26 03:36 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF8AC47-2163-4156-89BD-41A10273DAAB}\offreg.dll
2012-08-25 13:02 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF8AC47-2163-4156-89BD-41A10273DAAB}\mpengine.dll
2012-08-24 02:21 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 21:51 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 21:51 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 21:51 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 21:51 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 21:51 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 21:51 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 21:51 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:21 . 2012-08-15 02:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-15 02:21 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:28 . 2012-04-15 20:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:28 . 2012-03-11 00:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-10 23:25 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-10 23:25 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-10 23:25 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 12:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:49 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 12:49 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 12:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 12:49 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-10 23:25 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-10 23:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-10 23:25 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-10 23:25 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-10 23:25 219136 ----a-w- c:\windows\system32\ncrypt.dll
2011-04-25 06:58 . 2011-04-25 06:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 07:48 . 2011-04-25 07:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 07:00 . 2011-04-25 07:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 06:59 . 2011-04-25 06:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 06:58 . 2011-04-25 06:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 06:57 . 2011-04-25 06:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 06:58 . 2011-04-25 06:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 06:58 . 2011-04-25 06:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 06:51 . 2011-04-25 06:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 07:00 . 2011-04-25 07:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-04-21 01:19 . 2012-05-17 10:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-03-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 MpKsl3588f6c8;MpKsl3588f6c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF8AC47-2163-4156-89BD-41A10273DAAB}\MpKsl3588f6c8.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3588F6C8
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:28]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-25 23:48:20
ComboFix-quarantined-files.txt 2012-08-26 03:48
.
Pre-Run: 276,692,590,592 bytes free
Post-Run: 278,339,358,720 bytes free
.
- - End Of File - - 889A7EE0B676B47E7B0B7E2EBD242F3A


----------



## CatByte (Feb 24, 2009)

Please do the following:


Please open your *MalwareBytes AntiMalware* Program
Click the *Update Tab* and *search for updates*
If an update is found, it will download and install the latest version.
Once the program has loaded, select* "Perform Quick Scan"*, then click* Scan.*
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that everything is checked, and click *Remove Selected*. <-- very important
When disinfection is completed, a *log* will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
*Copy&Paste the entire report in your next reply.*

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. 


*NEXT*

Go *here* to run an online scanner from *ESET.*

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activeX control to install
Click *Start*
Make sure that the option *Remove found threats* is *unticked* and the *Scan Archives* option is ticked.
Click on Advanced Settings, ensure the options *Scan for potentially unwanted applications*, *Scan for potentially unsafe applications*, and *Enable Anti-Stealth Technology* are ticked.
Click *Scan*
Wait for the scan to finish
When the scan completes, press the *LIST OF THREATS FOUND* button
Press *EXPORT TO TEXT FILE *, name the file *ESETSCAN* and save it to your desktop 
Include the contents of this report in your next reply.
Press the *BACK* button.
Press *Finish*


----------



## akairi97 (Sep 14, 2010)

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [limited]

Protection: Disabled

8/26/2012 12:30:25 AM
mbam-log-2012-08-26 (00-30-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 178954
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## akairi97 (Sep 14, 2010)

C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan
C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan
C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\extensions\[email protected] JS/Redirector.NCA trojan
C:\Users\user\AppData\Local\Apps\Apple Computer\dvqxakl.dll a variant of Win32/Kryptik.AKQH trojan
C:\Users\user\AppData\Local\Macromedia\Deployment\kwhyat.dll a variant of Win32/Kryptik.AJGX trojan
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\29d18562-63c3dfde Java/TrojanDownloader.Agent.NDW trojan
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\432013fc-55f1fd37 Java/Exploit.CVE-2012-0507.CK trojan
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\extensions\[email protected] JS/Redirector.NCA trojan


----------



## CatByte (Feb 24, 2009)

Please do the following:


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. 
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click* Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box* - *Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
http://forums.techguy.org/virus-other-malware-removal/1065829-i-think-i-have-virus.html#post8451042

Collect::
C:\Users\user\AppData\Local\Apps\Apple Computer\dvqxakl.dll 
C:\Users\user\AppData\Local\Macromedia\Deployment\kwhyat.dll 

File::
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\e xtensions\[email protected] 
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\29d18562-63c3dfde 
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\432013fc-55f1fd37 
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\ext ensions\[email protected] 
ClearJavaCache::
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')
*
Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File*;
2.Click *Save As*... Change the directory to your *desktop*;
3.Change the* Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save ...*










Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
*ComboFix may request an update; please allow it.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. 
*Copy and paste the contents of the log in your next reply.*

CAUTION: *Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.

*NEXT*


Please download MiniToolBox and save it to your desktop and run it.

Checkmark following checkboxes:
Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List installed programs.

Click *Go* and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

*NEXT*

Please download Farbar Service Scanner to your desktop and run it.

Make sure the following options are checked:
*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center*
*Windows Update*
*Windows Defender*

Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

*NEXT*

Please advise how the computer is running now and if there are any outstanding issues


----------



## akairi97 (Sep 14, 2010)

ComboFix 12-08-25.04 - Andrea 08/26/2012 23:39:02.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1140 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\e xtensions\[email protected]"
"c:\users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\29d18562-63c3dfde"
"c:\users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\432013fc-55f1fd37"
"c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\ext ensions\[email protected]"
.
file zipped: c:\users\user\AppData\Local\Apps\Apple Computer\dvqxakl.dll
file zipped: c:\users\user\AppData\Local\Macromedia\Deployment\kwhyat.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120826055101.368145
c:\users\user\AppData\Local\Apps\Apple Computer\dvqxakl.dll
c:\users\user\AppData\Local\Macromedia\Deployment\kwhyat.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 03:45 . 2012-08-27 03:45 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-27 03:45 . 2012-08-27 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-27 03:45 . 2012-08-27 03:45 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2012-08-26 06:26 . 2012-08-26 06:26 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1435744B-9F03-4574-8134-99A85B81521E}\offreg.dll
2012-08-26 06:25 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1435744B-9F03-4574-8134-99A85B81521E}\mpengine.dll
2012-08-26 04:39 . 2012-08-26 04:39 -------- d-----w- c:\program files\ESET
2012-08-26 03:57 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-26 03:53 . 2012-08-26 03:53 -------- d-----w- c:\users\Andrea\AppData\Local\Macromedia
2012-08-26 03:52 . 2012-07-14 00:16 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-26 03:52 . 2012-07-14 00:16 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-15 21:51 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 21:51 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 21:51 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 21:51 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 21:51 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 21:51 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 21:51 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 02:21 . 2012-08-15 02:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-15 02:21 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:28 . 2012-04-15 20:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:28 . 2012-03-11 00:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-10 23:25 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-10 23:25 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-10 23:25 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 12:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:49 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 12:49 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 12:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 12:49 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-10 23:25 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-10 23:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-10 23:25 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-10 23:25 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-10 23:25 219136 ----a-w- c:\windows\system32\ncrypt.dll
2011-04-25 06:58 . 2011-04-25 06:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 07:48 . 2011-04-25 07:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 07:00 . 2011-04-25 07:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 06:59 . 2011-04-25 06:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 06:58 . 2011-04-25 06:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 06:57 . 2011-04-25 06:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 06:58 . 2011-04-25 06:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 06:58 . 2011-04-25 06:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 06:51 . 2011-04-25 06:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 07:00 . 2011-04-25 07:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-07-14 00:17 . 2012-05-17 10:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-03-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 CFcatchme;CFcatchme;c:\users\Andrea\AppData\Local\Temp\CFcatchme.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:28]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-27 00:01:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-27 04:01
ComboFix2.txt 2012-08-26 03:48
.
Pre-Run: 278,357,147,648 bytes free
Post-Run: 278,346,113,024 bytes free
.
- - End Of File - - E0C7C85D0F764D56DEE9B0D47E64869F


----------



## akairi97 (Sep 14, 2010)

MiniToolBox by Farbar Version: 23-07-2012
Ran by user (ATTENTION: The logged in user is not administrator) on 27-08-2012 at 00:08:55
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

127.0.0.1 localhost

=========================== Installed Programs ============================

7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.0.619.0)
BitComet 1.32 (Version: 1.32)
Broadcom Gigabit NetLink Controller (Version: 12.33.02)
Citrix online plug-in - web (Version: 12.1.44.1)
Citrix online plug-in (DV) (Version: 12.1.44.1)
Citrix online plug-in (HDX) (Version: 12.1.44.1)
Citrix online plug-in (USB) (Version: 12.1.44.1)
Citrix online plug-in (Web) (Version: 12.1.44.1)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
GoToMeeting 5.1.0.880 (Version: 5.1.0.880)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1995)
Java Auto Updater (Version: 2.1.6.0)
Java(TM) 6 Update 31 (Version: 6.0.310)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 8.6.0 (Basic) (Version: 8.6.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10516.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MpcStar 5.4 (Version: 5.4)
MSVCRT (Version: 15.4.2862.0708)
QuickTime (Version: 7.71.80.42)
Samsung Kies (Version: 2.1.0.11112_41)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.4.0)
Secure Download Manager (Version: 3.0.3)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WOT for Internet Explorer (Version: 11.11.7.0)

**** End of log ****


----------



## akairi97 (Sep 14, 2010)

Farbar Service Scanner Version: 06-08-2012
Ran by user (ATTENTION: The logged in user is not administrator) on 27-08-2012 at 00:12:50
Running from "C:\Users\user\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is OK.
The ImagePath of Nsi service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy: 
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy: 
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

winmgmt Service is not running. Checking service configuration:
The start type of winmgmt service is OK.
The ImagePath of winmgmt: "%systemroot%\system32\svchost.exe -k netsvcs".
The ServiceDll of winmgmt service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:
The start type of PlugPlay service is OK.
The ImagePath of PlugPlay service is OK.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## akairi97 (Sep 14, 2010)

Sorry about that, It went back to normal and I was able to post the rest of the log files


----------



## akairi97 (Sep 14, 2010)

Im still getting redirected to other bad sites and some sites show that i have no connection to the internet. i have to keep clicking on the site to get to it. and then malware pulls up at the bottom of my screen stating that its block potentially malicious malware at the. Its seems nothing has changed with my pc at all. Does that mean that my pc is still infected?


----------



## CatByte (Feb 24, 2009)

it often takes several rounds with different tools before all the infection is eradicated, so hang in there with me

please do the following:

download Farbar Recovery Scan Tool  and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options*.

*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Choose your language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.
*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Choose your language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.
*On the System Recovery Options menu you will get the following options:*


*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst.exe* (for x64 bit version type *e:\frst64*) and press *Enter* 
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click *Yes* to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press *Scan* button.
FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
*services.exe*
now press the *search* button
when the search is complete, search.txt will also be written to your USB
type exit and reboot the computer normally
please copy and paste both logs in your reply.(FRST.txt and Search.txt)


----------



## akairi97 (Sep 14, 2010)

Question. how would I know which operating system to use?


----------



## CatByte (Feb 24, 2009)

what is your set up there? I'm only seeing Windows 7


----------



## akairi97 (Sep 14, 2010)

I have no idea. I have windows 7 32 bit operating system, home premium


----------



## CatByte (Feb 24, 2009)

ok, what part of the instructions are not clear?


----------



## akairi97 (Sep 14, 2010)

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 26-08-2012 01
Ran by SYSTEM at 27-08-2012 15:14:51
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [305088 2011-04-24] (Citrix Systems, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-04-03] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Andrea\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [954256 2012-04-03] (Samsung)
HKU\user\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-11] (Google Inc.)
HKU\user\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-04-03] ()
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) ========================

3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ===================

3 k57nd60x; C:\Windows\System32\DRIVERS\k57nd60x.sys [273960 2009-08-06] (Broadcom Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 catchme; \??\C:\Users\Andrea\AppData\Local\Temp\catchme.sys [x]
3 CFcatchme; \??\C:\Users\Andrea\AppData\Local\Temp\CFcatchme.sys [x]

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-08-27 15:14 - 2012-08-27 15:14 - 00000000 ____D C:\FRST
2012-08-27 07:15 - 2012-08-27 07:15 - 00901848 ____A (Farbar) C:\Users\user\Downloads\FRST.exe
2012-08-26 22:19 - 2012-08-26 22:19 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-26 22:19 - 2012-08-26 22:19 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-26 22:19 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-26 22:18 - 2012-08-26 22:18 - 10652120 ____A (Malwarebytes Corporation  ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(3).exe
2012-08-26 20:20 - 2012-08-26 20:20 - 16814136 ____A (Mozilla) C:\Users\user\Downloads\Firefox Setup 14.0.1.exe
2012-08-26 20:12 - 2012-08-26 20:12 - 00005760 ____A C:\Users\user\Desktop\FSS.txt
2012-08-26 20:11 - 2012-08-26 20:11 - 00693235 ____A (Farbar) C:\Users\user\Desktop\FSS.exe
2012-08-26 20:08 - 2012-08-26 20:08 - 00007118 ____A C:\Users\user\Downloads\Result.txt
2012-08-26 20:07 - 2012-08-26 20:07 - 00751391 ____A (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
2012-08-26 20:07 - 2012-08-26 20:07 - 00001456 ____A C:\Users\user\Desktop\MiniToolBox - Shortcut.lnk
2012-08-26 20:04 - 2012-08-26 20:04 - 00000000 ____D C:\Users\user\Desktop\combofix
2012-08-26 20:01 - 2012-08-26 20:01 - 00012822 ____A C:\ComboFix.txt
2012-08-26 19:38 - 2012-08-26 19:38 - 00001276 ____A C:\CF-Submit.htm
2012-08-25 21:56 - 2012-08-25 21:56 - 00001582 ____A C:\Users\user\Desktop\esetsmartinstaller_enu(1) - Shortcut.lnk
2012-08-25 21:55 - 2012-08-25 21:55 - 00001246 ____A C:\Users\user\Desktop\esetscan.txt
2012-08-25 21:53 - 2012-08-25 21:53 - 00001246 ____A C:\Users\Andrea\Desktop\esetscan.txt
2012-08-25 20:39 - 2012-08-25 20:39 - 02322184 ____A (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu(1).exe
2012-08-25 20:39 - 2012-08-25 20:39 - 00000000 ____D C:\Program Files\ESET
2012-08-25 20:37 - 2012-08-25 20:37 - 02322184 ____A (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2012-08-25 20:15 - 2012-08-25 20:15 - 00000825 ____A C:\Users\Andrea\Desktop\American Support Doc - Shortcut.lnk
2012-08-25 19:58 - 2012-08-25 19:58 - 16814136 ____A (Mozilla) C:\Users\Andrea\Downloads\Firefox Setup 14.0.1.exe
2012-08-25 19:53 - 2012-08-25 19:53 - 00000000 ____D C:\Users\Andrea\AppData\Local\Macromedia
2012-08-25 19:51 - 2012-08-25 19:51 - 00000000 __SHD C:\Users\Andrea\Desktop\%APPDATA%
2012-08-25 19:50 - 2012-08-25 19:50 - 00013548 ____A C:\Users\Andrea\Desktop\combofix.txt
2012-08-25 19:39 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-25 19:39 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-25 19:39 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-25 19:39 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-25 19:39 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-25 19:39 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-25 19:39 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-25 19:39 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-25 19:37 - 2012-08-26 20:02 - 00000000 ____D C:\Qoobox
2012-08-25 19:37 - 2012-08-26 19:45 - 00000000 ____D C:\Windows\erdnt
2012-08-25 19:35 - 2012-08-25 19:36 - 04738846 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2012-08-20 19:11 - 2012-08-20 19:11 - 00001709 ____A C:\Users\user\Desktop\ark.txt
2012-08-20 18:51 - 2012-08-20 18:51 - 00302592 ____A C:\Users\user\Desktop\8flv80bc.exe
2012-08-20 18:51 - 2012-08-20 18:51 - 00015934 ____A C:\Users\user\Desktop\DDS.txt
2012-08-20 18:50 - 2012-08-20 19:19 - 00008220 ____A C:\Users\user\Desktop\Attach.txt
2012-08-20 18:45 - 2012-08-20 18:46 - 00607260 ____R (Swearware) C:\Users\user\Desktop\dds.com
2012-08-20 18:44 - 2012-08-20 18:44 - 00011260 ____A C:\Users\user\Desktop\hijackthis.log
2012-08-20 18:43 - 2012-08-20 18:43 - 00011260 ____A C:\Users\user\Downloads\hijackthis.log
2012-08-20 18:42 - 2012-08-20 18:42 - 00388608 ____A (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe
2012-08-20 18:42 - 2012-08-20 18:42 - 00001451 ____A C:\Users\user\Desktop\HijackThis - Shortcut.lnk
2012-08-15 23:01 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 23:01 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 23:01 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 23:01 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 23:01 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 23:01 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 23:01 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 23:01 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 23:01 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 23:01 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 23:01 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 23:01 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 23:01 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 23:01 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 13:51 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 13:51 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 13:51 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 13:51 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 13:51 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 13:51 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 13:51 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 13:51 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-14 18:20 - 2012-08-14 18:21 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(2).exe
2012-08-14 15:19 - 2012-08-14 15:19 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(1).exe
2012-08-14 08:00 - 2012-08-14 08:00 - 00000082 ____A C:\Users\user\Desktop\ADP Retirement Services Login.URL
2012-08-14 05:31 - 2012-08-14 05:32 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-11 22:03 - 2012-08-26 19:44 - 00000000 ____D C:\Users\user\AppData\Local\Apps\Apple Computer
2012-08-01 05:19 - 2012-08-01 05:19 - 00272384 ____A C:\Users\user\Downloads\DeskInstU.msi

============ 3 Months Modified Files ========================

2012-08-27 11:08 - 2012-03-11 17:20 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-27 11:08 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-27 11:08 - 2009-07-13 20:39 - 00074210 ____A C:\Windows\setupact.log
2012-08-27 10:51 - 2012-03-10 15:56 - 01700845 ____A C:\Windows\WindowsUpdate.log
2012-08-27 10:35 - 2012-03-11 17:20 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-27 10:28 - 2012-04-15 12:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-27 08:31 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-27 08:31 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-27 07:18 - 2012-03-10 15:57 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-27 07:15 - 2012-08-27 07:15 - 00901848 ____A (Farbar) C:\Users\user\Downloads\FRST.exe
2012-08-26 22:19 - 2012-08-26 22:19 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-26 22:18 - 2012-08-26 22:18 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(3).exe
2012-08-26 20:20 - 2012-08-26 20:20 - 16814136 ____A (Mozilla) C:\Users\user\Downloads\Firefox Setup 14.0.1.exe
2012-08-26 20:20 - 2012-03-14 20:20 - 00001007 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-26 20:12 - 2012-08-26 20:12 - 00005760 ____A C:\Users\user\Desktop\FSS.txt
2012-08-26 20:11 - 2012-08-26 20:11 - 00693235 ____A (Farbar) C:\Users\user\Desktop\FSS.exe
2012-08-26 20:08 - 2012-08-26 20:08 - 00007118 ____A C:\Users\user\Downloads\Result.txt
2012-08-26 20:07 - 2012-08-26 20:07 - 00751391 ____A (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
2012-08-26 20:07 - 2012-08-26 20:07 - 00001456 ____A C:\Users\user\Desktop\MiniToolBox - Shortcut.lnk
2012-08-26 20:01 - 2012-08-26 20:01 - 00012822 ____A C:\ComboFix.txt
2012-08-26 19:59 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-08-26 19:45 - 2012-03-10 20:38 - 00014980 ____A C:\Windows\PFRO.log
2012-08-26 19:38 - 2012-08-26 19:38 - 00001276 ____A C:\CF-Submit.htm
2012-08-25 21:56 - 2012-08-25 21:56 - 00001582 ____A C:\Users\user\Desktop\esetsmartinstaller_enu(1) - Shortcut.lnk
2012-08-25 21:55 - 2012-08-25 21:55 - 00001246 ____A C:\Users\user\Desktop\esetscan.txt
2012-08-25 21:53 - 2012-08-25 21:53 - 00001246 ____A C:\Users\Andrea\Desktop\esetscan.txt
2012-08-25 20:39 - 2012-08-25 20:39 - 02322184 ____A (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu(1).exe
2012-08-25 20:37 - 2012-08-25 20:37 - 02322184 ____A (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2012-08-25 20:15 - 2012-08-25 20:15 - 00000825 ____A C:\Users\Andrea\Desktop\American Support Doc - Shortcut.lnk
2012-08-25 19:58 - 2012-08-25 19:58 - 16814136 ____A (Mozilla) C:\Users\Andrea\Downloads\Firefox Setup 14.0.1.exe
2012-08-25 19:50 - 2012-08-25 19:50 - 00013548 ____A C:\Users\Andrea\Desktop\combofix.txt
2012-08-25 19:36 - 2012-08-25 19:35 - 04738846 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2012-08-20 19:19 - 2012-08-20 18:50 - 00008220 ____A C:\Users\user\Desktop\Attach.txt
2012-08-20 19:11 - 2012-08-20 19:11 - 00001709 ____A C:\Users\user\Desktop\ark.txt
2012-08-20 18:51 - 2012-08-20 18:51 - 00302592 ____A C:\Users\user\Desktop\8flv80bc.exe
2012-08-20 18:51 - 2012-08-20 18:51 - 00015934 ____A C:\Users\user\Desktop\DDS.txt
2012-08-20 18:46 - 2012-08-20 18:45 - 00607260 ____R (Swearware) C:\Users\user\Desktop\dds.com
2012-08-20 18:44 - 2012-08-20 18:44 - 00011260 ____A C:\Users\user\Desktop\hijackthis.log
2012-08-20 18:43 - 2012-08-20 18:43 - 00011260 ____A C:\Users\user\Downloads\hijackthis.log
2012-08-20 18:42 - 2012-08-20 18:42 - 00388608 ____A (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe
2012-08-20 18:42 - 2012-08-20 18:42 - 00001451 ____A C:\Users\user\Desktop\HijackThis - Shortcut.lnk
2012-08-16 04:36 - 2009-07-13 20:53 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-16 04:36 - 2009-07-13 20:33 - 00406272 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 23:03 - 2012-03-11 08:05 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-15 06:28 - 2012-04-15 12:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-15 06:28 - 2012-03-10 16:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-14 18:21 - 2012-08-14 18:20 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(2).exe
2012-08-14 15:19 - 2012-08-14 15:19 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(1).exe
2012-08-14 08:00 - 2012-08-14 08:00 - 00000082 ____A C:\Users\user\Desktop\ADP Retirement Services Login.URL
2012-08-14 05:32 - 2012-08-14 05:31 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-01 05:19 - 2012-08-01 05:19 - 00272384 ____A C:\Users\user\Downloads\DeskInstU.msi
2012-07-24 11:25 - 2012-07-24 11:25 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Andrea\Downloads\tdsskiller.exe
2012-07-24 11:13 - 2012-07-24 11:13 - 00145536 ____A C:\Windows\Minidump\072412-22526-01.dmp
2012-07-24 11:13 - 2012-07-24 05:13 - 254028921 ____A C:\Windows\MEMORY.DMP
2012-07-24 10:40 - 2012-07-24 10:40 - 00145520 ____A C:\Windows\Minidump\072412-15724-01.dmp
2012-07-24 10:36 - 2012-07-24 10:36 - 00145520 ____A C:\Windows\Minidump\072412-20280-01.dmp
2012-07-24 10:32 - 2012-07-24 10:32 - 00145520 ____A C:\Windows\Minidump\072412-19078-01.dmp
2012-07-24 05:26 - 2012-07-24 05:25 - 00145520 ____A C:\Windows\Minidump\072412-29094-01.dmp
2012-07-24 05:19 - 2012-07-24 05:19 - 00145520 ____A C:\Windows\Minidump\072412-18673-01.dmp
2012-07-24 05:15 - 2012-07-24 05:15 - 00145520 ____A C:\Windows\Minidump\072412-14648-01.dmp
2012-07-24 05:13 - 2012-07-24 05:13 - 00145520 ____A C:\Windows\Minidump\072412-16333-01.dmp
2012-07-18 09:47 - 2012-08-15 13:51 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 18:14 - 2012-07-17 18:08 - 00000161 ____A C:\Users\user\Desktop\DDS Internet Services - Account Login.URL
2012-07-16 05:53 - 2012-07-10 15:12 - 00006008 ____A C:\comcastrelease.log
2012-07-16 05:53 - 2012-07-10 15:12 - 00001262 ____A C:\Users\Andrea\Desktop\XFINITY Connect.lnk
2012-07-16 05:53 - 2012-07-10 15:12 - 00001234 ____A C:\Users\Andrea\Desktop\Constant Guard Protection Suite.lnk
2012-07-16 05:53 - 2012-07-10 15:12 - 00001228 ____A C:\Users\Andrea\Desktop\XFINITY TV.lnk
2012-07-12 11:25 - 2012-05-23 15:10 - 00000116 ____A C:\Users\user\Desktop\Cable provider number.txt
2012-07-09 09:58 - 2012-07-09 09:58 - 06953928 ____A (Microsoft Corporation) C:\Users\user\Downloads\Silverlight(1).exe
2012-07-04 13:16 - 2012-08-15 13:51 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:14 - 2012-08-15 13:51 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:14 - 2012-08-15 13:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-03 09:46 - 2012-08-26 22:19 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 16:52 - 2012-08-15 23:01 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-15 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-15 23:01 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-15 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-15 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-15 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-15 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 23:01 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-15 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-15 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 10:58 - 2012-06-28 10:58 - 00907528 ____A (Sun Microsystems, Inc.) C:\Users\user\Downloads\jre-6u33-windows-i586-iftw.exe
2012-06-28 03:34 - 2012-06-28 03:34 - 00894448 ____A (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2012-06-15 14:11 - 2012-06-06 16:43 - 00000305 ____A C:\Users\user\Desktop\COB LOCATIONS.txt
2012-06-08 20:41 - 2012-07-10 15:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 04:49 - 2012-06-06 04:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX
2012-06-05 21:05 - 2012-07-10 15:25 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:25 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:25 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-21 04:49 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 04:49 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 04:49 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 04:49 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 04:49 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 04:49 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 04:49 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 04:49 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-21 04:49 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:45 - 2012-07-10 15:25 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 15:25 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 15:25 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 15:25 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 15:25 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

ZeroAccess:
C:\Users\user\AppData\Local\{adb8b9f1-93ad-fa71-51ac-c753a60a39c5}
C:\Users\user\AppData\Local\{adb8b9f1-93ad-fa71-51ac-c753a60a39c5}\@
C:\Users\user\AppData\Local\{adb8b9f1-93ad-fa71-51ac-c753a60a39c5}\L
C:\Users\user\AppData\Local\{adb8b9f1-93ad-fa71-51ac-c753a60a39c5}\U

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-12 15:00:26
Restore point made on: 2012-08-15 05:03:31
Restore point made on: 2012-08-15 23:00:25
Restore point made on: 2012-08-19 15:00:19
Restore point made on: 2012-08-20 09:54:52
Restore point made on: 2012-08-23 18:20:59
Restore point made on: 2012-08-26 15:00:26
Restore point made on: 2012-08-26 22:28:30

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 2012.8 MB
Available physical RAM: 1370.5 MB
Total Pagefile: 2012.8 MB
Available Pagefile: 1373.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:259.77 GB) NTFS
3 Drive f: () (Removable) (Total:0.12 GB) (Free:0.01 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B 
Disk 1 Online 121 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 121 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 121 MB Healthy

==================================================================================

Last Boot: 2012-08-17 06:33

==================== End Of Log =============================


----------



## akairi97 (Sep 14, 2010)

Farbar Recovery Scan Tool Version: 26-08-2012 01
Ran by SYSTEM at 2012-08-27 15:16:31
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\erdnt\cache\services.exe
[2012-08-25 19:47] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===


----------



## akairi97 (Sep 14, 2010)

Sorry I took so long,


----------



## CatByte (Feb 24, 2009)

no problem

please run the following:

Please do the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as *fixlist.txt*


```
start
C:\Users\user\AppData\Local\{adb8b9f1-93ad-fa71-51ac-c753a60a39c5}
cmd: bootrec /FixMbr
end
```
*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system*

Now please enter *System Recovery Options* then select *Command Prompt*

Run *FRST* (or FRST64 if you have the 64bit version) and press the *Fix* button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Please let me know how the system is running now, are you still being redirected?

if so, is it happening in all browsers, is it any particular website that you visit or is it random?


----------



## akairi97 (Sep 14, 2010)

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 26-08-2012 01
Ran by SYSTEM at 2012-08-27 16:25:08 Run:1
Running from F:\

==============================================

C:\Users\user\AppData\Local\{adb8b9f1-93ad-fa71-51ac-c753a60a39c5} moved successfully.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y . 

========= End of CMD: =========


==== End of Fixlog ====


----------



## akairi97 (Sep 14, 2010)

Yes, its still redirecting the browser. Its basically any site that i go to and it redirects me to a bad site. I have WOT that tells me what sites are good and bad. I have been going to these sites for many years and this is the first time that I keep getting redirected to bad sites. Im getting redirected to this site here:

http://www.findyourpublisher.com/Pu...FindYourPublisher.com+ADK&GKW=Book+Publishing

There are other bad sites too, but I haven't seen them come up lately, only this one. One of the bad sites that used to come up was scour.com


----------



## CatByte (Feb 24, 2009)

please run the following:

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select *All Users*
Under the Custom Scan box paste this in
*netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT*
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Post both logs


----------



## akairi97 (Sep 14, 2010)

OTL logfile created on: 8/27/2012 7:21:29 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\user\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 74.42% Memory free
3.93 Gb Paging File | 3.04 Gb Available in Paging File | 77.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 259.52 Gb Free Space | 87.09% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/27 19:19:00 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/04/04 01:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 01:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/25 03:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 03:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/27 00:05:11 | 000,115,137 | ---- | M] () -- C:\Users\user\AppData\Local\temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/06/19 03:07:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/06/19 03:04:37 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/19 03:04:25 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/19 03:04:16 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/06/19 03:04:14 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/05/12 03:35:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:35:39 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/05/12 03:08:13 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:04:47 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/05/12 03:04:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/05/12 03:04:39 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/05/12 03:04:33 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/04/04 01:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV - [2012/08/25 23:52:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 10:28:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/11 11:45:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/28 04:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrea\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrea\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/24 05:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/02/24 05:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/04/25 02:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/08/06 05:43:52 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 83 69 12 1A FF CC 01 [binary data]
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..\SearchScopes,DefaultScope = {BBC3F5CC-8983-48A8-A88F-091B625C1B39}
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B817E8F0-5681-46E4-8B83-13709C90CF2F}&mid=546a77795d1447d1922155626d69a650-b28ae433c51cad02b9b7d58d447040698c35f879&lang=en&ds=AVG&pr=pr&d=2012-03-12 08:54:35&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..\SearchScopes\{BBC3F5CC-8983-48A8-A88F-091B625C1B39}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_enUS474
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-753190379-2561579638-684410764-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate07162012
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1003\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS474
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B817E8F0-5681-46E4-8B83-13709C90CF2F}&mid=546a77795d1447d1922155626d69a650-b28ae433c51cad02b9b7d58d447040698c35f879&lang=en&ds=AVG&pr=pr&d=2012-03-12 08:54:35&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/27 00:20:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/17 06:46:01 | 000,000,000 | ---D | M]

[2012/08/25 23:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Extensions
[2012/08/12 02:03:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\extensions
[2012/08/25 23:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\extensions
[2012/08/27 00:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/25 02:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 03:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 02:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011/04/25 02:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2012/01/12 04:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/04/25 03:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011/04/25 03:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/03/14 11:22:58 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/28 16:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xfinity.xml

O1 HOSTS File: ([2012/08/26 23:59:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-753190379-2561579638-684410764-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-753190379-2561579638-684410764-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-753190379-2561579638-684410764-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-753190379-2561579638-684410764-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-753190379-2561579638-684410764-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-753190379-2561579638-684410764-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O15 - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..Trusted Domains: convergysworkathome.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..Trusted Domains: csgweb.com ([webapps] https in Trusted sites)
O15 - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..Trusted Domains: ctuonline.edu ([campus] https in Trusted sites)
O15 - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..Trusted Domains: google.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..Trusted Domains: hostedcc.com ([]https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE040ADA-E6F4-40E1-BA87-88A730D4112C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/27 19:14:19 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/27 02:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/27 02:19:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/27 02:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/27 00:02:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/26 23:59:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/26 23:45:05 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\temp
[2012/08/26 00:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/25 23:53:48 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Macromedia
[2012/08/25 23:51:43 | 000,000,000 | -HSD | C] -- C:\Users\Andrea\Desktop\%APPDATA%
[2012/08/25 23:39:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/25 23:39:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/25 23:39:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/25 23:37:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/25 23:37:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/27 19:17:55 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/27 19:17:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/27 19:17:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/27 16:35:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 16:35:19 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/27 16:32:36 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/27 16:32:36 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/27 16:28:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/27 16:28:03 | 1582,931,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/27 02:19:29 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 00:20:52 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/26 23:59:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/26 23:38:47 | 000,001,276 | ---- | M] () -- C:\CF-Submit.htm
[2012/08/26 00:15:31 | 000,000,825 | ---- | M] () -- C:\Users\Andrea\Desktop\American Support Doc - Shortcut.lnk
[2012/08/16 08:36:28 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/27 02:19:29 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 23:38:47 | 000,001,276 | ---- | C] () -- C:\CF-Submit.htm
[2012/08/26 00:15:31 | 000,000,825 | ---- | C] () -- C:\Users\Andrea\Desktop\American Support Doc - Shortcut.lnk
[2012/08/25 23:39:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/25 23:39:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/25 23:39:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/25 23:39:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/25 23:39:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/16 23:59:22 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/10 20:10:22 | 000,982,224 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/03/10 20:10:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2012/03/10 20:10:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2012/03/10 20:10:20 | 000,092,284 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012/03/10 20:10:20 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/03/10 20:10:19 | 000,439,336 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/03/10 20:10:19 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/11/29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/11/29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/11/29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/11/29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== LOP Check ==========

[2012/04/07 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\BitComet
[2012/03/15 03:32:09 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\CometPlayer
[2012/04/07 08:39:51 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ICAClient
[2012/07/24 09:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Samsung
[2012/03/15 03:32:09 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\tigerplayer
[2012/04/07 08:38:18 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ICAClient
[2012/08/26 23:43:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitComet
[2012/03/15 03:17:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitTorrent
[2012/03/15 10:03:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CometPlayer
[2012/03/10 20:33:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\e-academy Inc
[2012/06/18 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICAClient
[2012/04/07 09:00:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
[2012/06/19 02:16:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TigerPlayer
[2012/03/25 19:43:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2012/08/16 08:36:37 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3320418AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 105906176
Hidden sectors: 0

< End of report >


----------



## akairi97 (Sep 14, 2010)

OTL Extras logfile created on: 8/27/2012 7:21:29 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\user\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 74.42% Memory free
3.93 Gb Paging File | 3.04 Gb Available in Paging File | 77.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 259.52 Gb Free Space | 87.09% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D173755-E0C2-4929-9C8E-EEA9319CFE0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1AED993C-6F27-4060-9B62-152BD775A436}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1FD8F02F-6CA2-4462-B893-B9055265BB50}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2589B9F9-C29A-41D5-AC54-D00C5B766FC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2B164903-0BDC-47B5-A425-98588DD784FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{35837A42-70F2-43D6-AD1D-C7FBAE80FD28}" = lport=137 | protocol=17 | dir=in | app=system | 
"{361F9B2F-6131-41BA-B830-635F0346DA6E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3748DE0A-510D-4CCE-830B-28FA5EB841EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3932F830-7770-459F-8185-6AEDF0110C87}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B305B97-0777-4749-AAC3-35399EAEDF86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{466E2B43-DDC5-4864-9C53-223C55C1C2DF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4742AA2B-371B-4729-9384-7FD1DBC27773}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4AAFC947-FB95-4BA7-A5F5-650EF8C38BBB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50D26E94-7EFA-4053-8DCF-E4506D893159}" = lport=138 | protocol=17 | dir=in | app=system | 
"{560FC7EC-8723-480D-871C-875255C5FFBA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{6CC53BA7-5030-497E-9A26-D4B556415D32}" = lport=26707 | protocol=6 | dir=in | name=bitcomet 26707 tcp | 
"{732EF2BC-7F82-4DFD-8180-3E845A4B9050}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7F5D9CE5-EE3E-47B3-9F01-DC58D1E3BE18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{8EFCC1F7-9A82-4673-A5A0-CEB8576AE02B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8F19A786-DA37-4670-9F22-E0E114BD29DE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A39A3E68-E4FA-47E6-8DCA-AF81F02AE710}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B6F7E846-02E2-46CB-98A4-306D9400CD88}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B89BB5AD-E1FA-430A-9A3A-1E43BC1AB866}" = lport=26707 | protocol=17 | dir=in | name=bitcomet 26707 udp | 
"{BDB32D27-C839-4548-8638-8BD2C5188405}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9F26D8B-97DE-4A99-96FD-E87ACBC02066}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E7DA656A-6216-45F1-9054-9A8BF9819472}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E90D4587-F843-4873-8412-3A9A6482FC7C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FEBA4CF4-08A1-454D-91BA-0604F8868A34}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0647D1A6-4F9D-4AE6-99C5-411FF6EB4798}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{15603474-0178-4ED1-A494-FE2AE9CE4241}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3217DEBB-8451-4122-8FEB-EB3FE3CC0B61}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{3937F7E6-FBBD-4640-9E80-B5B9F1F36AC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4FA5CF34-4864-4ACD-9787-017E0455EE1D}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{52444023-0C36-4367-8C8E-3D91A3059FB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{593B600E-206B-401B-915D-E6EE463BDE57}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5CF2DFA3-7BDC-41AE-ACAC-59010803159A}" = protocol=1 | dir=in | [email protected],-28543 | 
"{5E664A6E-10A7-46F8-BD8D-3CE317847606}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{656255DA-DE71-4D15-BFCF-DD8E02900649}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{67B3BDAA-8467-4A60-B899-981F8A9F779D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6A43F066-6562-49AE-95B5-62D425B4FA28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{79B7C347-21EE-4368-AD6D-2700CCB2B2DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{7A50D593-3D7E-4D36-8A79-D7B38BBC355D}" = protocol=6 | dir=out | app=system | 
"{81196FEF-AAD2-4A96-B299-A8D5905236D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93522C5E-10E0-4E47-87F6-B3175765F8FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{967E127A-F854-437B-B747-6DE06B280869}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{9D6FDEA8-C965-4A63-BA47-24C719541541}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{B0B29CD3-65AE-4A5E-99A4-C1CD3FAFFDFD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B93C8BA9-CA84-4F4A-8303-B400882D50BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BA61349F-0A2C-49BC-AAE0-14E40B640820}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{BAD3CD28-523C-403D-88E9-ADC8A27DFD9D}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{BBF9B149-81E1-4FB8-8B2D-A1645AF98A06}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D0C85A49-8B17-4109-97F6-508DD8BDF3D4}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{D2EAD531-E6B8-4894-998D-D32DB458DB4C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{D3C374E0-ECEA-442A-BAF2-6EBBF3A511D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDE5C629-74BA-46D7-B976-851E734E99EF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{E7252F1C-B68A-4429-9110-B267B8DD4C1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7AAB08E-B6F5-4682-A3C8-D8A3B235DED5}" = protocol=58 | dir=out | [email protected],-28546 | 
"{F1703282-656D-40F4-85E0-75BBFB670D47}" = protocol=58 | dir=in | [email protected],-28545 | 
"{F37F857E-5CB2-4EF1-B459-C8FC33F8A2C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{54A69C66-43AF-448D-964A-7264739DE414}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{DC21F12E-D9E4-435F-A409-6228409FBF92}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B4C147E8-DBEA-4D52-8050-51A543B2065A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{D7E3DFDB-287B-45DD-B543-E51C54F118AD}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C0DA129B-1E45-494D-A362-5CD0109C306B}" = WOT for Internet Explorer
"{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BitComet" = BitComet 1.32
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MpcStar" = MpcStar 5.4
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-753190379-2561579638-684410764-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-753190379-2561579638-684410764-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2012 12:05:10 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/27/2012 12:17:56 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/27/2012 2:17:35 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/27/2012 11:11:28 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/27/2012 3:03:12 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/27/2012 3:08:14 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/27/2012 3:18:29 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/27/2012 4:18:10 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/27/2012 4:25:52 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 8/27/2012 4:28:19 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 7/24/2012 2:58:14 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 2:58:14 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 3:03:14 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 3:03:14 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 3:03:14 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 3:05:20 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 3:05:20 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 3:05:20 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 3:09:19 PM | Computer Name = user-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 7/24/2012 3:09:20 PM | Computer Name = user-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

< End of report >


----------



## akairi97 (Sep 14, 2010)

Im getting redirected to scour.com. I copied the website below and it says scour on it

http://63.209.69.107/search/web/bin+won/C10/ecn/48640-12780/v5

Here is another bad site that will pull up, and this is for any site that I will go to

http://8.26.70.252/see/display.php?q=vikki+drama&affsub=48640-12780&subid=e10


----------



## CatByte (Feb 24, 2009)

Run *OTL.exe*

Copy/paste the following text written *inside of the code box* into the *Custom Scans/Fixes* box located at the bottom of OTL


```
:OTL
MOD - [2012/08/27 00:05:11 | 000,115,137 | ---- | M] () -- C:\Users\user\AppData\Local\temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7F 83 69 12 1A FF CC 01 [binary data]
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..\SearchScopes,DefaultScope = {BBC3F5CC-8983-48A8-A88F-091B625C1B39}
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1000\..\SearchScopes\{BBC3F5CC-8983-48A8-A88F-091B625C1B39}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGNI_enUS474
IE - HKU\S-1-5-21-753190379-2561579638-684410764-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_enUS474

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
Then post the OTL log

Please let me know if the redirect is still there


----------



## akairi97 (Sep 14, 2010)

I didnt get a OTL log file after my pc got rebooted.

Got redirected to another one

http://63.209.69.107/search/web/vikki+drama/C10/ecn/46938-10090/v5

no matter what site i go to it pulls this one up


----------



## CatByte (Feb 24, 2009)

can you please mung the links in those websites, thanks (I don't want readers clicking on them)

let's reset your router:

please do the following:

Reset your Router:


This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. 
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). 
If you don't know the router's default password, you can look it up. HERE
You also need to reconfigure any security settings you had in place prior to the reset. 
You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Please do the following:

Click the *Microsoft Start logo* in the bottom left corner of the screen
Click *All Programs*
Click *Accessories*
RIGHT-click on *Command Prompt*
Select *Run As Administrator*
In the command window type the following and then hit enter: 
*
ipconfig /flushdns​*
You will see the following confirmation:



> Windows IP Configuration
> Successfully flushed the DNS Resolver Cache.


now run the Temp File Cleaner:

Download *TFC* to your *desktop*

Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean

then this program

Download *AdwCleaner* from  here  and save it to your desktop.

Run *AdwCleaner* and select *Delete*
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply

let me know if that makes any difference


----------



## akairi97 (Sep 14, 2010)

Sorry about that. A log didnt produce for when I ran the Adwcleaner


----------



## akairi97 (Sep 14, 2010)

Im still getting redirected, its a different site too


----------



## CatByte (Feb 24, 2009)

what browser are you using?

what add-ons/plug-ins do you have?

Please re-run TDSSKiller and post the resulting log


----------



## akairi97 (Sep 14, 2010)

Im using FF, I have these plug ins: *adobe, java, java deployment toolkit, java(Tm) SE 7 bitcomet agent, google update, microsoft office 2010, quick time, shockwave for director, shockwave flash, silverlight, and windows live plugins*


----------



## akairi97 (Sep 14, 2010)

I never ran TDSSKILLER


----------



## CatByte (Feb 24, 2009)

> (Kaspersky Lab ZAO) C:\Users\Andrea\Downloads\tdsskiller.exe
> C:\TDSSKiller_Quarantine\24.07.2012_15.25.09\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan


 sorry, when I saw it in the log, I just assumed it was you who had run it

here are the full instructions

Please download TDSSKiller.zip

Extract it to your desktop
Double click *TDSSKiller.exe*
when the window opens, click on *Change Parameters*
under *"Additional options"*, put a check mark in the box next to *"Detect TDLFS File System"*
click *OK* 
Press *Start Scan*
If *Malicious objects* are found then ensure *Cure* is selected
If *TDLFS File System/TDSS File system* is found then ensure *Cure* is selected (if cure is not available, choose skip)
Then click *Continue* > *Reboot now*

Copy and paste the log in your next reply
_A copy of the log will be saved automatically to the root of the drive (typically C:\)_


----------



## akairi97 (Sep 14, 2010)

15:25:09.0326 2060 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:25:09.0692 2060 ============================================================
15:25:09.0693 2060 Current date / time: 2012/07/24 15:25:09.0692
15:25:09.0693 2060 SystemInfo:
15:25:09.0693 2060 
15:25:09.0693 2060 OS Version: 6.1.7601 ServicePack: 1.0
15:25:09.0693 2060 Product type: Workstation
15:25:09.0693 2060 ComputerName: USER-PC
15:25:09.0693 2060 UserName: Andrea
15:25:09.0693 2060 Windows directory: C:\Windows
15:25:09.0693 2060 System windows directory: C:\Windows
15:25:09.0693 2060 Processor architecture: Intel x86
15:25:09.0693 2060 Number of processors: 2
15:25:09.0693 2060 Page size: 0x1000
15:25:09.0693 2060 Boot type: Safe boot with network
15:25:09.0693 2060 ============================================================
15:25:10.0546 2060 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:25:10.0547 2060 Drive \Device\Harddisk1\DR1 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:25:10.0549 2060 ============================================================
15:25:10.0549 2060 \Device\Harddisk0\DR0:
15:25:10.0549 2060 MBR partitions:
15:25:10.0549 2060 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:25:10.0549 2060 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
15:25:10.0549 2060 \Device\Harddisk1\DR1:
15:25:10.0550 2060 MBR partitions:
15:25:10.0550 2060 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
15:25:10.0550 2060 ============================================================
15:25:10.0577 2060 C: <-> \Device\Harddisk0\DR0\Partition1
15:25:10.0578 2060 ============================================================
15:25:10.0578 2060 Initialize success
15:25:10.0578 2060 ============================================================
15:25:12.0480 3304 ============================================================
15:25:12.0480 3304 Scan started
15:25:12.0480 3304 Mode: Manual; 
15:25:12.0480 3304 ============================================================
15:25:14.0575 3304 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
15:25:14.0577 3304 1394ohci - ok
15:25:14.0591 3304 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
15:25:14.0594 3304 ACPI - ok
15:25:14.0605 3304 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
15:25:14.0606 3304 AcpiPmi - ok
15:25:14.0658 3304 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:25:14.0661 3304 AdobeARMservice - ok
15:25:14.0829 3304 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:25:14.0832 3304 AdobeFlashPlayerUpdateSvc - ok
15:25:14.0907 3304 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:25:14.0911 3304 adp94xx - ok
15:25:14.0930 3304 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:25:14.0933 3304 adpahci - ok
15:25:14.0952 3304 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:25:14.0953 3304 adpu320 - ok
15:25:14.0993 3304 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
15:25:15.0002 3304 AeLookupSvc - ok
15:25:15.0042 3304 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
15:25:15.0046 3304 AFD - ok
15:25:15.0094 3304 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
15:25:15.0095 3304 agp440 - ok
15:25:15.0139 3304 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:25:15.0140 3304 aic78xx - ok
15:25:15.0165 3304 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
15:25:15.0166 3304 ALG - ok
15:25:15.0178 3304 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
15:25:15.0179 3304 aliide - ok
15:25:15.0200 3304 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
15:25:15.0201 3304 amdagp - ok
15:25:15.0216 3304 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
15:25:15.0216 3304 amdide - ok
15:25:15.0237 3304 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:25:15.0238 3304 AmdK8 - ok
15:25:15.0262 3304 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:25:15.0263 3304 AmdPPM - ok
15:25:15.0371 3304 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
15:25:15.0372 3304 amdsata - ok
15:25:15.0405 3304 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:25:15.0407 3304 amdsbs - ok
15:25:15.0429 3304 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
15:25:15.0431 3304 amdxata - ok
15:25:15.0472 3304 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
15:25:15.0473 3304 AppID - ok
15:25:15.0529 3304 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
15:25:15.0535 3304 AppIDSvc - ok
15:25:15.0564 3304 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
15:25:15.0564 3304 Appinfo - ok
15:25:15.0598 3304 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:25:15.0599 3304 arc - ok
15:25:15.0616 3304 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:25:15.0617 3304 arcsas - ok
15:25:15.0643 3304 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:25:15.0644 3304 AsyncMac - ok
15:25:15.0672 3304 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
15:25:15.0672 3304 atapi - ok
15:25:15.0775 3304 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:25:15.0779 3304 AudioEndpointBuilder - ok
15:25:15.0785 3304 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
15:25:15.0788 3304 Audiosrv - ok
15:25:15.0853 3304 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
15:25:15.0854 3304 AxInstSV - ok
15:25:15.0900 3304 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:25:15.0905 3304 b06bdrv - ok
15:25:15.0936 3304 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:25:15.0939 3304 b57nd60x - ok
15:25:16.0000 3304 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
15:25:16.0004 3304 BBSvc - ok
15:25:16.0029 3304 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
15:25:16.0030 3304 BDESVC - ok
15:25:16.0042 3304 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:25:16.0042 3304 Beep - ok
15:25:16.0092 3304 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
15:25:16.0105 3304 BFE - ok
15:25:16.0137 3304 BITCOMET_HELPER_SERVICE - ok
15:25:16.0169 3304 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
15:25:16.0220 3304 BITS - ok
15:25:16.0231 3304 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:25:16.0232 3304 blbdrive - ok
15:25:16.0257 3304 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
15:25:16.0258 3304 bowser - ok
15:25:16.0276 3304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:25:16.0276 3304 BrFiltLo - ok
15:25:16.0293 3304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:25:16.0294 3304 BrFiltUp - ok
15:25:16.0363 3304 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
15:25:16.0364 3304 Browser - ok
15:25:16.0387 3304 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:25:16.0390 3304 Brserid - ok
15:25:16.0406 3304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:25:16.0407 3304 BrSerWdm - ok
15:25:16.0427 3304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:25:16.0428 3304 BrUsbMdm - ok
15:25:16.0437 3304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:25:16.0437 3304 BrUsbSer - ok
15:25:16.0446 3304 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:25:16.0447 3304 BTHMODEM - ok
15:25:16.0475 3304 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
15:25:16.0476 3304 bthserv - ok
15:25:16.0495 3304 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:25:16.0496 3304 cdfs - ok
15:25:16.0546 3304 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
15:25:16.0547 3304 cdrom - ok
15:25:16.0595 3304 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:25:16.0596 3304 CertPropSvc - ok
15:25:16.0606 3304 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:25:16.0607 3304 circlass - ok
15:25:16.0714 3304 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:25:16.0716 3304 CLFS - ok
15:25:16.0758 3304 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:25:16.0761 3304 clr_optimization_v2.0.50727_32 - ok
15:25:16.0812 3304 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:25:16.0828 3304 clr_optimization_v4.0.30319_32 - ok
15:25:16.0880 3304 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:25:16.0881 3304 CmBatt - ok
15:25:16.0904 3304 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
15:25:16.0904 3304 cmdide - ok
15:25:16.0962 3304 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
15:25:16.0965 3304 CNG - ok
15:25:16.0981 3304 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:25:16.0982 3304 Compbatt - ok
15:25:17.0019 3304 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
15:25:17.0020 3304 CompositeBus - ok
15:25:17.0034 3304 COMSysApp - ok
15:25:17.0044 3304 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:25:17.0045 3304 crcdisk - ok
15:25:17.0159 3304 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
15:25:17.0161 3304 CryptSvc - ok
15:25:17.0191 3304 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\Windows\system32\DRIVERS\ctxusbm.sys
15:25:17.0192 3304 ctxusbm - ok
15:25:17.0229 3304 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:25:17.0234 3304 DcomLaunch - ok
15:25:17.0268 3304 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
15:25:17.0271 3304 defragsvc - ok
15:25:17.0301 3304 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
15:25:17.0302 3304 DfsC - ok
15:25:17.0339 3304 dg_ssudbus (73fc5bc52572084ec1241514cf6230a0) C:\Windows\system32\DRIVERS\ssudbus.sys
15:25:17.0340 3304 dg_ssudbus - ok
15:25:17.0368 3304 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
15:25:17.0371 3304 Dhcp - ok
15:25:17.0460 3304 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:25:17.0460 3304 discache - ok
15:25:17.0546 3304 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:25:17.0548 3304 Disk - ok
15:25:17.0572 3304 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
15:25:17.0575 3304 Dnscache - ok
15:25:17.0622 3304 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
15:25:17.0625 3304 dot3svc - ok
15:25:17.0667 3304 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
15:25:17.0669 3304 Dot4 - ok
15:25:17.0699 3304 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:25:17.0700 3304 Dot4Print - ok
15:25:17.0722 3304 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
15:25:17.0723 3304 dot4usb - ok
15:25:17.0779 3304 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
15:25:17.0781 3304 DPS - ok
15:25:17.0813 3304 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:25:17.0814 3304 drmkaud - ok
15:25:17.0845 3304 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
15:25:17.0852 3304 DXGKrnl - ok
15:25:17.0879 3304 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
15:25:17.0881 3304 EapHost - ok
15:25:18.0013 3304 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:25:18.0103 3304 ebdrv - ok
15:25:18.0232 3304 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
15:25:18.0234 3304 EFS - ok
15:25:18.0286 3304 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
15:25:18.0293 3304 ehRecvr - ok
15:25:18.0323 3304 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
15:25:18.0324 3304 ehSched - ok
15:25:18.0391 3304 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:25:18.0396 3304 elxstor - ok
15:25:18.0429 3304 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
15:25:18.0430 3304 ErrDev - ok
15:25:18.0472 3304 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
15:25:18.0476 3304 EventSystem - ok
15:25:18.0546 3304 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:25:18.0548 3304 exfat - ok
15:25:18.0586 3304 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:25:18.0588 3304 fastfat - ok
15:25:18.0641 3304 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
15:25:18.0647 3304 Fax - ok
15:25:18.0664 3304 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:25:18.0665 3304 fdc - ok
15:25:18.0692 3304 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
15:25:18.0693 3304 fdPHost - ok
15:25:18.0709 3304 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
15:25:18.0710 3304 FDResPub - ok
15:25:18.0741 3304 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:25:18.0742 3304 FileInfo - ok
15:25:18.0759 3304 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:25:18.0760 3304 Filetrace - ok
15:25:18.0780 3304 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:25:18.0781 3304 flpydisk - ok
15:25:18.0822 3304 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:25:18.0824 3304 FltMgr - ok
15:25:18.0874 3304 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
15:25:18.0883 3304 FontCache - ok
15:25:18.0919 3304 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:25:18.0921 3304 FontCache3.0.0.0 - ok
15:25:18.0973 3304 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:25:18.0974 3304 FsDepends - ok
15:25:19.0026 3304 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
15:25:19.0028 3304 fssfltr - ok
15:25:19.0128 3304 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:25:19.0177 3304 fsssvc - ok
15:25:19.0259 3304 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
15:25:19.0260 3304 Fs_Rec - ok
15:25:19.0306 3304 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
15:25:19.0308 3304 fvevol - ok
15:25:19.0384 3304 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:25:19.0386 3304 gagp30kx - ok
15:25:19.0773 3304 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
15:25:19.0795 3304 gpsvc - ok
15:25:19.0923 3304 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:25:19.0926 3304 gupdate - ok
15:25:19.0931 3304 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:25:19.0932 3304 gupdatem - ok
15:25:19.0979 3304 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:25:19.0981 3304 gusvc - ok
15:25:19.0999 3304 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:25:19.0999 3304 hcw85cir - ok
15:25:20.0046 3304 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
15:25:20.0050 3304 HdAudAddService - ok
15:25:20.0077 3304 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
15:25:20.0079 3304 HDAudBus - ok
15:25:20.0096 3304 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:25:20.0097 3304 HidBatt - ok
15:25:20.0125 3304 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:25:20.0127 3304 HidBth - ok
15:25:20.0170 3304 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:25:20.0171 3304 HidIr - ok
15:25:20.0194 3304 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
15:25:20.0195 3304 hidserv - ok
15:25:20.0222 3304 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
15:25:20.0223 3304 HidUsb - ok
15:25:20.0269 3304 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
15:25:20.0271 3304 hkmsvc - ok
15:25:20.0295 3304 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
15:25:20.0298 3304 HomeGroupListener - ok
15:25:20.0333 3304 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
15:25:20.0336 3304 HomeGroupProvider - ok
15:25:20.0358 3304 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
15:25:20.0359 3304 HpSAMD - ok
15:25:20.0414 3304 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
15:25:20.0419 3304 HTTP - ok
15:25:20.0432 3304 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
15:25:20.0432 3304 hwpolicy - ok
15:25:20.0452 3304 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:25:20.0453 3304 i8042prt - ok
15:25:20.0484 3304 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
15:25:20.0488 3304 iaStorV - ok
15:25:20.0566 3304 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:25:20.0575 3304 idsvc - ok
15:25:20.0851 3304 igfx (faf70667be6d1e1ffbacc8d4fc15d645) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:25:20.0972 3304 igfx - ok
15:25:21.0083 3304 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:25:21.0083 3304 iirsp - ok
15:25:21.0138 3304 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
15:25:21.0145 3304 IKEEXT - ok
15:25:21.0172 3304 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
15:25:21.0173 3304 intelide - ok
15:25:21.0198 3304 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:25:21.0199 3304 intelppm - ok
15:25:21.0227 3304 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
15:25:21.0228 3304 IPBusEnum - ok
15:25:21.0250 3304 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:25:21.0251 3304 IpFilterDriver - ok
15:25:21.0280 3304 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
15:25:21.0286 3304 iphlpsvc - ok
15:25:21.0373 3304 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
15:25:21.0378 3304 IPMIDRV - ok
15:25:21.0436 3304 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:25:21.0438 3304 IPNAT - ok
15:25:21.0461 3304 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:25:21.0462 3304 IRENUM - ok
15:25:21.0488 3304 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
15:25:21.0489 3304 isapnp - ok
15:25:21.0525 3304 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
15:25:21.0527 3304 iScsiPrt - ok
15:25:21.0559 3304 k57nd60x (7ea81534e80570bdf6ee4a4248bba4d6) C:\Windows\system32\DRIVERS\k57nd60x.sys
15:25:21.0560 3304 k57nd60x - ok
15:25:21.0582 3304 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:25:21.0583 3304 kbdclass - ok
15:25:21.0641 3304 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
15:25:21.0642 3304 kbdhid - ok
15:25:21.0659 3304 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:25:21.0660 3304 KeyIso - ok
15:25:21.0690 3304 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
15:25:21.0691 3304 KSecDD - ok
15:25:21.0702 3304 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
15:25:21.0703 3304 KSecPkg - ok
15:25:21.0723 3304 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
15:25:21.0729 3304 KtmRm - ok
15:25:21.0818 3304 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
15:25:21.0822 3304 LanmanServer - ok
15:25:21.0856 3304 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
15:25:21.0873 3304 LanmanWorkstation - ok
15:25:21.0917 3304 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:25:21.0917 3304 lltdio - ok
15:25:21.0950 3304 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
15:25:21.0953 3304 lltdsvc - ok
15:25:21.0970 3304 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
15:25:21.0972 3304 lmhosts - ok
15:25:22.0002 3304 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:25:22.0003 3304 LSI_FC - ok
15:25:22.0083 3304 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:25:22.0084 3304 LSI_SAS - ok
15:25:22.0100 3304 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:25:22.0101 3304 LSI_SAS2 - ok
15:25:22.0130 3304 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:25:22.0131 3304 LSI_SCSI - ok
15:25:22.0156 3304 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:25:22.0158 3304 luafv - ok
15:25:22.0215 3304 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
15:25:22.0216 3304 Mcx2Svc - ok
15:25:22.0237 3304 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:25:22.0238 3304 megasas - ok
15:25:22.0256 3304 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:25:22.0259 3304 MegaSR - ok
15:25:22.0314 3304 Microsoft SharePoint Workspace Audit Service - ok
15:25:22.0346 3304 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:25:22.0348 3304 MMCSS - ok
15:25:22.0358 3304 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:25:22.0359 3304 Modem - ok
15:25:22.0388 3304 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:25:22.0389 3304 monitor - ok
15:25:22.0416 3304 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:25:22.0417 3304 mouclass - ok
15:25:22.0461 3304 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:25:22.0461 3304 mouhid - ok
15:25:22.0494 3304 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
15:25:22.0495 3304 mountmgr - ok
15:25:22.0558 3304 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:25:22.0561 3304 MozillaMaintenance - ok
15:25:22.0611 3304 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
15:25:22.0613 3304 MpFilter - ok
15:25:22.0637 3304 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
15:25:22.0639 3304 mpio - ok
15:25:22.0745 3304 MpKsl2e6e2b91 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{73D99B2D-9DAB-40AC-A668-4DF6B3147C0B}\MpKsl2e6e2b91.sys
15:25:22.0746 3304 MpKsl2e6e2b91 - ok
15:25:22.0770 3304 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:25:22.0771 3304 mpsdrv - ok
15:25:22.0813 3304 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
15:25:22.0820 3304 MpsSvc - ok
15:25:22.0835 3304 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
15:25:22.0837 3304 MRxDAV - ok
15:25:22.0875 3304 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:25:22.0877 3304 mrxsmb - ok
15:25:22.0894 3304 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:25:22.0897 3304 mrxsmb10 - ok
15:25:22.0912 3304 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:25:22.0924 3304 mrxsmb20 - ok
15:25:22.0959 3304 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
15:25:22.0960 3304 msahci - ok
15:25:22.0978 3304 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
15:25:22.0980 3304 msdsm - ok
15:25:23.0007 3304 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
15:25:23.0011 3304 MSDTC - ok
15:25:23.0039 3304 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:25:23.0040 3304 Msfs - ok
15:25:23.0054 3304 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:25:23.0055 3304 mshidkmdf - ok
15:25:23.0066 3304 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
15:25:23.0067 3304 msisadrv - ok
15:25:23.0104 3304 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
15:25:23.0107 3304 MSiSCSI - ok
15:25:23.0116 3304 msiserver - ok
15:25:23.0139 3304 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:25:23.0140 3304 MSKSSRV - ok
15:25:23.0212 3304 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:25:23.0212 3304 MsMpSvc - ok
15:25:23.0219 3304 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:25:23.0219 3304 MSPCLOCK - ok
15:25:23.0225 3304 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:25:23.0225 3304 MSPQM - ok
15:25:23.0257 3304 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:25:23.0259 3304 MsRPC - ok
15:25:23.0297 3304 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
15:25:23.0297 3304 mssmbios - ok
15:25:23.0303 3304 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:25:23.0304 3304 MSTEE - ok
15:25:23.0310 3304 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:25:23.0311 3304 MTConfig - ok
15:25:23.0327 3304 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:25:23.0328 3304 Mup - ok
15:25:23.0397 3304 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
15:25:23.0401 3304 napagent - ok
15:25:23.0432 3304 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:25:23.0435 3304 NativeWifiP - ok
15:25:23.0465 3304 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
15:25:23.0472 3304 NDIS - ok
15:25:23.0498 3304 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:25:23.0500 3304 NdisCap - ok
15:25:23.0515 3304 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:25:23.0516 3304 NdisTapi - ok
15:25:23.0548 3304 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
15:25:23.0549 3304 Ndisuio - ok
15:25:23.0559 3304 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
15:25:23.0561 3304 NdisWan - ok
15:25:23.0595 3304 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
15:25:23.0597 3304 NDProxy - ok
15:25:23.0620 3304 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:25:23.0622 3304 NetBIOS - ok
15:25:23.0651 3304 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
15:25:23.0653 3304 NetBT - ok
15:25:23.0682 3304 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:25:23.0683 3304 Netlogon - ok
15:25:23.0720 3304 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
15:25:23.0725 3304 Netman - ok
15:25:23.0746 3304 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
15:25:23.0751 3304 netprofm - ok
15:25:23.0813 3304 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:25:23.0815 3304 NetTcpPortSharing - ok
15:25:23.0849 3304 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:25:23.0850 3304 nfrd960 - ok
15:25:23.0903 3304 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:25:23.0905 3304 NisDrv - ok
15:25:23.0983 3304 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
15:25:23.0986 3304 NisSrv - ok
15:25:24.0020 3304 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
15:25:24.0023 3304 NlaSvc - ok
15:25:24.0041 3304 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:25:24.0042 3304 Npfs - ok
15:25:24.0066 3304 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
15:25:24.0068 3304 nsi - ok
15:25:24.0091 3304 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:25:24.0091 3304 nsiproxy - ok
15:25:24.0143 3304 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
15:25:24.0168 3304  Ntfs - ok
15:25:24.0267 3304 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:25:24.0268 3304 Null - ok
15:25:24.0334 3304 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
15:25:24.0336 3304 nvraid - ok
15:25:24.0381 3304 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
15:25:24.0383 3304 nvstor - ok
15:25:24.0400 3304 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
15:25:24.0402 3304 nv_agp - ok
15:25:24.0416 3304 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
15:25:24.0418 3304 ohci1394 - ok
15:25:24.0486 3304 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:25:24.0490 3304 ose - ok
15:25:24.0625 3304 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:25:24.0720 3304 osppsvc - ok
15:25:24.0810 3304 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:25:24.0815 3304 p2pimsvc - ok
15:25:24.0827 3304 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
15:25:24.0832 3304 p2psvc - ok
15:25:24.0870 3304 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:25:24.0871 3304 Parport - ok
15:25:24.0898 3304 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
15:25:24.0899 3304 partmgr - ok
15:25:25.0075 3304 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:25:25.0075 3304 Parvdm - ok
15:25:25.0087 3304 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
15:25:25.0091 3304 PcaSvc - ok
15:25:25.0122 3304 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
15:25:25.0124 3304 pci - ok
15:25:25.0144 3304 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
15:25:25.0144 3304 pciide - ok
15:25:25.0171 3304 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:25:25.0173 3304 pcmcia - ok
15:25:25.0275 3304 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:25:25.0275 3304 pcw - ok
15:25:25.0324 3304 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:25:25.0330 3304 PEAUTH - ok
15:25:25.0424 3304 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
15:25:25.0453 3304 pla - ok
15:25:25.0521 3304 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
15:25:25.0526 3304 PlugPlay - ok
15:25:25.0553 3304 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
15:25:25.0555 3304 PNRPAutoReg - ok
15:25:25.0568 3304 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
15:25:25.0570 3304 PNRPsvc - ok
15:25:25.0586 3304 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
15:25:25.0590 3304 PolicyAgent - ok
15:25:25.0626 3304 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
15:25:25.0629 3304 Power - ok
15:25:25.0726 3304 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:25:25.0728 3304 PptpMiniport - ok
15:25:25.0742 3304 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:25:25.0744 3304 Processor - ok
15:25:25.0768 3304 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
15:25:25.0771 3304 ProfSvc - ok
15:25:25.0805 3304 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:25:25.0806 3304 ProtectedStorage - ok
15:25:25.0826 3304 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:25:25.0827 3304 Psched - ok
15:25:25.0868 3304 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:25:25.0895 3304 ql2300 - ok
15:25:25.0969 3304 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:25:25.0970 3304 ql40xx - ok
15:25:26.0008 3304 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
15:25:26.0012 3304 QWAVE - ok
15:25:26.0026 3304 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:25:26.0027 3304 QWAVEdrv - ok
15:25:26.0046 3304 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:25:26.0047 3304 RasAcd - ok
15:25:26.0131 3304 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:25:26.0132 3304 RasAgileVpn - ok
15:25:26.0150 3304 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
15:25:26.0153 3304 RasAuto - ok
15:25:26.0188 3304 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:25:26.0189 3304 Rasl2tp - ok
15:25:26.0229 3304 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
15:25:26.0233 3304 RasMan - ok
15:25:26.0246 3304 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:25:26.0247 3304 RasPppoe - ok
15:25:26.0273 3304 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:25:26.0274 3304 RasSstp - ok
15:25:26.0299 3304 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
15:25:26.0302 3304 rdbss - ok
15:25:26.0316 3304 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:25:26.0317 3304 rdpbus - ok
15:25:26.0352 3304 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:25:26.0353 3304 RDPCDD - ok
15:25:26.0378 3304 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:25:26.0378 3304 RDPENCDD - ok
15:25:26.0397 3304 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:25:26.0398 3304 RDPREFMP - ok
15:25:26.0427 3304 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
15:25:26.0430 3304 RDPWD - ok
15:25:26.0481 3304 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
15:25:26.0483 3304 rdyboost - ok
15:25:26.0512 3304 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
15:25:26.0514 3304 RemoteAccess - ok
15:25:26.0531 3304 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
15:25:26.0533 3304 RemoteRegistry - ok
15:25:26.0581 3304 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
15:25:26.0582 3304 RpcEptMapper - ok
15:25:26.0597 3304 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
15:25:26.0600 3304 RpcLocator - ok
15:25:26.0641 3304 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
15:25:26.0645 3304 RpcSs - ok
15:25:26.0663 3304 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:25:26.0665 3304 rspndr - ok
15:25:26.0687 3304 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:25:26.0688 3304 SamSs - ok
15:25:26.0722 3304 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
15:25:26.0724 3304 sbp2port - ok
15:25:26.0752 3304 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
15:25:26.0755 3304 SCardSvr - ok
15:25:26.0777 3304 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
15:25:26.0778 3304 scfilter - ok
15:25:26.0815 3304 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
15:25:26.0824 3304 Schedule - ok
15:25:26.0916 3304 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
15:25:26.0916 3304 SCPolicySvc - ok
15:25:26.0960 3304 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
15:25:26.0962 3304 SDRSVC - ok
15:25:27.0029 3304 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
15:25:27.0042 3304 SeaPort - ok
15:25:27.0088 3304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:25:27.0090 3304 secdrv - ok
15:25:27.0115 3304 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
15:25:27.0117 3304 seclogon - ok
15:25:27.0136 3304 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
15:25:27.0138 3304 SENS - ok
15:25:27.0159 3304 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
15:25:27.0162 3304 SensrSvc - ok
15:25:27.0175 3304 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:25:27.0176 3304 Serenum - ok
15:25:27.0186 3304 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:25:27.0187 3304 Serial - ok
15:25:27.0215 3304 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:25:27.0216 3304 sermouse - ok
15:25:27.0260 3304 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
15:25:27.0263 3304 SessionEnv - ok
15:25:27.0276 3304 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
15:25:27.0277 3304 sffdisk - ok
15:25:27.0293 3304 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
15:25:27.0293 3304 sffp_mmc - ok
15:25:27.0300 3304 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
15:25:27.0301 3304 sffp_sd - ok
15:25:27.0313 3304 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:25:27.0313 3304 sfloppy - ok
15:25:27.0340 3304 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
15:25:27.0345 3304 SharedAccess - ok
15:25:27.0402 3304 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
15:25:27.0406 3304 ShellHWDetection - ok
15:25:27.0427 3304 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
15:25:27.0428 3304 sisagp - ok
15:25:27.0485 3304 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:25:27.0486 3304 SiSRaid2 - ok
15:25:27.0502 3304 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:25:27.0504 3304 SiSRaid4 - ok
15:25:27.0538 3304 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:25:27.0539 3304 Smb - ok
15:25:27.0557 3304 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
15:25:27.0559 3304 SNMPTRAP - ok
15:25:27.0575 3304 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:25:27.0576 3304 spldr - ok
15:25:27.0634 3304 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
15:25:27.0638 3304 Spooler - ok
15:25:27.0742 3304 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
15:25:27.0795 3304 sppsvc - ok
15:25:27.0953 3304 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
15:25:27.0956 3304 sppuinotify - ok
15:25:27.0997 3304 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
15:25:28.0000 3304 srv - ok
15:25:28.0014 3304 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
15:25:28.0017 3304 srv2 - ok
15:25:28.0027 3304 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
15:25:28.0029 3304 srvnet - ok
15:25:28.0048 3304 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
15:25:28.0051 3304 SSDPSRV - ok
15:25:28.0070 3304 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
15:25:28.0073 3304 SstpSvc - ok
15:25:28.0128 3304 ssudmdm (e3d493bfb7cd108ec50b2f560c96367c) C:\Windows\system32\DRIVERS\ssudmdm.sys
15:25:28.0131 3304 ssudmdm - ok
15:25:28.0167 3304 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:25:28.0168 3304 stexstor - ok
15:25:28.0212 3304 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
15:25:28.0227 3304 StiSvc - ok
15:25:28.0260 3304 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
15:25:28.0261 3304 swenum - ok
15:25:28.0322 3304 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
15:25:28.0327 3304 swprv - ok
15:25:28.0399 3304 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
15:25:28.0425 3304 SysMain - ok
15:25:28.0440 3304 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
15:25:28.0442 3304 TabletInputService - ok
15:25:28.0461 3304 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
15:25:28.0464 3304 TapiSrv - ok
15:25:28.0499 3304 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
15:25:28.0501 3304 TBS - ok
15:25:28.0578 3304 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
15:25:28.0615 3304 Tcpip - ok
15:25:28.0694 3304 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
15:25:28.0701 3304 TCPIP6 - ok
15:25:28.0801 3304 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
15:25:28.0802 3304 tcpipreg - ok
15:25:28.0872 3304 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
15:25:28.0873 3304 TDPIPE - ok
15:25:28.0889 3304 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
15:25:28.0890 3304 TDTCP - ok
15:25:28.0925 3304 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
15:25:28.0926 3304 tdx - ok
15:25:28.0957 3304 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
15:25:28.0958 3304 TermDD - ok
15:25:28.0998 3304 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
15:25:29.0005 3304 TermService - ok
15:25:29.0021 3304 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
15:25:29.0024 3304 Themes - ok
15:25:29.0047 3304 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
15:25:29.0048 3304 THREADORDER - ok
15:25:29.0069 3304 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
15:25:29.0071 3304 TrkWks - ok
15:25:29.0115 3304 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
15:25:29.0118 3304 TrustedInstaller - ok
15:25:29.0142 3304 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:25:29.0143 3304 tssecsrv - ok
15:25:29.0182 3304 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
15:25:29.0183 3304 TsUsbFlt - ok
15:25:29.0250 3304 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
15:25:29.0252 3304 tunnel - ok
15:25:29.0283 3304 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:25:29.0284 3304 uagp35 - ok
15:25:29.0316 3304 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
15:25:29.0319 3304 udfs - ok
15:25:29.0358 3304 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
15:25:29.0360 3304 UI0Detect - ok
15:25:29.0406 3304 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
15:25:29.0407 3304 uliagpkx - ok
15:25:29.0429 3304 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
15:25:29.0431 3304 umbus - ok
15:25:29.0451 3304 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:25:29.0452 3304 UmPass - ok
15:25:29.0481 3304 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
15:25:29.0486 3304 upnphost - ok
15:25:29.0530 3304 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
15:25:29.0531 3304 usbccgp - ok
15:25:29.0570 3304 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
15:25:29.0571 3304 usbcir - ok
15:25:29.0595 3304 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
15:25:29.0596 3304 usbehci - ok
15:25:29.0621 3304 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
15:25:29.0625 3304 usbhub - ok
15:25:29.0642 3304 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
15:25:29.0643 3304 usbohci - ok
15:25:29.0692 3304 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:25:29.0693 3304 usbprint - ok
15:25:29.0718 3304 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
15:25:29.0719 3304 usbscan - ok
15:25:29.0794 3304 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:25:29.0796 3304 USBSTOR - ok
15:25:29.0836 3304 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:25:29.0837 3304 usbuhci - ok
15:25:29.0870 3304 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
15:25:29.0870 3304 usb_rndisx - ok
15:25:29.0899 3304 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
15:25:29.0901 3304 UxSms - ok
15:25:29.0950 3304 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
15:25:29.0952 3304 VaultSvc - ok
15:25:29.0989 3304 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
15:25:29.0990 3304 vdrvroot - ok
15:25:30.0039 3304 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
15:25:30.0046 3304 vds - ok
15:25:30.0075 3304 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:25:30.0075 3304 vga - ok
15:25:30.0093 3304 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:25:30.0094 3304 VgaSave - ok
15:25:30.0111 3304 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
15:25:30.0113 3304 vhdmp - ok
15:25:30.0155 3304 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
15:25:30.0156 3304 viaagp - ok
15:25:30.0178 3304 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:25:30.0179 3304 ViaC7 - ok
15:25:30.0208 3304 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
15:25:30.0209 3304 viaide - ok
15:25:30.0230 3304 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
15:25:30.0231 3304 volmgr - ok
15:25:30.0311 3304 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:25:30.0318 3304 volmgrx - ok
15:25:30.0384 3304 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
15:25:30.0387 3304 volsnap - ok
15:25:30.0408 3304 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:25:30.0410 3304 vsmraid - ok
15:25:30.0458 3304 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
15:25:30.0469 3304 VSS - ok
15:25:30.0495 3304 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:25:30.0496 3304 vwifibus - ok
15:25:30.0521 3304 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
15:25:30.0536 3304 W32Time - ok
15:25:30.0563 3304 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:25:30.0564 3304 WacomPen - ok
15:25:30.0613 3304 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:25:30.0614 3304 WANARP - ok
15:25:30.0621 3304 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
15:25:30.0622 3304 Wanarpv6 - ok
15:25:30.0687 3304 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
15:25:30.0713 3304 WatAdminSvc - ok
15:25:30.0898 3304 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
15:25:30.0936 3304 wbengine - ok
15:25:30.0972 3304 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
15:25:30.0976 3304 WbioSrvc - ok
15:25:31.0006 3304 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
15:25:31.0010 3304 wcncsvc - ok
15:25:31.0027 3304 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
15:25:31.0029 3304 WcsPlugInService - ok
15:25:31.0065 3304 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:25:31.0066 3304 Wd - ok
15:25:31.0091 3304 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:25:31.0095 3304 Wdf01000 - ok
15:25:31.0108 3304 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:25:31.0111 3304 WdiServiceHost - ok
15:25:31.0119 3304 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
15:25:31.0121 3304 WdiSystemHost - ok
15:25:31.0223 3304 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
15:25:31.0227 3304 WebClient - ok
15:25:31.0586 3304 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
15:25:31.0589 3304 Wecsvc - ok
15:25:31.0601 3304 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
15:25:31.0603 3304 wercplsupport - ok
15:25:31.0624 3304 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
15:25:31.0626 3304 WerSvc - ok
15:25:31.0643 3304 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:25:31.0644 3304 WfpLwf - ok
15:25:31.0669 3304 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:25:31.0670 3304 WIMMount - ok
15:25:31.0747 3304 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:25:31.0754 3304 WinDefend - ok
15:25:31.0765 3304 WinHttpAutoProxySvc - ok
15:25:31.0811 3304 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
15:25:31.0814 3304 Winmgmt - ok
15:25:31.0894 3304 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
15:25:31.0922 3304 WinRM - ok
15:25:31.0978 3304 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
15:25:31.0987 3304 Wlansvc - ok
15:25:32.0045 3304 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:25:32.0047 3304 wlcrasvc - ok
15:25:32.0188 3304 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:25:32.0225 3304 wlidsvc - ok
15:25:32.0306 3304 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
15:25:32.0307 3304 WmiAcpi - ok
15:25:32.0369 3304 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
15:25:32.0371 3304 wmiApSrv - ok
15:25:32.0468 3304 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:25:32.0495 3304 WMPNetworkSvc - ok
15:25:32.0560 3304 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
15:25:32.0562 3304 WPCSvc - ok
15:25:32.0596 3304 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
15:25:32.0598 3304 WPDBusEnum - ok
15:25:32.0618 3304 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:25:32.0619 3304 ws2ifsl - ok
15:25:32.0636 3304 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
15:25:32.0638 3304 wscsvc - ok
15:25:32.0657 3304 WSearch - ok
15:25:32.0740 3304 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:25:32.0779 3304 wuauserv - ok
15:25:32.0879 3304 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
15:25:32.0881 3304 WudfPf - ok
15:25:32.0904 3304 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:25:32.0906 3304 WUDFRd - ok
15:25:32.0933 3304 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
15:25:32.0936 3304 wudfsvc - ok
15:25:32.0964 3304 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
15:25:32.0967 3304 WwanSvc - ok
15:25:32.0991 3304 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:25:33.0043 3304 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:25:33.0043 3304 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:25:33.0053 3304 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:25:33.0058 3304 \Device\Harddisk1\DR1 - ok
15:25:33.0068 3304 Boot (0x1200) (9fc44734e82f577d0179686971f399e4) \Device\Harddisk0\DR0\Partition0
15:25:33.0069 3304 \Device\Harddisk0\DR0\Partition0 - ok
15:25:33.0078 3304 Boot (0x1200) (ae36d5718f4bbdb4913835b4b83151e6) \Device\Harddisk0\DR0\Partition1
15:25:33.0079 3304 \Device\Harddisk0\DR0\Partition1 - ok
15:25:33.0084 3304 Boot (0x1200) (b9345a731f39f7d7c866da2f43f8549d) \Device\Harddisk1\DR1\Partition0
15:25:33.0086 3304 \Device\Harddisk1\DR1\Partition0 - ok
15:25:33.0096 3304 ============================================================
15:25:33.0096 3304 Scan finished
15:25:33.0096 3304 ============================================================
15:25:33.0118 1332 Detected object count: 1
15:25:33.0118 1332 Actual detected object count: 1
15:25:53.0581 1332 \Device\Harddisk0\DR0\# - copied to quarantine
15:25:53.0581 1332 \Device\Harddisk0\DR0 - copied to quarantine
15:25:53.0606 1332 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:25:53.0624 1332 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:25:53.0627 1332 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:25:53.0630 1332 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:25:53.0634 1332 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:25:53.0689 1332 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:25:53.0695 1332 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:25:53.0696 1332 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:25:53.0697 1332 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:25:53.0698 1332 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:25:53.0701 1332 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:25:53.0704 1332 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:25:53.0705 1332 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:25:53.0706 1332 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:25:53.0731 1332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:25:53.0732 1332 \Device\Harddisk0\DR0 - ok
15:25:54.0469 1332 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
15:26:49.0674 2068 Deinitialize success


----------



## akairi97 (Sep 14, 2010)

21:19:20.0829 0992 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
21:19:21.0173 0992 ============================================================
21:19:21.0173 0992 Current date / time: 2012/08/27 21:19:21.0173
21:19:21.0173 0992 SystemInfo:
21:19:21.0173 0992 
21:19:21.0173 0992 OS Version: 6.1.7601 ServicePack: 1.0
21:19:21.0173 0992 Product type: Workstation
21:19:21.0173 0992 ComputerName: USER-PC
21:19:21.0173 0992 UserName: Andrea
21:19:21.0173 0992 Windows directory: C:\Windows
21:19:21.0173 0992 System windows directory: C:\Windows
21:19:21.0173 0992 Processor architecture: Intel x86
21:19:21.0173 0992 Number of processors: 2
21:19:21.0173 0992 Page size: 0x1000
21:19:21.0173 0992 Boot type: Normal boot
21:19:21.0173 0992 ============================================================
21:19:22.0343 0992 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:19:22.0343 0992 ============================================================
21:19:22.0343 0992 \Device\Harddisk0\DR0:
21:19:22.0343 0992 MBR partitions:
21:19:22.0343 0992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:19:22.0343 0992 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
21:19:22.0343 0992 ============================================================
21:19:22.0374 0992 C: <-> \Device\Harddisk0\DR0\Partition2
21:19:22.0374 0992 ============================================================
21:19:22.0374 0992 Initialize success
21:19:22.0374 0992 ============================================================
21:20:02.0419 4092 ============================================================
21:20:02.0419 4092 Scan started
21:20:02.0419 4092 Mode: Manual; TDLFS; 
21:20:02.0419 4092 ============================================================
21:20:02.0856 4092 ================ Scan system memory ========================
21:20:02.0856 4092 System memory - ok
21:20:02.0856 4092 ================ Scan services =============================
21:20:02.0949 4092 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:20:02.0949 4092 1394ohci - ok
21:20:02.0981 4092 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:20:02.0981 4092 ACPI - ok
21:20:02.0996 4092 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:20:02.0996 4092 AcpiPmi - ok
21:20:03.0043 4092 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:20:03.0043 4092 AdobeARMservice - ok
21:20:03.0137 4092 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:20:03.0137 4092 AdobeFlashPlayerUpdateSvc - ok
21:20:03.0168 4092 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:20:03.0168 4092 adp94xx - ok
21:20:03.0183 4092 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:20:03.0199 4092 adpahci - ok
21:20:03.0199 4092 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:20:03.0199 4092 adpu320 - ok
21:20:03.0230 4092 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:20:03.0230 4092 AeLookupSvc - ok
21:20:03.0261 4092 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:20:03.0261 4092 AFD - ok
21:20:03.0293 4092 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:20:03.0293 4092 agp440 - ok
21:20:03.0308 4092 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:20:03.0324 4092 aic78xx - ok
21:20:03.0339 4092 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:20:03.0339 4092 ALG - ok
21:20:03.0355 4092 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:20:03.0355 4092 aliide - ok
21:20:03.0355 4092 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:20:03.0355 4092 amdagp - ok
21:20:03.0355 4092 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:20:03.0355 4092 amdide - ok
21:20:03.0371 4092 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:20:03.0371 4092 AmdK8 - ok
21:20:03.0386 4092 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:20:03.0386 4092 AmdPPM - ok
21:20:03.0417 4092 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:20:03.0417 4092 amdsata - ok
21:20:03.0433 4092 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:20:03.0433 4092 amdsbs - ok
21:20:03.0449 4092 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:20:03.0449 4092 amdxata - ok
21:20:03.0480 4092 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:20:03.0480 4092 AppID - ok
21:20:03.0495 4092 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:20:03.0495 4092 AppIDSvc - ok
21:20:03.0527 4092 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:20:03.0527 4092 Appinfo - ok
21:20:03.0542 4092 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:20:03.0542 4092 arc - ok
21:20:03.0558 4092 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:20:03.0558 4092 arcsas - ok
21:20:03.0573 4092 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:20:03.0573 4092 AsyncMac - ok
21:20:03.0589 4092 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:20:03.0589 4092 atapi - ok
21:20:03.0620 4092 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:20:03.0636 4092 AudioEndpointBuilder - ok
21:20:03.0636 4092 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:20:03.0636 4092 Audiosrv - ok
21:20:03.0667 4092 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:20:03.0667 4092 AxInstSV - ok
21:20:03.0698 4092 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:20:03.0698 4092 b06bdrv - ok
21:20:03.0714 4092 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:20:03.0729 4092 b57nd60x - ok
21:20:03.0792 4092 [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:20:03.0792 4092 BBSvc - ok
21:20:03.0807 4092 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:20:03.0807 4092 BDESVC - ok
21:20:03.0823 4092 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:20:03.0823 4092 Beep - ok
21:20:03.0870 4092 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:20:03.0870 4092 BFE - ok
21:20:03.0917 4092 BITCOMET_HELPER_SERVICE - ok
21:20:03.0932 4092 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
21:20:03.0932 4092 BITS - ok
21:20:03.0948 4092 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:20:03.0948 4092 blbdrive - ok
21:20:03.0963 4092 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:20:03.0963 4092 bowser - ok
21:20:03.0979 4092 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:20:03.0979 4092 BrFiltLo - ok
21:20:03.0979 4092 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:20:03.0979 4092 BrFiltUp - ok
21:20:04.0010 4092 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:20:04.0010 4092 BridgeMP - ok
21:20:04.0057 4092 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:20:04.0057 4092 Browser - ok
21:20:04.0073 4092 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:20:04.0088 4092 Brserid - ok
21:20:04.0104 4092 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:20:04.0104 4092 BrSerWdm - ok
21:20:04.0119 4092 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:20:04.0119 4092 BrUsbMdm - ok
21:20:04.0119 4092 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:20:04.0119 4092 BrUsbSer - ok
21:20:04.0135 4092 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:20:04.0135 4092 BTHMODEM - ok
21:20:04.0166 4092 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:20:04.0166 4092 bthserv - ok
21:20:04.0229 4092 catchme - ok
21:20:04.0244 4092 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:20:04.0244 4092 cdfs - ok
21:20:04.0291 4092 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:20:04.0291 4092 cdrom - ok
21:20:04.0322 4092 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:20:04.0322 4092 CertPropSvc - ok
21:20:04.0338 4092 CFcatchme - ok
21:20:04.0369 4092 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:20:04.0369 4092 circlass - ok
21:20:04.0400 4092 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:20:04.0400 4092 CLFS - ok
21:20:04.0447 4092 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:20:04.0447 4092 clr_optimization_v2.0.50727_32 - ok
21:20:04.0494 4092 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:20:04.0494 4092 clr_optimization_v4.0.30319_32 - ok
21:20:04.0509 4092 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:20:04.0509 4092 CmBatt - ok
21:20:04.0525 4092 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:20:04.0525 4092 cmdide - ok
21:20:04.0556 4092 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:20:04.0556 4092 CNG - ok
21:20:04.0572 4092 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:20:04.0572 4092 Compbatt - ok
21:20:04.0587 4092 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:20:04.0587 4092 CompositeBus - ok
21:20:04.0603 4092 COMSysApp - ok
21:20:04.0619 4092 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:20:04.0619 4092 crcdisk - ok
21:20:04.0650 4092 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:20:04.0650 4092 CryptSvc - ok
21:20:04.0681 4092 [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
21:20:04.0681 4092 ctxusbm - ok
21:20:04.0712 4092 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:20:04.0712 4092 DcomLaunch - ok
21:20:04.0743 4092 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:20:04.0743 4092 defragsvc - ok
21:20:04.0775 4092 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:20:04.0775 4092 DfsC - ok
21:20:04.0806 4092 [ 73FC5BC52572084EC1241514CF6230A0 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:20:04.0806 4092 dg_ssudbus - ok
21:20:04.0821 4092 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:20:04.0837 4092 Dhcp - ok
21:20:04.0853 4092 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:20:04.0853 4092 discache - ok
21:20:04.0899 4092 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:20:04.0899 4092 Disk - ok
21:20:04.0915 4092 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:20:04.0915 4092 Dnscache - ok
21:20:04.0946 4092 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:20:04.0962 4092 dot3svc - ok
21:20:05.0009 4092 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:20:05.0009 4092 Dot4 - ok
21:20:05.0024 4092 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:20:05.0024 4092 Dot4Print - ok
21:20:05.0024 4092 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:20:05.0024 4092 dot4usb - ok
21:20:05.0055 4092 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:20:05.0055 4092 DPS - ok
21:20:05.0087 4092 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:20:05.0087 4092 drmkaud - ok
21:20:05.0102 4092 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:20:05.0118 4092 DXGKrnl - ok
21:20:05.0133 4092 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:20:05.0133 4092 EapHost - ok
21:20:05.0211 4092 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:20:05.0258 4092 ebdrv - ok
21:20:05.0274 4092 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:20:05.0274 4092 EFS - ok
21:20:05.0336 4092 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:20:05.0336 4092 ehRecvr - ok
21:20:05.0352 4092 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:20:05.0352 4092 ehSched - ok
21:20:05.0383 4092 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:20:05.0383 4092 elxstor - ok
21:20:05.0399 4092 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:20:05.0399 4092 ErrDev - ok
21:20:05.0430 4092 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:20:05.0445 4092 EventSystem - ok
21:20:05.0445 4092 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:20:05.0445 4092 exfat - ok
21:20:05.0477 4092 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:20:05.0477 4092 fastfat - ok
21:20:05.0508 4092 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:20:05.0523 4092 Fax - ok
21:20:05.0523 4092 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:20:05.0523 4092 fdc - ok
21:20:05.0539 4092 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:20:05.0539 4092 fdPHost - ok
21:20:05.0555 4092 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:20:05.0555 4092 FDResPub - ok
21:20:05.0570 4092 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:20:05.0570 4092 FileInfo - ok
21:20:05.0570 4092 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:20:05.0570 4092 Filetrace - ok
21:20:05.0586 4092 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:20:05.0586 4092 flpydisk - ok
21:20:05.0601 4092 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:20:05.0601 4092 FltMgr - ok
21:20:05.0648 4092 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:20:05.0648 4092 FontCache - ok
21:20:05.0679 4092 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:20:05.0679 4092 FontCache3.0.0.0 - ok
21:20:05.0695 4092 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:20:05.0695 4092 FsDepends - ok
21:20:05.0711 4092 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:20:05.0711 4092 fssfltr - ok
21:20:05.0789 4092 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:20:05.0820 4092 fsssvc - ok
21:20:05.0835 4092 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:20:05.0835 4092 Fs_Rec - ok
21:20:05.0867 4092 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:20:05.0867 4092 fvevol - ok
21:20:05.0898 4092 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:20:05.0898 4092 gagp30kx - ok
21:20:05.0929 4092 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:20:05.0945 4092 gpsvc - ok
21:20:05.0991 4092 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:20:05.0991 4092 gupdate - ok
21:20:05.0991 4092 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:20:05.0991 4092 gupdatem - ok
21:20:06.0038 4092 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:20:06.0038 4092 gusvc - ok
21:20:06.0038 4092 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:20:06.0038 4092 hcw85cir - ok
21:20:06.0085 4092 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:20:06.0085 4092 HdAudAddService - ok
21:20:06.0101 4092 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:20:06.0116 4092 HDAudBus - ok
21:20:06.0116 4092 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:20:06.0132 4092 HidBatt - ok
21:20:06.0147 4092 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:20:06.0147 4092 HidBth - ok
21:20:06.0163 4092 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr  C:\Windows\system32\DRIVERS\hidir.sys
21:20:06.0163 4092 HidIr - ok
21:20:06.0179 4092 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
21:20:06.0179 4092 hidserv - ok
21:20:06.0194 4092 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:20:06.0194 4092 HidUsb - ok
21:20:06.0225 4092 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:20:06.0225 4092 hkmsvc - ok
21:20:06.0241 4092 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:20:06.0241 4092 HomeGroupListener - ok
21:20:06.0272 4092 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:20:06.0272 4092 HomeGroupProvider - ok
21:20:06.0303 4092 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:20:06.0303 4092 HpSAMD - ok
21:20:06.0350 4092 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:20:06.0350 4092 HTTP - ok
21:20:06.0366 4092 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:20:06.0381 4092 hwpolicy - ok
21:20:06.0413 4092 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:20:06.0413 4092 i8042prt - ok
21:20:06.0444 4092 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:20:06.0444 4092 iaStorV - ok
21:20:06.0506 4092 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:20:06.0506 4092 idsvc - ok
21:20:06.0631 4092 [ FAF70667BE6D1E1FFBACC8D4FC15D645 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:20:06.0740 4092 igfx - ok
21:20:06.0756 4092 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:20:06.0756 4092 iirsp - ok
21:20:06.0803 4092 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:20:06.0803 4092 IKEEXT - ok
21:20:06.0834 4092 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:20:06.0834 4092 intelide - ok
21:20:06.0849 4092 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:20:06.0849 4092 intelppm - ok
21:20:06.0881 4092 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:20:06.0881 4092 IPBusEnum - ok
21:20:06.0881 4092 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:20:06.0896 4092 IpFilterDriver - ok
21:20:06.0912 4092 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:20:06.0912 4092 iphlpsvc - ok
21:20:06.0927 4092 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:20:06.0927 4092 IPMIDRV - ok
21:20:06.0943 4092 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:20:06.0943 4092 IPNAT - ok
21:20:06.0974 4092 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:20:06.0974 4092 IRENUM - ok
21:20:06.0974 4092 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:20:06.0974 4092 isapnp - ok
21:20:07.0005 4092 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:20:07.0005 4092 iScsiPrt - ok
21:20:07.0037 4092 [ 7EA81534E80570BDF6EE4A4248BBA4D6 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
21:20:07.0037 4092 k57nd60x - ok
21:20:07.0052 4092 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:20:07.0052 4092 kbdclass - ok
21:20:07.0068 4092 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:20:07.0068 4092 kbdhid - ok
21:20:07.0083 4092 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:20:07.0083 4092 KeyIso - ok
21:20:07.0115 4092 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:20:07.0115 4092 KSecDD - ok
21:20:07.0146 4092 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:20:07.0146 4092 KSecPkg - ok
21:20:07.0161 4092 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:20:07.0161 4092 KtmRm - ok
21:20:07.0193 4092 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
21:20:07.0193 4092 LanmanServer - ok
21:20:07.0208 4092 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:20:07.0224 4092 LanmanWorkstation - ok
21:20:07.0255 4092 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:20:07.0255 4092 lltdio - ok
21:20:07.0271 4092 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:20:07.0271 4092 lltdsvc - ok
21:20:07.0286 4092 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:20:07.0286 4092 lmhosts - ok
21:20:07.0302 4092 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:20:07.0302 4092 LSI_FC - ok
21:20:07.0333 4092 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:20:07.0333 4092 LSI_SAS - ok
21:20:07.0349 4092 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:20:07.0349 4092 LSI_SAS2 - ok
21:20:07.0364 4092 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:20:07.0364 4092 LSI_SCSI - ok
21:20:07.0380 4092 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:20:07.0380 4092 luafv - ok
21:20:07.0411 4092 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:20:07.0411 4092 Mcx2Svc - ok
21:20:07.0411 4092 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:20:07.0411 4092 megasas - ok
21:20:07.0442 4092 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:20:07.0442 4092 MegaSR - ok
21:20:07.0473 4092 Microsoft SharePoint Workspace Audit Service - ok
21:20:07.0489 4092 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:20:07.0505 4092 MMCSS - ok
21:20:07.0505 4092 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:20:07.0505 4092 Modem - ok
21:20:07.0536 4092 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:20:07.0536 4092 monitor - ok
21:20:07.0536 4092 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:20:07.0536 4092 mouclass - ok
21:20:07.0551 4092 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:20:07.0551 4092 mouhid - ok
21:20:07.0567 4092 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:20:07.0567 4092 mountmgr - ok
21:20:07.0614 4092 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:20:07.0614 4092 MozillaMaintenance - ok
21:20:07.0645 4092 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:20:07.0645 4092 MpFilter - ok
21:20:07.0676 4092 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:20:07.0676 4092 mpio - ok
21:20:07.0770 4092 [ A69630D039C38018689190234F866D77 ] MpKslacf77589 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D76F5CF7-C576-4FBF-B093-19166D897237}\MpKslacf77589.sys
21:20:07.0770 4092 MpKslacf77589 - ok
21:20:07.0801 4092 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:20:07.0801 4092 mpsdrv - ok
21:20:07.0832 4092 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:20:07.0848 4092 MpsSvc - ok
21:20:07.0863 4092 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:20:07.0863 4092 MRxDAV - ok
21:20:07.0895 4092 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:20:07.0895 4092 mrxsmb - ok
21:20:07.0910 4092 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:20:07.0910 4092 mrxsmb10 - ok
21:20:07.0926 4092 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:20:07.0926 4092 mrxsmb20 - ok
21:20:07.0941 4092 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:20:07.0941 4092 msahci - ok
21:20:07.0957 4092 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:20:07.0957 4092 msdsm - ok
21:20:07.0973 4092 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:20:07.0973 4092 MSDTC - ok
21:20:08.0004 4092 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:20:08.0004 4092 Msfs - ok
21:20:08.0019 4092 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:20:08.0019 4092 mshidkmdf - ok
21:20:08.0035 4092 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:20:08.0035 4092 msisadrv - ok
21:20:08.0051 4092 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:20:08.0066 4092 MSiSCSI - ok
21:20:08.0066 4092 msiserver - ok
21:20:08.0082 4092 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:20:08.0082 4092 MSKSSRV - ok
21:20:08.0144 4092 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:20:08.0144 4092 MsMpSvc - ok
21:20:08.0144 4092 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:20:08.0144 4092 MSPCLOCK - ok
21:20:08.0144 4092 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:20:08.0160 4092 MSPQM - ok
21:20:08.0160 4092 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:20:08.0160 4092 MsRPC - ok
21:20:08.0175 4092 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:20:08.0175 4092 mssmbios - ok
21:20:08.0191 4092 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:20:08.0191 4092 MSTEE - ok
21:20:08.0207 4092 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:20:08.0207 4092 MTConfig - ok
21:20:08.0222 4092 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:20:08.0222 4092 Mup - ok
21:20:08.0238 4092 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:20:08.0253 4092 napagent - ok
21:20:08.0269 4092 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:20:08.0269 4092 NativeWifiP - ok
21:20:08.0300 4092 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:20:08.0316 4092 NDIS - ok
21:20:08.0316 4092 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:20:08.0316 4092 NdisCap - ok
21:20:08.0347 4092 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:20:08.0347 4092 NdisTapi - ok
21:20:08.0363 4092 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:20:08.0363 4092 Ndisuio - ok
21:20:08.0378 4092 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:20:08.0394 4092 NdisWan - ok
21:20:08.0394 4092 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:20:08.0394 4092 NDProxy - ok
21:20:08.0409 4092 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:20:08.0409 4092 NetBIOS - ok
21:20:08.0441 4092 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:20:08.0441 4092 NetBT - ok
21:20:08.0456 4092 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:20:08.0456 4092 Netlogon - ok
21:20:08.0487 4092 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:20:08.0503 4092 Netman - ok
21:20:08.0503 4092 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:20:08.0519 4092 netprofm - ok
21:20:08.0519 4092 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:20:08.0534 4092 NetTcpPortSharing - ok
21:20:08.0550 4092 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:20:08.0550 4092 nfrd960 - ok
21:20:08.0581 4092 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:20:08.0581 4092 NisDrv - ok
21:20:08.0597 4092 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:20:08.0597 4092 NisSrv - ok
21:20:08.0628 4092 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:20:08.0628 4092 NlaSvc - ok
21:20:08.0643 4092 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:20:08.0643 4092 Npfs - ok
21:20:08.0643 4092 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:20:08.0659 4092 nsi - ok
21:20:08.0659 4092 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:20:08.0675 4092 nsiproxy - ok
21:20:08.0706 4092 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:20:08.0737 4092 Ntfs - ok
21:20:08.0753 4092 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:20:08.0753 4092 Null - ok
21:20:08.0768 4092 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:20:08.0784 4092 nvraid - ok
21:20:08.0784 4092 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:20:08.0799 4092 nvstor - ok
21:20:08.0799 4092 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:20:08.0815 4092 nv_agp - ok
21:20:08.0815 4092 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:20:08.0815 4092 ohci1394 - ok
21:20:08.0862 4092 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:20:08.0862 4092 ose - ok
21:20:08.0971 4092 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:20:09.0049 4092 osppsvc - ok
21:20:09.0080 4092 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:20:09.0080 4092 p2pimsvc - ok
21:20:09.0096 4092 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:20:09.0096 4092 p2psvc - ok
21:20:09.0127 4092 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:20:09.0127 4092 Parport - ok
21:20:09.0158 4092 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:20:09.0158 4092 partmgr - ok
21:20:09.0174 4092 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:20:09.0174 4092 Parvdm - ok
21:20:09.0189 4092 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:20:09.0189 4092 PcaSvc - ok
21:20:09.0205 4092 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:20:09.0205 4092 pci - ok
21:20:09.0236 4092 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:20:09.0236 4092 pciide - ok
21:20:09.0252 4092 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:20:09.0252 4092 pcmcia - ok
21:20:09.0252 4092 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:20:09.0252 4092 pcw - ok
21:20:09.0283 4092 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:20:09.0299 4092 PEAUTH - ok
21:20:09.0361 4092 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:20:09.0377 4092 pla - ok
21:20:09.0392 4092 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:20:09.0408 4092 PlugPlay - ok
21:20:09.0423 4092 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:20:09.0423 4092 PNRPAutoReg - ok
21:20:09.0439 4092 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:20:09.0439 4092 PNRPsvc - ok
21:20:09.0455 4092 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:20:09.0455 4092 PolicyAgent - ok
21:20:09.0470 4092 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:20:09.0470 4092 Power - ok
21:20:09.0501 4092 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:20:09.0501 4092 PptpMiniport - ok
21:20:09.0517 4092 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:20:09.0517 4092 Processor - ok
21:20:09.0533 4092 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:20:09.0533 4092 ProfSvc - ok
21:20:09.0548 4092 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:20:09.0548 4092 ProtectedStorage - ok
21:20:09.0564 4092 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:20:09.0564 4092 Psched - ok
21:20:09.0595 4092 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:20:09.0626 4092 ql2300 - ok
21:20:09.0642 4092 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:20:09.0642 4092 ql40xx - ok
21:20:09.0657 4092 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:20:09.0657 4092 QWAVE - ok
21:20:09.0673 4092 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:20:09.0673 4092 QWAVEdrv - ok
21:20:09.0689 4092 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:20:09.0689 4092 RasAcd - ok
21:20:09.0720 4092 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:20:09.0720 4092 RasAgileVpn - ok
21:20:09.0720 4092 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:20:09.0720 4092 RasAuto - ok
21:20:09.0735 4092 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:20:09.0735 4092 Rasl2tp - ok
21:20:09.0782 4092 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:20:09.0798 4092 RasMan - ok
21:20:09.0813 4092 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:20:09.0813 4092 RasPppoe - ok
21:20:09.0813 4092 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:20:09.0829 4092 RasSstp - ok
21:20:09.0860 4092 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:20:09.0860 4092 rdbss - ok
21:20:09.0876 4092 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:20:09.0876 4092 rdpbus - ok
21:20:09.0891 4092 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:20:09.0891 4092 RDPCDD - ok
21:20:09.0923 4092 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:20:09.0923 4092 RDPENCDD - ok
21:20:09.0938 4092 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:20:09.0938 4092 RDPREFMP - ok
21:20:09.0954 4092 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:20:09.0969 4092 RDPWD - ok
21:20:09.0985 4092 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:20:09.0985 4092 rdyboost - ok
21:20:10.0016 4092 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:20:10.0016 4092 RemoteAccess - ok
21:20:10.0047 4092 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:20:10.0047 4092 RemoteRegistry - ok
21:20:10.0063 4092 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:20:10.0063 4092 RpcEptMapper - ok
21:20:10.0079 4092 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:20:10.0079 4092 RpcLocator - ok
21:20:10.0094 4092 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:20:10.0094 4092 RpcSs - ok
21:20:10.0110 4092 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:20:10.0110 4092 rspndr - ok
21:20:10.0125 4092 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:20:10.0125 4092 SamSs - ok
21:20:10.0172 4092 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:20:10.0172 4092 sbp2port - ok
21:20:10.0188 4092 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:20:10.0203 4092 SCardSvr - ok
21:20:10.0219 4092 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:20:10.0219 4092 scfilter - ok
21:20:10.0250 4092 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:20:10.0266 4092 Schedule - ok
21:20:10.0297 4092 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:20:10.0297 4092 SCPolicySvc - ok
21:20:10.0328 4092 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:20:10.0328 4092 SDRSVC - ok
21:20:10.0375 4092 [ 78779EE07231C658B483B1F38B5088DF ] SeaPort C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:20:10.0375 4092 SeaPort - ok
21:20:10.0406 4092 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:20:10.0406 4092 secdrv - ok
21:20:10.0422 4092 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:20:10.0437 4092 seclogon - ok
21:20:10.0453 4092 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
21:20:10.0453 4092 SENS - ok
21:20:10.0484 4092 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:20:10.0484 4092 SensrSvc - ok
21:20:10.0500 4092 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:20:10.0500 4092 Serenum - ok
21:20:10.0515 4092 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:20:10.0515 4092 Serial - ok
21:20:10.0531 4092 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:20:10.0547 4092 sermouse - ok
21:20:10.0578 4092 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:20:10.0578 4092 SessionEnv - ok
21:20:10.0593 4092 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:20:10.0593 4092 sffdisk - ok
21:20:10.0593 4092 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:20:10.0593 4092 sffp_mmc - ok
21:20:10.0609 4092 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:20:10.0609 4092 sffp_sd - ok
21:20:10.0625 4092 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:20:10.0625 4092 sfloppy - ok
21:20:10.0656 4092 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:20:10.0656 4092 SharedAccess - ok
21:20:10.0671 4092 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:20:10.0671 4092 ShellHWDetection - ok
21:20:10.0687 4092 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:20:10.0703 4092 sisagp - ok
21:20:10.0718 4092 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:20:10.0718 4092 SiSRaid2 - ok
21:20:10.0734 4092 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:20:10.0734 4092 SiSRaid4 - ok
21:20:10.0749 4092 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:20:10.0749 4092 Smb - ok
21:20:10.0796 4092 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:20:10.0796 4092 SNMPTRAP - ok
21:20:10.0812 4092 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:20:10.0812 4092 spldr - ok
21:20:10.0937 4092 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:20:10.0952 4092 Spooler - ok
21:20:11.0093 4092 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:20:11.0139 4092 sppsvc - ok
21:20:11.0186 4092 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:20:11.0186 4092 sppuinotify - ok
21:20:11.0202 4092 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:20:11.0217 4092 srv - ok
21:20:11.0217 4092 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:20:11.0233 4092 srv2 - ok
21:20:11.0249 4092 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:20:11.0249 4092 srvnet - ok
21:20:11.0264 4092 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:20:11.0264 4092 SSDPSRV - ok
21:20:11.0280 4092 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:20:11.0280 4092 SstpSvc - ok
21:20:11.0311 4092 [ E3D493BFB7CD108EC50B2F560C96367C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
21:20:11.0311 4092 ssudmdm - ok
21:20:11.0327 4092 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:20:11.0327 4092 stexstor - ok
21:20:11.0373 4092 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:20:11.0389 4092 StiSvc - ok
21:20:11.0420 4092 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:20:11.0420 4092 swenum - ok
21:20:11.0420 4092 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:20:11.0436 4092 swprv - ok
21:20:11.0483 4092 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:20:11.0498 4092 SysMain - ok
21:20:11.0514 4092 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:20:11.0514 4092 TabletInputService - ok
21:20:11.0529 4092 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:20:11.0545 4092 TapiSrv - ok
21:20:11.0545 4092 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:20:11.0561 4092 TBS - ok
21:20:11.0607 4092 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:20:11.0639 4092 Tcpip - ok
21:20:11.0654 4092 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:20:11.0654 4092 TCPIP6 - ok
21:20:11.0685 4092 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:20:11.0685 4092 tcpipreg - ok
21:20:11.0717 4092 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:20:11.0717 4092 TDPIPE - ok
21:20:11.0732 4092 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:20:11.0732 4092 TDTCP - ok
21:20:11.0748 4092 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:20:11.0748 4092 tdx - ok
21:20:11.0779 4092 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:20:11.0779 4092 TermDD - ok
21:20:11.0810 4092 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:20:11.0810 4092 TermService - ok
21:20:11.0826 4092 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:20:11.0841 4092 Themes - ok
21:20:11.0841 4092 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:20:11.0841 4092 THREADORDER - ok
21:20:11.0857 4092 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:20:11.0873 4092 TrkWks - ok
21:20:11.0888 4092 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:20:11.0888 4092 TrustedInstaller - ok
21:20:11.0904 4092 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:20:11.0919 4092 tssecsrv - ok
21:20:11.0951 4092 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:20:11.0951 4092 TsUsbFlt - ok
21:20:11.0982 4092 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:20:11.0982 4092 tunnel - ok
21:20:11.0997 4092 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:20:12.0013 4092 uagp35 - ok
21:20:12.0013 4092 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:20:12.0029 4092 udfs - ok
21:20:12.0044 4092 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:20:12.0060 4092 UI0Detect - ok
21:20:12.0060 4092 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:20:12.0060 4092 uliagpkx - ok
21:20:12.0091 4092 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:20:12.0091 4092 umbus - ok
21:20:12.0107 4092 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:20:12.0107 4092 UmPass - ok
21:20:12.0122 4092 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:20:12.0122 4092 upnphost - ok
21:20:12.0138 4092 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:20:12.0138 4092 usbccgp - ok
21:20:12.0153 4092 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:20:12.0153 4092 usbcir - ok
21:20:12.0169 4092 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:20:12.0169 4092 usbehci - ok
21:20:12.0185 4092 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:20:12.0200 4092 usbhub - ok
21:20:12.0200 4092 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:20:12.0216 4092 usbohci - ok
21:20:12.0231 4092 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:20:12.0231 4092 usbprint - ok
21:20:12.0247 4092 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:20:12.0263 4092 usbscan - ok
21:20:12.0294 4092 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:20:12.0294 4092 USBSTOR - ok
21:20:12.0309 4092 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:20:12.0309 4092 usbuhci - ok
21:20:12.0341 4092 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
21:20:12.0341 4092 usb_rndisx - ok
21:20:12.0356 4092 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:20:12.0356 4092 UxSms - ok
21:20:12.0356 4092 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:20:12.0356 4092 VaultSvc - ok
21:20:12.0372 4092 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:20:12.0372 4092 vdrvroot - ok
21:20:12.0419 4092 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:20:12.0419 4092 vds - ok
21:20:12.0434 4092 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:20:12.0434 4092 vga - ok
21:20:12.0450 4092 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:20:12.0450 4092 VgaSave - ok
21:20:12.0465 4092 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:20:12.0465 4092 vhdmp - ok
21:20:12.0481 4092 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:20:12.0481 4092 viaagp - ok
21:20:12.0497 4092 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:20:12.0497 4092 ViaC7 - ok
21:20:12.0512 4092 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:20:12.0512 4092 viaide - ok
21:20:12.0528 4092 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:20:12.0543 4092 volmgr - ok
21:20:12.0543 4092 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx  C:\Windows\system32\drivers\volmgrx.sys
21:20:12.0543 4092 volmgrx - ok
21:20:12.0590 4092 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:20:12.0590 4092 volsnap - ok
21:20:12.0606 4092 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:20:12.0606 4092 vsmraid - ok
21:20:12.0653 4092 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:20:12.0653 4092 VSS - ok
21:20:12.0684 4092 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:20:12.0684 4092 vwifibus - ok
21:20:12.0699 4092 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:20:12.0715 4092 W32Time - ok
21:20:12.0715 4092 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:20:12.0731 4092 WacomPen - ok
21:20:12.0762 4092 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:20:12.0762 4092 WANARP - ok
21:20:12.0762 4092 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:20:12.0762 4092 Wanarpv6 - ok
21:20:12.0824 4092 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:20:12.0840 4092 WatAdminSvc - ok
21:20:12.0902 4092 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:20:12.0918 4092 wbengine - ok
21:20:12.0933 4092 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:20:12.0949 4092 WbioSrvc - ok
21:20:12.0980 4092 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:20:12.0980 4092 wcncsvc - ok
21:20:12.0996 4092 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:20:12.0996 4092 WcsPlugInService - ok
21:20:13.0011 4092 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:20:13.0011 4092 Wd - ok
21:20:13.0027 4092 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:20:13.0043 4092 Wdf01000 - ok
21:20:13.0058 4092 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:20:13.0058 4092 WdiServiceHost - ok
21:20:13.0058 4092 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:20:13.0058 4092 WdiSystemHost - ok
21:20:13.0074 4092 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:20:13.0089 4092 WebClient - ok
21:20:13.0105 4092 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:20:13.0105 4092 Wecsvc - ok
21:20:13.0121 4092 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:20:13.0121 4092 wercplsupport - ok
21:20:13.0136 4092 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:20:13.0136 4092 WerSvc - ok
21:20:13.0152 4092 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:20:13.0152 4092 WfpLwf - ok
21:20:13.0167 4092 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:20:13.0167 4092 WIMMount - ok
21:20:13.0214 4092 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:20:13.0214 4092 WinDefend - ok
21:20:13.0230 4092 WinHttpAutoProxySvc - ok
21:20:13.0277 4092 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:20:13.0277 4092 Winmgmt - ok
21:20:13.0323 4092 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:20:13.0339 4092 WinRM - ok
21:20:13.0386 4092 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:20:13.0401 4092 Wlansvc - ok
21:20:13.0448 4092 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:20:13.0448 4092 wlcrasvc - ok
21:20:13.0511 4092 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:20:13.0542 4092 wlidsvc - ok
21:20:13.0573 4092 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:20:13.0573 4092 WmiAcpi - ok
21:20:13.0604 4092 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:20:13.0604 4092 wmiApSrv - ok
21:20:13.0651 4092 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:20:13.0682 4092 WMPNetworkSvc - ok
21:20:13.0698 4092 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:20:13.0698 4092 WPCSvc - ok
21:20:13.0729 4092 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:20:13.0729 4092 WPDBusEnum - ok
21:20:13.0760 4092 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:20:13.0760 4092 ws2ifsl - ok
21:20:13.0760 4092 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
21:20:13.0776 4092 wscsvc - ok
21:20:13.0776 4092 WSearch - ok
21:20:13.0823 4092 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:20:13.0869 4092 wuauserv - ok
21:20:13.0869 4092 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:20:13.0885 4092 WudfPf - ok
21:20:13.0916 4092 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:20:13.0916 4092 WUDFRd - ok
21:20:13.0932 4092 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:20:13.0947 4092 wudfsvc - ok
21:20:13.0947 4092 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:20:13.0947 4092 WwanSvc - ok
21:20:13.0963 4092 ================ Scan global ===============================
21:20:13.0979 4092 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:20:13.0994 4092 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:20:14.0010 4092 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
21:20:14.0041 4092 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:20:14.0041 4092 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:20:14.0057 4092 [Global] - ok
21:20:14.0057 4092 ================ Scan MBR ==================================
21:20:14.0057 4092 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:20:14.0244 4092 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:20:14.0244 4092 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:20:14.0244 4092 ================ Scan VBR ==================================
21:20:14.0259 4092 [ 9FC44734E82F577D0179686971F399E4 ] \Device\Harddisk0\DR0\Partition1
21:20:14.0259 4092 \Device\Harddisk0\DR0\Partition1 - ok
21:20:14.0259 4092 [ AE36D5718F4BBDB4913835B4B83151E6 ] \Device\Harddisk0\DR0\Partition2
21:20:14.0275 4092 \Device\Harddisk0\DR0\Partition2 - ok
21:20:14.0275 4092 ============================================================
21:20:14.0275 4092 Scan finished
21:20:14.0275 4092 ============================================================
21:20:14.0275 3204 Detected object count: 1
21:20:14.0275 3204 Actual detected object count: 1
21:20:45.0491 3204 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:20:45.0491 3204 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
21:21:05.0396 3708 Deinitialize success


----------



## akairi97 (Sep 14, 2010)

Im so sorry, it did crate a log from from the adwcleaner and the OTL, they were in my C drive, but her are the results below


----------



## CatByte (Feb 24, 2009)

you can re-run it and delete the TDSS File system now that the bootkit has been cured

21:20:45.0491 3204 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:20:45.0491 3204 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:21:05.0396 3708 Deinitialize success


that should make a big difference,

my apologies for over looking that, I though it had been run already

you should not be getting redirected any more


----------



## akairi97 (Sep 14, 2010)

# AdwCleaner v1.801 - Logfile created 08/27/2012 at 20:47:58
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Andrea - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Users\user\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Andrea\AppData\LocalLow\Conduit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Program Files\Conduit
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Conduit
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v11.0 (en-US)

Profile name : default 
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc767a96c-a90b-47d2-9398-ae8093c6e018%[...]

Profile name : default 
File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2143 octets] - [27/08/2012 20:47:58]

########## EOF - \AdwCleaner[S1].txt - [2271 octets] ##########


----------



## akairi97 (Sep 14, 2010)

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-753190379-2561579638-684410764-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-753190379-2561579638-684410764-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-753190379-2561579638-684410764-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BBC3F5CC-8983-48A8-A88F-091B625C1B39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC3F5CC-8983-48A8-A88F-091B625C1B39}\ not found.
Registry key HKEY_USERS\S-1-5-21-753190379-2561579638-684410764-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Andrea
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2000299 bytes
->FireFox cache emptied: 42002968 bytes
->Flash cache emptied: 598 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 358834 bytes
->Temporary Internet Files folder emptied: 166801735 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 199750862 bytes
->Flash cache emptied: 29202 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28068 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 392.00 mb

OTL by OldTimer - Version 3.2.59.1 log created on 08272012_200805


----------



## CatByte (Feb 24, 2009)

looks good now

did you see my post above? we cross posted


----------



## akairi97 (Sep 14, 2010)

I did, but you want me to re run the TDDkiller again?


----------



## CatByte (Feb 24, 2009)

yes, choose to *delete* the TDSS File system this time


----------



## akairi97 (Sep 14, 2010)

It shows no threats found, Im not sure what to delete


----------



## akairi97 (Sep 14, 2010)

You want to to delete the TDDSKILLER from my desktop along with the logfiles?


----------



## akairi97 (Sep 14, 2010)

I got redirected again to a different site


----------



## akairi97 (Sep 14, 2010)

Sorry about that, I deleted it this time, I forgot to go to the parameters and chk mark the TDS file system


----------



## CatByte (Feb 24, 2009)

did you reboot your computer after the last run with TDSSKiller?

Are you still being redirected?

If so please run aswMBR


Please download *aswMBR.exe* and save it to your desktop.

Double click *aswMBR.exe* to start the tool. 
When asked if you want to download *Avast's* virus definitions please select *Yes*.

Click *Scan*

Upon completion of the scan, click *Save log* and save it to your desktop, and post that log in your next reply for review. * Note - do NOT attempt any Fix yet. *

You will also notice another file created on the desktop named *MBR.dat*. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


----------



## akairi97 (Sep 14, 2010)

It looks like its getting better , but this one issue, im getting redirected to a different site called butterfly something?


----------



## akairi97 (Sep 14, 2010)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-27 21:45:28
-----------------------------
21:45:28.382 OS Version: Windows 6.1.7601 Service Pack 1
21:45:28.382 Number of processors: 2 586 0x170A
21:45:28.382 ComputerName: USER-PC UserName: Andrea
21:45:42.078 Initialize success
21:46:54.402 AVAST engine defs: 12082800
21:48:38.547 The log file has been saved successfully to "C:\aswMBR.txt"


----------



## akairi97 (Sep 14, 2010)

Couldn't find the MBR.DAT. it wasn't on my desktop nor was it in my c drive


----------



## akairi97 (Sep 14, 2010)

should i try to rerun it again to see if will create another file for the desktop?


----------



## CatByte (Feb 24, 2009)

the aswMBR scan did not complete, it does take a long time to download the avast definitions, so please let it run interrupted until it creates the required logs


----------



## akairi97 (Sep 14, 2010)

That AVAST didnt even download, so should i re run it again?


----------



## CatByte (Feb 24, 2009)

yes please, make sure you say "Yes" to the Avast scan


----------



## akairi97 (Sep 14, 2010)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-27 21:45:28
-----------------------------
21:45:28.382 OS Version: Windows 6.1.7601 Service Pack 1
21:45:28.382 Number of processors: 2 586 0x170A
21:45:28.382 ComputerName: USER-PC UserName: Andrea
21:45:42.078 Initialize success
21:46:54.402 AVAST engine defs: 12082800
21:48:38.547 The log file has been saved successfully to "C:\aswMBR.txt"
22:02:43.425 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:02:43.425 Disk 0 Vendor: ST3320418AS CC46 Size: 305245MB BusType: 3
22:02:43.441 Disk 0 MBR read successfully
22:02:43.457 Disk 0 MBR scan
22:02:43.457 Disk 0 Windows 7 default MBR code
22:02:43.472 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:02:43.503 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
22:02:43.535 Disk 0 scanning sectors +625139712
22:02:43.628 Disk 0 scanning C:\Windows\system32\drivers
22:02:57.143 Service scanning
22:03:08.578 Service MpKsl138ece61 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D76F5CF7-C576-4FBF-B093-19166D897237}\MpKsl138ece61.sys **LOCKED** 32
22:03:21.885 Modules scanning
22:03:27.469 Disk 0 trace - called modules:
22:03:27.501 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
22:03:27.501 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85604780]
22:03:27.501 3 CLASSPNP.SYS[88ba859e] -> nt!IofCallDriver -> [0x85144918]
22:03:27.501 5 ACPI.sys[886c33d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x851c0030]
22:03:30.090 AVAST engine scan C:\Windows
22:03:33.772 AVAST engine scan C:\Windows\system32
22:06:50.254 AVAST engine scan C:\Windows\system32\drivers
22:07:05.339 AVAST engine scan C:\Users\Andrea
22:07:40.471 AVAST engine scan C:\ProgramData
22:08:17.817 Scan finished successfully
22:09:10.654 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
22:09:10.717 The log file has been saved successfully to "C:\aswMBR.txt"


----------



## akairi97 (Sep 14, 2010)

Mbr.dat


----------



## CatByte (Feb 24, 2009)

how is the computer running now?

Please re-run ComboFix, allow it to update if it asks to do so


----------



## akairi97 (Sep 14, 2010)

I havent had any problems today.


----------



## CatByte (Feb 24, 2009)

that's great to hear, if the ComboFix run comes back clean, then I would say we have licked it and we can clean up our tools


----------



## akairi97 (Sep 14, 2010)

This log automatically pulled up when I ran the combo fix. It says OTL . See below


----------



## akairi97 (Sep 14, 2010)

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\S-1-5-21-753190379-2561579638-684410764-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-753190379-2561579638-684410764-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-753190379-2561579638-684410764-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BBC3F5CC-8983-48A8-A88F-091B625C1B39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BBC3F5CC-8983-48A8-A88F-091B625C1B39}\ not found.
Registry key HKEY_USERS\S-1-5-21-753190379-2561579638-684410764-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Desktop\cmd.bat deleted successfully.
C:\Users\user\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Andrea
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2000299 bytes
->FireFox cache emptied: 42002968 bytes
->Flash cache emptied: 598 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 358834 bytes
->Temporary Internet Files folder emptied: 166801735 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 199750862 bytes
->Flash cache emptied: 29202 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28068 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 392.00 mb

OTL by OldTimer - Version 3.2.59.1 log created on 08272012_200805

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## akairi97 (Sep 14, 2010)

ComboFix 12-08-28.03 - Andrea 08/28/2012 22:00:57.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1348 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 02:04 . 2012-08-29 02:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-29 02:04 . 2012-08-29 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-29 01:58 . 2012-08-29 02:00 -------- d-----w- C:\32788R22FWJFW
2012-08-28 14:06 . 2012-08-28 14:06 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A43A40D8-8A75-44F6-8F92-A70D501FC374}\offreg.dll
2012-08-28 14:06 . 2012-08-28 14:06 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A43A40D8-8A75-44F6-8F92-A70D501FC374}\MpKsl46363e65.sys
2012-08-28 13:06 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A43A40D8-8A75-44F6-8F92-A70D501FC374}\mpengine.dll
2012-08-28 00:08 . 2012-08-28 00:08 -------- d-----w- C:\_OTL
2012-08-27 23:14 . 2012-08-27 23:14 -------- d-----w- C:\FRST
2012-08-27 06:28 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-27 06:19 . 2012-08-27 06:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-27 06:19 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-27 04:20 . 2012-03-13 04:38 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-08-27 04:20 . 2012-03-13 04:38 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-08-27 04:20 . 2012-03-13 04:38 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-08-27 04:02 . 2012-08-29 02:04 -------- d-----w- c:\users\user\AppData\Local\temp
2012-08-27 03:45 . 2012-08-29 02:04 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2012-08-26 04:39 . 2012-08-26 04:39 -------- d-----w- c:\program files\ESET
2012-08-26 03:53 . 2012-08-26 03:53 -------- d-----w- c:\users\Andrea\AppData\Local\Macromedia
2012-08-15 21:51 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 21:51 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 21:51 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 21:51 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 21:51 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 21:51 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 21:51 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 14:28 . 2012-04-15 20:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:28 . 2012-03-11 00:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-06 12:49 . 2012-06-06 12:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05 . 2012-07-10 23:25 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-10 23:25 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-10 23:25 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 12:49 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 12:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 12:49 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 12:49 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 12:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 12:49 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 12:49 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 12:49 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 12:49 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45 . 2012-07-10 23:25 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-10 23:25 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-10 23:25 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-10 23:25 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-10 23:25 219136 ----a-w- c:\windows\system32\ncrypt.dll
2011-04-25 06:58 . 2011-04-25 06:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 07:48 . 2011-04-25 07:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 07:00 . 2011-04-25 07:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 06:59 . 2011-04-25 06:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 06:58 . 2011-04-25 06:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 06:57 . 2011-04-25 06:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 06:58 . 2011-04-25 06:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 06:58 . 2011-04-25 06:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 06:51 . 2011-04-25 06:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 07:00 . 2011-04-25 07:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-03-13 04:39 . 2012-05-17 10:46 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-03-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 CFcatchme;CFcatchme;c:\users\Andrea\AppData\Local\Temp\CFcatchme.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 MpKsl46363e65;MpKsl46363e65;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A43A40D8-8A75-44F6-8F92-A70D501FC374}\MpKsl46363e65.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 35638108
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL46363E65
*Deregistered* - 35638108
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:28]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-28 22:05:56
ComboFix-quarantined-files.txt 2012-08-29 02:05
ComboFix2.txt 2012-08-27 04:01
ComboFix3.txt 2012-08-26 03:48
.
Pre-Run: 279,653,167,104 bytes free
Post-Run: 279,517,687,808 bytes free
.
- - End Of File - - 91D6429EF6983451C821ECCA6536F3A5


----------



## akairi97 (Sep 14, 2010)

im sorry, I just got redirected for the first time tonight


----------



## CatByte (Feb 24, 2009)

well,

let's keep trying, till we find what is causing this

please run the following:

Download *RogueKiller* to your desktop

1. Quit all running programs
2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
3. The RKreport.txt shall be generated next to the executable.
4. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.


----------



## akairi97 (Sep 14, 2010)

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Andrea [Admin rights]
Mode : Scan -- Date : 08/28/2012 23:12:27

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2d350b8e0071551a3ff8ebcbaa888fc8
[BSP] b1a0a931b5db181832fad937ca9d6359 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## CatByte (Feb 24, 2009)

Please run the following:

Please download *HostsXpert*
 Unzip *HostsXpert* to it's own folder in a convenient place such as *C:\HostsXpert*
 Run: *HostsXpert.exe*
 Click: *Restore MS Hosts File*
 Click: *Replace*
 Click: *OK*
 Click: Make *ReadOnly*
 Close HostsXpert.

then please re-run rogue killer - post the new log


----------



## akairi97 (Sep 14, 2010)

can i close out the rogue killer application? I left it opened and want sure to close it or not


----------



## CatByte (Feb 24, 2009)

yes, go ahead and close it out


----------



## akairi97 (Sep 14, 2010)

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Andrea [Admin rights]
Mode : Scan -- Date : 08/29/2012 23:05:53

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2d350b8e0071551a3ff8ebcbaa888fc8
[BSP] b1a0a931b5db181832fad937ca9d6359 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


----------



## akairi97 (Sep 14, 2010)

Im sorry I took so long, I just got off work, I went ahead and re ran the rogue killer


----------



## akairi97 (Sep 14, 2010)

Good morning, It looks like everything seems fine now. Are there any tips you can give me if this happens again or what I can do to prevent it from happening again?


----------



## CatByte (Feb 24, 2009)

yes, it looks good now,

we just have some housekeeping to do now.

The best thing you can do is just stay away from the obvious - cracks, keygens, peer to peer, torrents, etc. the Web of Trust helps a great deal with that, personally I use Microsoft Security Essentials, Pro version of Malwarebytes, Web of Trust and I'm behind a secure router, you just have to be careful what you download and careful what links you follow.

please do the following:

*Follow these steps to uninstall Combofix *


Make sure your security programs are totally disabled.
Press the *WinKey +R* to open a run box
Now copy/paste *Combofix /uninstall* into the *runbox* and click *OK.* Note the *space* between the *..X* and the */U*, it needs to be there.










*
NEXT*

Clean up with *OTL:*

Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.

*If there are any logs/tools remaining on your desktop > right click and delete them.*

*NEXT*

Below I have included a number of recommendations for how to protect your computer against malware infections.


It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article *
Strong passwords: How to create and use them* Then consider a *password keeper,* to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

*Make Internet Explorer more secure*
Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.

*Download* *TFC* *to your desktop*
Close any open windows.
Double click the *TFC* icon to run the program
TFC *will close all open programs itself* in order to run, 
Click the *Start* button to begin the process. 
Allow *TFC* to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically *reboot your machine,*
if it doesn't, manually reboot to ensure a complete clean
*It's normal after running TFC cleaner that the PC will be slower to boot the first time. *

*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green* to go 
*Yellow* for caution 
*Red* to stop
 WOT has an addon available for both Firefox and IE

*Keep a backup of your important files* - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
*PC Safety and Security--What Do I Need?.*

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.


----------



## akairi97 (Sep 14, 2010)

I follwed the steps, but what about the other install I have on my desktop like the MIni box, hijack this, estest, Gmer and adwcleaner? Do I just delet those?


----------



## CatByte (Feb 24, 2009)

> If there are any logs/tools remaining on your desktop > right click and delete them.


----------



## akairi97 (Sep 14, 2010)

Okay, It seems everything is working now, Thank you for your help


----------



## CatByte (Feb 24, 2009)

you are welcome

stay safe

~CB


----------



## akairi97 (Sep 14, 2010)

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Andrea at 16:41:35 on 2012-09-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1222 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-NGHRV.exe" /REG /REGSVRMODE
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FE040ADA-E6F4-40E1-BA87-88A730D4112C} : DhcpNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\andrea\appdata\roaming\mozilla\firefox\profiles\bgiqxxow.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-1 655944]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-8-6 273960]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-27 22344]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-15 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-4-26 80824]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-3-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-11 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-17 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-4-26 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-3-11 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-3-11 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-09-03 06:47:38 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b1852844-8022-401c-8dca-249d0093feb4}\mpengine.dll
2012-09-02 18:36:56 7022536 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-01 12:12:58 711240 ----a-w- c:\windows\is-NGHRV.exe
2012-08-29 02:05:57 -------- d-----w- c:\users\andrea\appdata\local\temp
2012-08-29 02:05:35 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-27 06:19:23 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-27 06:19:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-27 04:20:49 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-08-27 04:20:49 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-08-27 04:20:49 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-08-26 04:39:56 -------- d-----w- c:\program files\ESET
2012-08-26 03:53:48 -------- d-----w- c:\users\andrea\appdata\local\Macromedia
2012-08-15 21:51:28 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 21:51:27 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 21:51:26 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 21:51:25 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 21:51:24 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 21:51:24 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 21:51:23 769024 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-08-15 14:28:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 14:28:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-06 12:49:52 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
.
============= FINISH: 16:42:19.19 ===============


----------



## CatByte (Feb 24, 2009)

Please do the following:

download Farbar Recovery Scan Tool  and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter *System Recovery Options*.

*To enter System Recovery Options from the Advanced Boot Options:*

Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until Advanced Boot Options appears.
Use the arrow keys to select the *Repair your computer* menu item.
Choose your language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.
*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Choose your language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account an click *Next*.
*On the System Recovery Options menu you will get the following options:*


*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
The notepad opens. Under File menu select *Open*.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type *e:\frst.exe* (for x64 bit version type *e:\frst64*) and press *Enter* 
*Note:* Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click *Yes* to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press *Scan* button.
FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
*services.exe*
now press the *search* button
when the search is complete, search.txt will also be written to your USB
type exit and reboot the computer normally
please copy and paste both logs in your reply.(FRST.txt and Search.txt)


----------



## akairi97 (Sep 14, 2010)

attachment


----------



## akairi97 (Sep 14, 2010)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-03 16:53:40
-----------------------------
16:53:40.682 OS Version: Windows 6.1.7601 Service Pack 1
16:53:40.682 Number of processors: 2 586 0x170A
16:53:40.682 ComputerName: USER-PC UserName: Andrea
16:53:44.614 Initialize success
16:54:45.444 AVAST engine defs: 12090300
16:55:12.822 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:55:12.838 Disk 0 Vendor: ST3320418AS CC46 Size: 305245MB BusType: 3
16:55:12.838 Disk 0 MBR read successfully
16:55:12.838 Disk 0 MBR scan
16:55:12.885 Disk 0 Windows 7 default MBR code
16:55:12.900 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:55:12.931 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
16:55:12.963 Disk 0 scanning sectors +625139712
16:55:13.041 Disk 0 scanning C:\Windows\system32\drivers
16:55:26.129 Service scanning
16:55:38.905 Service MpKslb11a35cf c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B1852844-8022-401C-8DCA-249D0093FEB4}\MpKslb11a35cf.sys **LOCKED** 32
16:55:52.665 Modules scanning
16:55:57.501 Disk 0 trace - called modules:
16:55:57.501 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 
16:55:57.516 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85604a78]
16:55:57.516 3 CLASSPNP.SYS[88b8559e] -> nt!IofCallDriver -> [0x847f5140]
16:55:57.516 5 ACPI.sys[886b33d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84871610]
16:56:01.806 AVAST engine scan C:\Windows
16:56:04.365 AVAST engine scan C:\Windows\system32
16:59:33.218 AVAST engine scan C:\Windows\system32\drivers
16:59:48.896 AVAST engine scan C:\Users\Andrea
17:00:27.475 AVAST engine scan C:\ProgramData
17:01:04.852 Scan finished successfully
17:07:23.637 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
17:07:23.683 The log file has been saved successfully to "C:\aswMBR.txt"


----------



## akairi97 (Sep 14, 2010)

attachment


----------



## akairi97 (Sep 14, 2010)

I had a hard time locating what I be saving and when it automatically saves, I have to search for it. Do I need to change some settings on my PC to make sure that documents can go into the right folders? I also noticed that there are some old reports scattered on my pc too


----------



## akairi97 (Sep 14, 2010)

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 02-09-2012 03
Ran by SYSTEM at 03-09-2012 17:50:36
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US) 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [305088 2011-04-24] (Citrix Systems, Inc.)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3521424 2012-04-03] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Andrea\...\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s [954256 2012-04-03] (Samsung)
HKU\user\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21392 2012-04-03] ()
HKU\user\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-11] (Google Inc.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)
HKLM\...\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-NGHRV.exe" /REG /REGSVRMODE [711240 2012-09-01] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

========================== Services (Whitelisted) ========================

3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [1296728 2010-12-28] (www.BitComet.com)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

==================== Drivers (Whitelisted) ===================

3 k57nd60x; C:\Windows\System32\DRIVERS\k57nd60x.sys [273960 2009-08-06] (Broadcom Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 CFcatchme; \??\C:\Users\Andrea\AppData\Local\Temp\CFcatchme.sys [x]

==================== NetSvcs (Whitelisted) =================

============ One Month Created Files and Folders ==============

2012-09-03 17:50 - 2012-09-03 17:50 - 00000000 ____D C:\FRST
2012-09-03 13:16 - 2012-09-03 13:16 - 00008449 ____A C:\Users\Andrea\Documents\Attach.txt
2012-09-03 13:11 - 2012-09-03 13:11 - 00016446 ____A C:\Users\user\Desktop\DDS.txt
2012-09-03 13:08 - 2012-09-03 13:08 - 00000559 ____A C:\Users\user\Desktop\MBR.zip
2012-09-03 13:07 - 2012-09-03 13:07 - 00002092 ____A C:\Users\user\Desktop\aswMBR.txt
2012-09-03 13:07 - 2012-09-03 13:07 - 00000512 ____A C:\MBR.dat
2012-09-03 12:42 - 2012-09-03 12:51 - 04731392 ____A (AVAST Software) C:\Users\user\Desktop\aswMBR.exe
2012-09-03 12:40 - 2012-09-03 12:40 - 00607260 ____R (Swearware) C:\Users\user\Desktop\dds.com
2012-09-01 09:29 - 2012-09-03 13:16 - 00001529 ____A C:\Users\user\Desktop\Attach.lnk
2012-09-01 04:12 - 2012-09-01 04:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(4).exe
2012-09-01 04:12 - 2012-09-01 04:12 - 00711240 ____A C:\Windows\is-NGHRV.exe
2012-09-01 04:12 - 2012-09-01 04:12 - 00010550 ____A C:\Windows\is-NGHRV.msg
2012-09-01 04:12 - 2012-09-01 04:12 - 00000425 ____A C:\Windows\is-NGHRV.lst
2012-08-30 20:38 - 2012-09-03 03:00 - 00093696 ____A C:\Users\user\Documents\Copy of timesheet1.xls
2012-08-30 20:19 - 2012-08-30 20:22 - 00000000 ____D C:\Users\user\AppData\Roaming\KeePass
2012-08-30 20:17 - 2012-08-30 20:17 - 02196305 ____A (Dominik Reichl ) C:\Users\user\Downloads\KeePass-2.19-Setup.exe
2012-08-30 19:40 - 2012-08-30 19:40 - 00448512 ____A (OldTimer Tools) C:\Users\user\Downloads\TFC.exe
2012-08-27 17:54 - 2012-08-27 17:54 - 00000296 ____A C:\Windows\System32\mbr.log
2012-08-26 22:19 - 2012-09-01 04:13 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-26 22:19 - 2012-09-01 04:12 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-26 22:19 - 2012-07-03 09:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-26 22:18 - 2012-08-26 22:18 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(3).exe
2012-08-26 20:20 - 2012-08-26 20:20 - 16814136 ____A (Mozilla) C:\Users\user\Downloads\Firefox Setup 14.0.1.exe
2012-08-26 20:08 - 2012-08-26 20:08 - 00007118 ____A C:\Users\user\Downloads\Result.txt
2012-08-26 20:07 - 2012-08-26 20:07 - 00751391 ____A (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
2012-08-25 20:39 - 2012-08-25 20:39 - 02322184 ____A (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu(1).exe
2012-08-25 20:39 - 2012-08-25 20:39 - 00000000 ____D C:\Program Files\ESET
2012-08-25 20:37 - 2012-08-25 20:37 - 02322184 ____A (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2012-08-25 20:15 - 2012-08-25 20:15 - 00000825 ____A C:\Users\Andrea\Desktop\American Support Doc - Shortcut.lnk
2012-08-25 19:58 - 2012-08-25 19:58 - 16814136 ____A (Mozilla) C:\Users\Andrea\Downloads\Firefox Setup 14.0.1.exe
2012-08-25 19:53 - 2012-08-25 19:53 - 00000000 ____D C:\Users\Andrea\AppData\Local\Macromedia
2012-08-25 19:51 - 2012-08-25 19:51 - 00000000 __SHD C:\Users\Andrea\Desktop\%APPDATA%
2012-08-25 19:37 - 2012-08-30 19:36 - 00000000 ____D C:\Windows\erdnt
2012-08-15 23:01 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-15 23:01 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-15 23:01 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-15 23:01 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-15 23:01 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-15 23:01 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-15 23:01 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-15 23:01 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-15 23:01 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-15 23:01 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-15 23:01 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-15 23:01 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-15 23:01 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-15 23:01 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-15 13:51 - 2012-07-18 09:47 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-15 13:51 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-15 13:51 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-15 13:51 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-15 13:51 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-15 13:51 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-15 13:51 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-15 13:51 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-14 18:20 - 2012-08-14 18:21 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(2).exe
2012-08-14 15:19 - 2012-08-14 15:19 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(1).exe
2012-08-14 08:00 - 2012-08-14 08:00 - 00000082 ____A C:\Users\user\Desktop\ADP Retirement Services Login.URL
2012-08-14 05:31 - 2012-08-14 05:32 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-11 22:03 - 2012-08-26 19:44 - 00000000 ____D C:\Users\user\AppData\Local\Apps\Apple Computer

============ 3 Months Modified Files ========================

2012-09-03 13:45 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-03 13:45 - 2009-07-13 20:39 - 00076170 ____A C:\Windows\setupact.log
2012-09-03 13:44 - 2012-03-10 15:56 - 01061864 ____A C:\Windows\WindowsUpdate.log
2012-09-03 13:44 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-03 13:44 - 2009-07-13 20:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-03 13:41 - 2012-03-11 17:20 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-09-03 13:28 - 2012-04-15 12:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-03 13:16 - 2012-09-03 13:16 - 00008449 ____A C:\Users\Andrea\Documents\Attach.txt
2012-09-03 13:16 - 2012-09-01 09:29 - 00001529 ____A C:\Users\user\Desktop\Attach.lnk
2012-09-03 13:11 - 2012-09-03 13:11 - 00016446 ____A C:\Users\user\Desktop\DDS.txt
2012-09-03 13:08 - 2012-09-03 13:08 - 00000559 ____A C:\Users\user\Desktop\MBR.zip
2012-09-03 13:07 - 2012-09-03 13:07 - 00002092 ____A C:\Users\user\Desktop\aswMBR.txt
2012-09-03 13:07 - 2012-09-03 13:07 - 00000512 ____A C:\MBR.dat
2012-09-03 12:51 - 2012-09-03 12:42 - 04731392 ____A (AVAST Software) C:\Users\user\Desktop\aswMBR.exe
2012-09-03 12:40 - 2012-09-03 12:40 - 00607260 ____R (Swearware) C:\Users\user\Desktop\dds.com
2012-09-03 12:37 - 2012-03-11 17:20 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-09-03 03:00 - 2012-08-30 20:38 - 00093696 ____A C:\Users\user\Documents\Copy of timesheet1.xls
2012-09-01 04:12 - 2012-09-01 04:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(4).exe
2012-09-01 04:12 - 2012-09-01 04:12 - 00711240 ____A C:\Windows\is-NGHRV.exe
2012-09-01 04:12 - 2012-09-01 04:12 - 00010550 ____A C:\Windows\is-NGHRV.msg
2012-09-01 04:12 - 2012-09-01 04:12 - 00000425 ____A C:\Windows\is-NGHRV.lst
2012-09-01 04:12 - 2012-08-26 22:19 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-30 20:25 - 2012-03-10 15:57 - 00729688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-30 20:17 - 2012-08-30 20:17 - 02196305 ____A (Dominik Reichl ) C:\Users\user\Downloads\KeePass-2.19-Setup.exe
2012-08-30 19:40 - 2012-08-30 19:40 - 00448512 ____A (OldTimer Tools) C:\Users\user\Downloads\TFC.exe
2012-08-30 19:38 - 2012-03-10 20:38 - 00015838 ____A C:\Windows\PFRO.log
2012-08-28 18:05 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-08-27 17:54 - 2012-08-27 17:54 - 00000296 ____A C:\Windows\System32\mbr.log
2012-08-26 22:18 - 2012-08-26 22:18 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(3).exe
2012-08-26 20:20 - 2012-08-26 20:20 - 16814136 ____A (Mozilla) C:\Users\user\Downloads\Firefox Setup 14.0.1.exe
2012-08-26 20:20 - 2012-03-14 20:20 - 00001007 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-26 20:08 - 2012-08-26 20:08 - 00007118 ____A C:\Users\user\Downloads\Result.txt
2012-08-26 20:07 - 2012-08-26 20:07 - 00751391 ____A (Farbar) C:\Users\user\Downloads\MiniToolBox.exe
2012-08-25 20:39 - 2012-08-25 20:39 - 02322184 ____A (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu(1).exe
2012-08-25 20:37 - 2012-08-25 20:37 - 02322184 ____A (ESET) C:\Users\user\Downloads\esetsmartinstaller_enu.exe
2012-08-25 20:15 - 2012-08-25 20:15 - 00000825 ____A C:\Users\Andrea\Desktop\American Support Doc - Shortcut.lnk
2012-08-25 19:58 - 2012-08-25 19:58 - 16814136 ____A (Mozilla) C:\Users\Andrea\Downloads\Firefox Setup 14.0.1.exe
2012-08-16 04:36 - 2009-07-13 20:53 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-16 04:36 - 2009-07-13 20:33 - 00406272 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-15 23:03 - 2012-03-11 08:05 - 59884088 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-08-15 06:28 - 2012-04-15 12:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-15 06:28 - 2012-03-10 16:21 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-14 18:21 - 2012-08-14 18:20 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(2).exe
2012-08-14 15:19 - 2012-08-14 15:19 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300(1).exe
2012-08-14 08:00 - 2012-08-14 08:00 - 00000082 ____A C:\Users\user\Desktop\ADP Retirement Services Login.URL
2012-08-14 05:32 - 2012-08-14 05:31 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-01 05:19 - 2012-08-01 05:19 - 00272384 ____A C:\Users\user\Downloads\DeskInstU.msi
2012-07-24 11:25 - 2012-07-24 11:25 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Andrea\Downloads\tdsskiller.exe
2012-07-24 11:13 - 2012-07-24 11:13 - 00145536 ____A C:\Windows\Minidump\072412-22526-01.dmp
2012-07-24 11:13 - 2012-07-24 05:13 - 254028921 ____A C:\Windows\MEMORY.DMP
2012-07-24 10:40 - 2012-07-24 10:40 - 00145520 ____A C:\Windows\Minidump\072412-15724-01.dmp
2012-07-24 10:36 - 2012-07-24 10:36 - 00145520 ____A C:\Windows\Minidump\072412-20280-01.dmp
2012-07-24 10:32 - 2012-07-24 10:32 - 00145520 ____A C:\Windows\Minidump\072412-19078-01.dmp
2012-07-24 05:26 - 2012-07-24 05:25 - 00145520 ____A C:\Windows\Minidump\072412-29094-01.dmp
2012-07-24 05:19 - 2012-07-24 05:19 - 00145520 ____A C:\Windows\Minidump\072412-18673-01.dmp
2012-07-24 05:15 - 2012-07-24 05:15 - 00145520 ____A C:\Windows\Minidump\072412-14648-01.dmp
2012-07-24 05:13 - 2012-07-24 05:13 - 00145520 ____A C:\Windows\Minidump\072412-16333-01.dmp
2012-07-18 09:47 - 2012-08-15 13:51 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-17 18:14 - 2012-07-17 18:08 - 00000161 ____A C:\Users\user\Desktop\DDS Internet Services - Account Login.URL
2012-07-16 05:53 - 2012-07-10 15:12 - 00001262 ____A C:\Users\Andrea\Desktop\XFINITY Connect.lnk
2012-07-16 05:53 - 2012-07-10 15:12 - 00001234 ____A C:\Users\Andrea\Desktop\Constant Guard Protection Suite.lnk
2012-07-16 05:53 - 2012-07-10 15:12 - 00001228 ____A C:\Users\Andrea\Desktop\XFINITY TV.lnk
2012-07-12 11:25 - 2012-05-23 15:10 - 00000116 ____A C:\Users\user\Desktop\Cable provider number.txt
2012-07-09 09:58 - 2012-07-09 09:58 - 06953928 ____A (Microsoft Corporation) C:\Users\user\Downloads\Silverlight(1).exe
2012-07-04 13:16 - 2012-08-15 13:51 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 13:14 - 2012-08-15 13:51 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 13:14 - 2012-08-15 13:51 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-03 09:46 - 2012-08-26 22:19 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-28 16:52 - 2012-08-15 23:01 - 12317184 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-28 16:27 - 2012-08-15 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-28 16:16 - 2012-08-15 23:01 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-28 16:09 - 2012-08-15 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-28 16:09 - 2012-08-15 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-28 16:08 - 2012-08-15 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-28 16:07 - 2012-08-15 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-28 16:06 - 2012-08-15 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-28 16:04 - 2012-08-15 23:01 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-28 16:04 - 2012-08-15 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-28 16:01 - 2012-08-15 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-28 16:01 - 2012-08-15 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-28 16:00 - 2012-08-15 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-28 15:57 - 2012-08-15 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-28 10:58 - 2012-06-28 10:58 - 00907528 ____A (Sun Microsystems, Inc.) C:\Users\user\Downloads\jre-6u33-windows-i586-iftw.exe
2012-06-28 03:34 - 2012-06-28 03:34 - 00894448 ____A (Oracle Corporation) C:\Users\user\Downloads\jxpiinstall.exe
2012-06-08 20:41 - 2012-07-10 15:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 04:49 - 2012-06-06 04:49 - 01070152 ____A (Microsoft Corporation) C:\Windows\System32\MSCOMCTL.OCX

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-30 19:37:04
Restore point made on: 2012-09-02 10:36:42
Restore point made on: 2012-09-02 15:00:30

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 2012.8 MB
Available physical RAM: 1380.41 MB
Total Pagefile: 2012.8 MB
Available Pagefile: 1382.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:297.99 GB) (Free:266.35 GB) NTFS
3 Drive f: () (Removable) (Total:0.12 GB) (Free:0.01 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B 
Disk 1 Online 121 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 297 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 297 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 121 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 121 MB Healthy

==================================================================================

Last Boot: 2012-08-27 13:11

==================== End Of Log =============================


----------



## akairi97 (Sep 14, 2010)

Farbar Recovery Scan Tool Version: 02-09-2012 03
Ran by SYSTEM at 2012-09-03 17:52:19
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\erdnt\cache\services.exe
[2012-08-25 19:47] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===


----------



## CatByte (Feb 24, 2009)

well, there is nothing showing in the FRST log

let's give TDSSKiller a try:

Please download TDSSKiller.zip

Extract it to your desktop
Double click *TDSSKiller.exe*
when the window opens, click on *Change Parameters*
under *"Additional options"*, put a check mark in the box next to *"Detect TDLFS File System"*
click *OK* 
Press *Start Scan*
If *Malicious objects* are found then ensure *Cure* is selected
If *TDLFS File System/TDSS File system* is found then ensure *Delete* is selected
Then click *Continue* > *Reboot now*

Copy and paste the log in your next reply
_A copy of the log will be saved automatically to the root of the drive (typically C:\)_


----------



## akairi97 (Sep 14, 2010)

It shows no threats found


----------



## CatByte (Feb 24, 2009)

please do the following:

*Router Reset*


Consult this link to find out what is the default username and password of your router and note down them: Router Passwords
Then rest your router to it's factory default settings:
*Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router*. 
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)
*NEXT*
This is the difficult part.
First get to the routers server > type* http:\\192.168.1.1* in the address bar and click Enter. You get the log in window.
Fill in the password you found previously and you will get the configuration page.
Configure the router to allow you to connect to your ISP server. 
In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP should have originally given to you.
You can also call your ISP if you don't have your initial password.
*Don't forget to change the routers default password and set a strong password.* 
Note down the password and keep it somewhere for future reference.

*NEXT*
 Please make sure of the following settings:
Go to start => Control panel => Double-click *Network and Sharing Center*.
In the left window select *Manage network Connection*.
In the right window right-click *Local Area connection* and select *Properties *.
*Internet Protocol Version 6 (IP6v)* should be checked. Double-click on it: Make sure of the following settings:
The option *Obtain an IP address automatically* should be checked.
The option *Obtain DNS server address automatically* should be checked.

Click *OK*.
*Internet Protocol Version 4 (IP4v)* should be checked. Double-click on it.
The option *Obtain an IP address automatically* should be checked.
The option *Obtain DNS server address automatically* should be checked.

Click *OK* twice.
If you should change any setting reboot the computer.


----------



## akairi97 (Sep 14, 2010)

The routers server is not loading at all, it keeps showing connection timed out


----------



## CatByte (Feb 24, 2009)

do you have another computer that you can try and access it with to see if it is your machine or the routers web site?

try this quick reset several times (it sometimes takes two or three times)

Reset your Router:


This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. 
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). 
If you don't know the router's default password, you can look it up. HERE
You also need to reconfigure any security settings you had in place prior to the reset. 
You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.


----------



## akairi97 (Sep 14, 2010)

I don't have another computer to use. Is there a reason why I cant load the routers server page?


----------



## CatByte (Feb 24, 2009)

there may be an issue with the router

what is the make and model


----------



## akairi97 (Sep 14, 2010)

Its an At&t router called Gateway 2wire 3600HGV. It has a pw, SSID and mac address on the bottom of it I purchased it from att when i set up service with them


----------



## akairi97 (Sep 14, 2010)

i have never changed any settings since I had this pc, except for when did some settings for my online job that.


----------



## CatByte (Feb 24, 2009)

to see if it is the router causing the issue, are you able to bypass the router and connect directly through your modem?

Do you still have redirect issues?


----------



## akairi97 (Sep 14, 2010)

i only have the 2wire . i have DSL phone and internet with ATT


----------



## CatByte (Feb 24, 2009)

do they give you a tech support line where you can call them and explain the situation?

we seem to have eliminated any malware at this point

You could try completely uninstalling your browsers, then re-install them without add-ons, then add the add-ons one at a time to see if it's any particular add-on that is causing the issue


----------



## akairi97 (Sep 14, 2010)

Okay, I can do that,


----------



## akairi97 (Sep 14, 2010)

I uninstalled the browser but Im not sure if the add ons were taken off too. I didnt know how to take off the add ons when i uninstalled the browser


----------



## akairi97 (Sep 14, 2010)

there are some addons that have to be updated, should I update them?


----------



## akairi97 (Sep 14, 2010)

java platform has to get updated. When I ran a scan on my anti virus, it pulled up something called java trojan,


----------



## CatByte (Feb 24, 2009)

we removed some bad java code that eset found initially


> C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\29d18562-63c3dfde Java/TrojanDownloader.Agent.NDW trojan
> C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\432013fc-55f1fd37 Java/Exploit.CVE-2012-0507.CK trojan


perhaps there is a particular website that you are visiting that has bad Java code and you have been re-infected.

empty your Java cache again

and Yes, update all the add-ons

then run that ESET online scan again

try uninstalling all the versions of Java that you have on your machine, then re-install the latest Java

http://java.com/en/download/index.jsp

try installing the Web of Trust, it should alert to any bad web sites

*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green* to go 
*Yellow* for caution 
*Red* to stop
 WOT has an addon available for both Firefox and IE


----------



## akairi97 (Sep 14, 2010)

This may sound crazy, but how do I empty my java cache?


----------



## akairi97 (Sep 14, 2010)

I went ahead and uninstalled and reinstalled the java


----------



## CatByte (Feb 24, 2009)

Has that resolved anything? Are you still being redirected?


----------



## akairi97 (Sep 14, 2010)

C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\extensions\[email protected] JS/Redirector.NCA trojan
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\extensions\[email protected] JS/Redirector.NCA trojan


----------



## akairi97 (Sep 14, 2010)

The estscan took so long, sorry about that. But the main browser that i use is FF, I also have IE as my default browser and I dont have an issues with IE. Im only getting redirected on firefox browser


----------



## CatByte (Feb 24, 2009)

Please do the following:

(if you don't have a copy of combofix on your desktop still, download it from here)


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. 
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click* Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box* - *Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
File::
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\e xtensions\[email protected] 
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\ext ensions\[email protected] 

ClearJavaCache::
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')
*
Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File*;
2.Click *Save As*... Change the directory to your *desktop*;
3.Change the* Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save ...*










Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
*ComboFix may request an update; please allow it.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. 
*Copy and paste the contents of the log in your next reply.*

CAUTION: *Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.

Please let me know how the computer is running now


----------



## akairi97 (Sep 14, 2010)

ComboFix 12-09-04.03 - Andrea 09/04/2012 22:01:58.5.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1135 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\e xtensions\[email protected]"
"c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\ext ensions\[email protected]"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 02:06 . 2012-09-05 02:06 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2012-09-05 02:06 . 2012-09-05 02:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-05 02:06 . 2012-09-05 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-04 16:11 . 2012-09-04 16:11 -------- d-----w- c:\program files\Common Files\Java
2012-09-04 16:10 . 2012-09-04 16:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 16:09 . 2012-09-04 16:09 -------- d-----w- c:\programdata\McAfee
2012-09-04 14:07 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4F66450B-131A-4A48-BA00-7FF1427F61CC}\mpengine.dll
2012-09-03 06:47 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-31 04:19 . 2012-08-31 04:22 -------- d-----w- c:\users\user\AppData\Roaming\KeePass
2012-08-27 06:19 . 2012-09-01 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-27 06:19 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-27 04:02 . 2012-09-05 02:06 -------- d-----w- c:\users\user\AppData\Local\temp
2012-08-26 04:39 . 2012-08-26 04:39 -------- d-----w- c:\program files\ESET
2012-08-26 03:53 . 2012-08-26 03:53 -------- d-----w- c:\users\Andrea\AppData\Local\Macromedia
2012-08-15 21:51 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 21:51 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 21:51 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 21:51 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 21:51 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 21:51 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 21:51 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 16:10 . 2012-03-11 00:16 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 14:28 . 2012-04-15 20:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:28 . 2012-03-11 00:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-25 06:58 . 2011-04-25 06:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 07:48 . 2011-04-25 07:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 07:00 . 2011-04-25 07:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 06:59 . 2011-04-25 06:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 06:58 . 2011-04-25 06:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 06:57 . 2011-04-25 06:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 06:58 . 2011-04-25 06:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 06:58 . 2011-04-25 06:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 06:51 . 2011-04-25 06:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 07:00 . 2011-04-25 07:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-08-25 02:01 . 2012-09-04 15:39 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-03-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 CFcatchme;CFcatchme;c:\users\Andrea\AppData\Local\Temp\CFcatchme.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:28]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-04 22:07:13
ComboFix-quarantined-files.txt 2012-09-05 02:07
ComboFix2.txt 2012-09-05 01:40
.
Pre-Run: 284,592,259,072 bytes free
Post-Run: 284,549,050,368 bytes free
.
- - End Of File - - 57ACAB7F7EB1B026159218CDC54EBDF2


----------



## akairi97 (Sep 14, 2010)

It seems to be working good now


----------



## CatByte (Feb 24, 2009)

ok,

before we mark the thread solved, use the PC normally as you would for the next couple of days, visit all the sites you usually would, let's make sure that Java redirector doesn't come back,

remove all the tools as you did previously, then let me know if all is ok in a couple of days


----------



## akairi97 (Sep 14, 2010)

Hello, my pc was working for few days until today, I got redirected to bad site again


----------



## akairi97 (Sep 14, 2010)

Is it because I forgot to remove all the tools?


----------



## CatByte (Feb 24, 2009)

no, I don't imagine that had anything to do with it,

we'll start to check things out again, it may be a particular site that is reinfecting the machine or there may be a left over that the tools haven't caught yet, so let's have another look

please run the following:

Download *AdwCleaner* from  here  and save it to your desktop.

Run *AdwCleaner* and select *Delete*
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply

*NEXT*


Download RogueKiller and save it to your desktop. 
*Quit* all other programs
Start *RogueKiller.exe*
Wait until the *Prescan* has finished ... 
Click on *Scan*








Wait for the end of the scan
A report will be created on your desktop. 
Click on the *Delete* button








Next click on the *ShortcutsFix * 








another report will be created on your desktop.

Please post: *All RKreport.txt* text files located on your desktop.


----------



## akairi97 (Sep 14, 2010)

# AdwCleaner v2.000 - Logfile created 09/07/2012 at 23:58:38
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Andrea - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKU\S-1-5-21-753190379-2561579638-684410764-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default 
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc767a96c-a90b-47d2-9398-ae8093c6e018%[...]

Profile name : default 
File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1745 octets] - [07/09/2012 23:58:38]

########## EOF - \AdwCleaner[S2].txt - [1805 octets] ##########


----------



## akairi97 (Sep 14, 2010)

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Andrea [Admin rights]
Mode : Scan -- Date : 09/08/2012 00:03:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][BLPATH] HKCU\[...]\RunOnce : Report (\AdwCleaner[S2].txt) -> FOUND
[RUN][BLPATH] HKUS\S-1-5-21-753190379-2561579638-684410764-1003[...]\RunOnce : Report (\AdwCleaner[S2].txt) -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320418AS ATA Device +++++
--- User ---
[MBR] 2d350b8e0071551a3ff8ebcbaa888fc8
[BSP] b1a0a931b5db181832fad937ca9d6359 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## akairi97 (Sep 14, 2010)

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Andrea [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/08/2012 00:08:31

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 3 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 86 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 646 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


----------



## CatByte (Feb 24, 2009)

Refer to the *ComboFix User's Guide*


 Download ComboFix from the following location:

*Link *

** IMPORTANT !!! Place ComboFix.exe on your Desktop*

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs *here*

Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
 When finished, it shall produce a log for you. Post that log in your next reply

*Note: 
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.*

---------------------------------------------------------------------------------------------

Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

NOTE: If you encounter a message *"illegal operation attempted on registry key that has been marked for deletion"* and no programs will run - please just reboot and that will resolve that error.


----------



## akairi97 (Sep 14, 2010)

ComboFix 12-09-07.03 - Andrea 09/08/2012 9:18.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1316 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 13:22 . 2012-09-08 13:22 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-08 13:22 . 2012-09-08 13:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-08 06:28 . 2012-09-08 06:28 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7177C6C-BA24-422A-95C8-7599FC064931}\offreg.dll
2012-09-08 06:28 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7177C6C-BA24-422A-95C8-7599FC064931}\mpengine.dll
2012-09-08 00:28 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-05 02:07 . 2012-09-08 13:22 -------- d-----w- c:\users\Andrea\AppData\Local\temp
2012-09-04 16:11 . 2012-09-04 16:11 -------- d-----w- c:\program files\Common Files\Java
2012-09-04 16:10 . 2012-09-04 16:10 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-04 16:09 . 2012-09-04 16:09 -------- d-----w- c:\programdata\McAfee
2012-08-31 04:19 . 2012-08-31 04:22 -------- d-----w- c:\users\user\AppData\Roaming\KeePass
2012-08-27 06:19 . 2012-09-01 12:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-27 06:19 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-27 04:02 . 2012-09-08 13:22 -------- d-----w- c:\users\user\AppData\Local\temp
2012-08-26 03:53 . 2012-08-26 03:53 -------- d-----w- c:\users\Andrea\AppData\Local\Macromedia
2012-08-15 21:51 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 21:51 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 21:51 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 21:51 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 21:51 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 21:51 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 21:51 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 16:10 . 2012-03-11 00:16 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-15 14:28 . 2012-04-15 20:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 14:28 . 2012-03-11 00:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-25 06:58 . 2011-04-25 06:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 07:48 . 2011-04-25 07:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 07:00 . 2011-04-25 07:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 06:59 . 2011-04-25 06:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 06:58 . 2011-04-25 06:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 06:57 . 2011-04-25 06:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 06:58 . 2011-04-25 06:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 06:58 . 2011-04-25 06:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 06:51 . 2011-04-25 06:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 07:00 . 2011-04-25 07:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-08-25 02:01 . 2012-09-04 15:39 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-23 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-23 166424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2012-03-14 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 CFcatchme;CFcatchme;c:\users\Andrea\AppData\Local\Temp\CFcatchme.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 14:28]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
2012-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 01:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate07162012
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-08 09:23:47
ComboFix-quarantined-files.txt 2012-09-08 13:23
.
Pre-Run: 288,811,966,464 bytes free
Post-Run: 288,580,800,512 bytes free
.
- - End Of File - - 377065355DE3EBACDA20DEE7B616C7CC


----------



## CatByte (Feb 24, 2009)

Download *AdwCleaner* from  here  and save it to your desktop.

Run *AdwCleaner* and select *Delete*
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply

*
NEXT*


Please open your *MalwareBytes AntiMalware* Program
Click the *Update Tab* and *search for updates*
If an update is found, it will download and install the latest version.
Once the program has loaded, select* "Perform Quick Scan"*, then click* Scan.*
The scan may take some time to finish, so please be patient.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Make sure that everything is checked, and click *Remove Selected*. <-- very important
When disinfection is completed, a *log* will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
*Copy&Paste the entire report in your next reply.*

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. 


*NEXT*

Go *here* to run an online scanner from *ESET.*

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to *YES, I accept the Terms of Use.*
Click *Start*
When asked, allow the activeX control to install
Click *Start*
Make sure that the option *Remove found threats* is *unticked* and the *Scan Archives* option is ticked.
Click on Advanced Settings, ensure the options *Scan for potentially unwanted applications*, *Scan for potentially unsafe applications*, and *Enable Anti-Stealth Technology* are ticked.
Click *Scan*
Wait for the scan to finish
When the scan completes, press the *LIST OF THREATS FOUND* button
Press *EXPORT TO TEXT FILE *, name the file *ESETSCAN* and save it to your desktop 
Include the contents of this report in your next reply.
Press the *BACK* button.
Press *Finish*


----------



## akairi97 (Sep 14, 2010)

# AdwCleaner v2.000 - Logfile created 09/08/2012 at 12:05:03
# Updated 30/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Andrea - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default 
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bc767a96c-a90b-47d2-9398-ae8093c6e018%[...]

Profile name : default 
File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S3].txt - [1094 octets] - [08/09/2012 12:05:03]

########## EOF - \AdwCleaner[S3].txt - [1154 octets] ##########


----------



## akairi97 (Sep 14, 2010)

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [limited]

Protection: Enabled

9/8/2012 12:08:02 PM
mbam-log-2012-09-08 (12-08-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189256
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## akairi97 (Sep 14, 2010)

C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\extensions\[email protected] JS/Redirector.NCA trojan
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\extensions\[email protected] JS/Redirector.NCA trojan


----------



## CatByte (Feb 24, 2009)

Please do the following:

Please show hidden files and folders:


Close all programs so that you are at your desktop. 
Open the *Control Panel* switch to classic view, then click *Folder Options.* 
After the new window appears select the *View* tab. 
Put a checkmark in the checkbox labeled *Display the contents of system folders. *
Under the *Hidden files and folders* section select the radio button labeled *Show hidden files and folders.* 
Remove the checkmark from the checkbox labeled *Hide file extensions for known file types.* 
Remove the checkmark from the checkbox labeled *Hide protected operating system files.* 
Press the *Apply* button and then the *OK* button and *exit* My Computer. 
Now your computer is configured to show all hidden files. 

Now navigate to the following files:

```
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\extensions\[email protected] 
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\extensions\[email protected]
```
right click and delete those entries

Please let me know if you were able to do that

*NEXT*

Download *OTL* to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select *All Users*
Under the Custom Scan box paste this in
*netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
DRIVES
CREATERESTOREPOINT*
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Post both logs


----------



## akairi97 (Sep 14, 2010)

Im lost as to when you ask me to navigate the files, right click and delete. What am I deleting? Are you referring to those 2 reports that just got displayed on my desktop? Or do I need to copy and paste what is in that code box and paste to the search box in my start menu?


----------



## akairi97 (Sep 14, 2010)

I hope I did this right. I went in and located the files that you had posted in the code box and deleted them. Was that right?


----------



## akairi97 (Sep 14, 2010)

OTL logfile created on: 9/8/2012 2:05:48 PM - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\user\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 66.56% Memory free
3.93 Gb Paging File | 2.90 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 268.40 Gb Free Space | 90.07% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/08 14:04:02 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/08/24 22:00:39 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/04 01:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/04/04 01:05:16 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/04/25 03:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/04/25 03:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 08:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/30 23:48:33 | 000,115,137 | ---- | M] () -- C:\Users\user\AppData\Local\temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
MOD - [2012/06/19 03:07:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/06/19 03:04:37 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/19 03:04:25 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/19 03:04:16 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/06/19 03:04:14 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/05/12 03:35:45 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:35:39 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/05/12 03:08:13 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 03:04:47 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/05/12 03:04:43 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/05/12 03:04:39 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/05/12 03:04:33 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/04/04 01:05:28 | 000,021,392 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Services (SafeList) ==========

SRV - [2012/08/24 22:00:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/15 10:28:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/11 11:45:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrea\AppData\Local\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Andrea\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/24 05:14:42 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/02/24 05:14:42 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/04/25 02:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009/08/06 05:43:52 | 000,273,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate07162012
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/04 15:01:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/01 08:04:16 | 000,000,000 | ---D | M]

[2012/08/25 23:51:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Extensions
[2012/09/08 14:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\extensions
[2012/08/25 23:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\bgiqxxow.default\extensions
[2012/09/04 15:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/24 22:01:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/25 02:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2011/04/25 03:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2011/04/25 02:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2011/04/25 02:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2012/01/12 04:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2011/04/25 03:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2011/04/25 03:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/08/24 22:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/24 22:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/28 16:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\xfinity.xml

O1 HOSTS File: ([2012/09/04 22:06:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\RunOnce: [Report] \AdwCleaner[S3].txt File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE040ADA-E6F4-40E1-BA87-88A730D4112C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll File not found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/08 12:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/08 09:23:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/08 09:23:48 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\temp
[2012/09/08 09:23:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/08 09:17:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/08 09:17:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/08 09:17:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/08 09:17:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/08 00:02:33 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\RK_Quarantine
[2012/09/04 12:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/04 12:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/04 11:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/08/27 02:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/27 02:19:23 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/27 02:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/25 23:53:48 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Macromedia
[2012/08/25 23:51:43 | 000,000,000 | --SD | C] -- C:\Users\Andrea\Desktop\%APPDATA%
[2012/08/25 23:37:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

========== Files - Modified Within 30 Days ==========

[2012/09/08 13:35:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/08 13:28:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/08 12:47:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/08 12:13:47 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 12:13:47 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/08 12:06:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/08 12:05:48 | 1582,931,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/08 00:15:33 | 000,000,906 | ---- | M] () -- C:\Users\Andrea\Desktop\RKreport[3] - Shortcut.lnk
[2012/09/08 00:15:27 | 000,000,906 | ---- | M] () -- C:\Users\Andrea\Desktop\RKreport[1] - Shortcut.lnk
[2012/09/04 22:06:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/04 15:01:52 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/01 08:12:58 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/31 00:25:35 | 000,626,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/31 00:25:35 | 000,107,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/26 00:15:31 | 000,000,825 | ---- | M] () -- C:\Users\Andrea\Desktop\American Support Doc - Shortcut.lnk
[2012/08/16 08:36:28 | 000,406,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/08 09:17:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/08 09:17:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/08 09:17:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/08 09:17:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/08 09:17:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/08 00:15:33 | 000,000,906 | ---- | C] () -- C:\Users\Andrea\Desktop\RKreport[3] - Shortcut.lnk
[2012/09/08 00:15:27 | 000,000,906 | ---- | C] () -- C:\Users\Andrea\Desktop\RKreport[1] - Shortcut.lnk
[2012/09/04 11:40:00 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/04 11:39:59 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/27 02:19:29 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 00:15:31 | 000,000,825 | ---- | C] () -- C:\Users\Andrea\Desktop\American Support Doc - Shortcut.lnk
[2012/04/16 23:59:22 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/03/10 20:10:22 | 000,982,224 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/03/10 20:10:22 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2012/03/10 20:10:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2012/03/10 20:10:20 | 000,092,284 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2012/03/10 20:10:20 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/03/10 20:10:19 | 000,439,336 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/03/10 20:10:19 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/11/29 16:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 16:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/11/29 16:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/11/29 16:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/11/29 16:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== LOP Check ==========

[2012/04/07 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\BitComet
[2012/03/15 03:32:09 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\CometPlayer
[2012/04/07 08:39:51 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ICAClient
[2012/07/24 09:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Samsung
[2012/03/15 03:32:09 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\tigerplayer
[2012/08/16 08:36:37 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 21:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3320418AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 105906176
Hidden sectors: 0

< End of report >


----------



## CatByte (Feb 24, 2009)

you need to delete these entries

C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\7mq0efgw.default\extensions\[email protected] 
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c0kim9dr.default\extensions\[email protected]

they are in a hidden folder, so you will need to show hidden files and folders before you will be able to locate them on your machine

the tools we have used either haven't been able to delete them, or they are regenerating

the .xpi files are likely the source of the redirects and until we can be sure they are off the system for good, then the redirects wont stop

If you can't delete them manually, then I can try with another tool


----------



## akairi97 (Sep 14, 2010)

OTL Extras logfile created on: 9/8/2012 2:05:48 PM - Run 1
OTL by OldTimer - Version 3.2.61.2 Folder = C:\Users\user\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 66.56% Memory free
3.93 Gb Paging File | 2.90 Gb Available in Paging File | 73.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 268.40 Gb Free Space | 90.07% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D173755-E0C2-4929-9C8E-EEA9319CFE0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1AED993C-6F27-4060-9B62-152BD775A436}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1FD8F02F-6CA2-4462-B893-B9055265BB50}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2589B9F9-C29A-41D5-AC54-D00C5B766FC1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{2B164903-0BDC-47B5-A425-98588DD784FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{35837A42-70F2-43D6-AD1D-C7FBAE80FD28}" = lport=137 | protocol=17 | dir=in | app=system | 
"{361F9B2F-6131-41BA-B830-635F0346DA6E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3748DE0A-510D-4CCE-830B-28FA5EB841EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3932F830-7770-459F-8185-6AEDF0110C87}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B305B97-0777-4749-AAC3-35399EAEDF86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{466E2B43-DDC5-4864-9C53-223C55C1C2DF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4742AA2B-371B-4729-9384-7FD1DBC27773}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4AAFC947-FB95-4BA7-A5F5-650EF8C38BBB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50D26E94-7EFA-4053-8DCF-E4506D893159}" = lport=138 | protocol=17 | dir=in | app=system | 
"{560FC7EC-8723-480D-871C-875255C5FFBA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{6CC53BA7-5030-497E-9A26-D4B556415D32}" = lport=26707 | protocol=6 | dir=in | name=bitcomet 26707 tcp | 
"{732EF2BC-7F82-4DFD-8180-3E845A4B9050}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7F5D9CE5-EE3E-47B3-9F01-DC58D1E3BE18}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{8EFCC1F7-9A82-4673-A5A0-CEB8576AE02B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8F19A786-DA37-4670-9F22-E0E114BD29DE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A39A3E68-E4FA-47E6-8DCA-AF81F02AE710}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B6F7E846-02E2-46CB-98A4-306D9400CD88}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B89BB5AD-E1FA-430A-9A3A-1E43BC1AB866}" = lport=26707 | protocol=17 | dir=in | name=bitcomet 26707 udp | 
"{BDB32D27-C839-4548-8638-8BD2C5188405}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C9F26D8B-97DE-4A99-96FD-E87ACBC02066}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E7DA656A-6216-45F1-9054-9A8BF9819472}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E90D4587-F843-4873-8412-3A9A6482FC7C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FEBA4CF4-08A1-454D-91BA-0604F8868A34}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0647D1A6-4F9D-4AE6-99C5-411FF6EB4798}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{15603474-0178-4ED1-A494-FE2AE9CE4241}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3217DEBB-8451-4122-8FEB-EB3FE3CC0B61}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{3937F7E6-FBBD-4640-9E80-B5B9F1F36AC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4FA5CF34-4864-4ACD-9787-017E0455EE1D}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{52444023-0C36-4367-8C8E-3D91A3059FB0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{593B600E-206B-401B-915D-E6EE463BDE57}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{5CF2DFA3-7BDC-41AE-ACAC-59010803159A}" = protocol=1 | dir=in | [email protected],-28543 | 
"{5E664A6E-10A7-46F8-BD8D-3CE317847606}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{656255DA-DE71-4D15-BFCF-DD8E02900649}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{67B3BDAA-8467-4A60-B899-981F8A9F779D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6A43F066-6562-49AE-95B5-62D425B4FA28}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{79B7C347-21EE-4368-AD6D-2700CCB2B2DC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{7A50D593-3D7E-4D36-8A79-D7B38BBC355D}" = protocol=6 | dir=out | app=system | 
"{81196FEF-AAD2-4A96-B299-A8D5905236D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{93522C5E-10E0-4E47-87F6-B3175765F8FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{967E127A-F854-437B-B747-6DE06B280869}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{9D6FDEA8-C965-4A63-BA47-24C719541541}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{B0B29CD3-65AE-4A5E-99A4-C1CD3FAFFDFD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B93C8BA9-CA84-4F4A-8303-B400882D50BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BA61349F-0A2C-49BC-AAE0-14E40B640820}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{BAD3CD28-523C-403D-88E9-ADC8A27DFD9D}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{BBF9B149-81E1-4FB8-8B2D-A1645AF98A06}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D0C85A49-8B17-4109-97F6-508DD8BDF3D4}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{D2EAD531-E6B8-4894-998D-D32DB458DB4C}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{D3C374E0-ECEA-442A-BAF2-6EBBF3A511D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDE5C629-74BA-46D7-B976-851E734E99EF}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{E7252F1C-B68A-4429-9110-B267B8DD4C1B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7AAB08E-B6F5-4682-A3C8-D8A3B235DED5}" = protocol=58 | dir=out | [email protected],-28546 | 
"{F1703282-656D-40F4-85E0-75BBFB670D47}" = protocol=58 | dir=in | [email protected],-28545 | 
"{F37F857E-5CB2-4EF1-B459-C8FC33F8A2C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{54A69C66-43AF-448D-964A-7264739DE414}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{DC21F12E-D9E4-435F-A409-6228409FBF92}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B4C147E8-DBEA-4D52-8050-51A543B2065A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{D7E3DFDB-287B-45DD-B543-E51C54F118AD}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV)
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C28422FB-F2CD-427A-ADED-9F281745CDB2}" = Secure Download Manager
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{DCAEC601-735C-41AE-B84F-D792F09FB7D1}" = WOT for Internet Explorer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web)
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MpcStar" = MpcStar 5.4
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/4/2012 12:04:35 PM | Computer Name = user-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Internet Explorer' could not be shut down.

Error - 9/4/2012 12:05:52 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 9/4/2012 7:01:31 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 9/4/2012 9:57:45 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 9/4/2012 10:09:31 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 9/6/2012 3:01:00 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\PROGRA~1\Citrix\ICACLI~1\MFC80.DLL".Error
in manifest or policy file "C:\PROGRA~1\Citrix\ICACLI~1\Microsoft.VC80.MFCLOC.MANIFEST"
on line 5. Component identity found in manifest does not match the identity of the
component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 9/7/2012 2:57:53 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\PROGRA~1\Citrix\ICACLI~1\MFC80.DLL".Error
in manifest or policy file "C:\PROGRA~1\Citrix\ICACLI~1\Microsoft.VC80.MFCLOC.MANIFEST"
on line 5. Component identity found in manifest does not match the identity of the
component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 9/7/2012 11:59:44 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 9/8/2012 9:27:11 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

Error - 9/8/2012 12:06:05 PM | Computer Name = user-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files\Citrix\ICA
Client\MFC80.DLL".Error in manifest or policy file "C:\Program Files\Citrix\ICA
Client\Microsoft.VC80.MFCLOC.MANIFEST" on line 5. Component identity found in manifest
does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition
is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please
use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 7/24/2012 3:22:59 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 3:22:59 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 7/24/2012 3:29:53 PM | Computer Name = user-PC | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 7/24/2012 3:29:53 PM | Computer Name = user-PC | Source = WMPNetworkSvc | ID = 866317
Description =

Error - 7/24/2012 3:29:53 PM | Computer Name = user-PC | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 7/24/2012 3:29:53 PM | Computer Name = user-PC | Source = WMPNetworkSvc | ID = 866317
Description =

Error - 7/24/2012 3:47:49 PM | Computer Name = user-PC | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 7/24/2012 3:47:49 PM | Computer Name = user-PC | Source = WMPNetworkSvc | ID = 866317
Description =

Error - 7/24/2012 3:47:49 PM | Computer Name = user-PC | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 7/24/2012 3:47:49 PM | Computer Name = user-PC | Source = WMPNetworkSvc | ID = 866317
Description =

< End of report >


----------



## akairi97 (Sep 14, 2010)

I was able to delete them


----------



## akairi97 (Sep 14, 2010)

I also have 2 reports that were put on my desktop after i unchecked the hidden files that says shellclassinfo. Do you know what they are? Should I delete them?


----------



## CatByte (Feb 24, 2009)

ok good

please use the computer as you would normally and advise if the redirects are still occurring


----------



## CatByte (Feb 24, 2009)

please go to this microsoft site and press the FixIt button

http://support.microsoft.com/?id=330132

you can rehide the hidden files and folders now, by clicking restore defaults

Click *Start.*
Open *My Computer.*
Select *Folder and Search Options*
Select the *View Tab.*
Under the *Hidden files and folders* heading select *Hide hidden files and folders.*
Check *Hide file extensions for known file types*
Check the *Hide protected operating system files (recommended)* option.
Click *Yes *to confirm.
Click *OK.*


----------



## akairi97 (Sep 14, 2010)

the fix it button failed. it say it does not operate with my system


----------



## CatByte (Feb 24, 2009)

ok

rehide the system files and folders 

reboot the computer and advise how the computer is running


----------



## akairi97 (Sep 14, 2010)

Good morning, m pc is running great now, Thank you so much. But I do have an issue with my audio icon at the bottom right corner . A few months ago it kept going out and I would have to unplug my speaker and replug it in. I even bought new one but it kept happening again. It used to do it everyday but all of a sudden my audio started working fine, but yesterday it went out twice and I have to keep unplugging it again. Do you know what that can be?


----------



## CatByte (Feb 24, 2009)

check the drivers for your audio in Device Manager,

try uninstalling them, reboot and let windows install them again

then run the windows repair tool, see if that helps

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run *Disk check*










Once that is done then go to step 3 and allow it to run *SFC*










On the the *Start Repairs* tab => Click the *Start*










Click on the *select all* check box and then click on *Start*

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.


----------



## akairi97 (Sep 14, 2010)

i went the the device manager but I have no idea what im looking for and what and how to uninsall


----------



## CatByte (Feb 24, 2009)

hi,

open up the device manager window

expand the tree for "sound, video and game controllers" by clicking on the small arrow to the left

your sound devices should be listed,

right click on the first audio device (if there is more than one) and choose to "update Driver Software" if you are told your drivers are up to date, then right click it again and click "uninstall" then reboot, Windows will reinstall the driver.


----------



## akairi97 (Sep 14, 2010)

oh i see, I had to go to change settings


----------



## akairi97 (Sep 14, 2010)

I clicked on the windows repair but I dont know what to download. I clicked on where it says download the windows repair but it took me to another link that says reimage, is that what im suppose to download?


----------



## CatByte (Feb 24, 2009)

Try this link, the site uses mirrors

http://majorgeeks.com/Tweaking.com_-_Windows_Repair_d7141.html

this will take you to the Major Geeks mirror, so click the download link, wait a few seconds and the download should begin


----------



## akairi97 (Sep 14, 2010)

Hi, I finished the entire process


----------



## CatByte (Feb 24, 2009)

ok good

how is the computer running?


----------



## akairi97 (Sep 14, 2010)

its running great


----------



## CatByte (Feb 24, 2009)

did the windows repair tool fix the audio problem?


----------



## akairi97 (Sep 14, 2010)

I think it has, i mean its working fine


----------



## CatByte (Feb 24, 2009)

ok, good

Clean up with *OTL:*

Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.

if there are any other tools/logs left > right click and delete them


----------



## akairi97 (Sep 14, 2010)

What about the combo fix , tweaking, esten and the adwcleaner? i mean just uninstall them? I dont see combo fix on here anymore, im assuming it uninstalled


----------



## CatByte (Feb 24, 2009)

if you followed the combofix /uninstall procedure I gave you before, it should already be gone.

The other tools can be deleted (right click > delete)


----------



## akairi97 (Sep 14, 2010)

But I see 2 of the tools that are installed on my pc, the tweaking and the estet


----------



## CatByte (Feb 24, 2009)

they should be able to be removed via Programs and Features


----------



## akairi97 (Sep 14, 2010)

ok everything is deleted


----------



## CatByte (Feb 24, 2009)

:up:


----------

