Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Links usually redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Links usually redirected

Unread postby Antny » June 4th, 2012, 8:23 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:26 AM, on 6/4/2012
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MyTomTom 3\MyTomTomSA.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Angel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MyTomTomSA.exe] "C:\Program Files\MyTomTom 3\MyTomTomSA.exe"
O4 - HKCU\..\Run: [omdpe] rundll32.exe "C:\Users\Angel\AppData\Roaming\omdpe.dll",MessageBoxChecked
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7665 bytes
Antny
Active Member
 
Posts: 4
Joined: June 4th, 2012, 7:46 am
Advertisement
Register to Remove

Re: Links usually redirected

Unread postby Gary R » June 4th, 2012, 3:32 pm

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Links usually redirected

Unread postby Gary R » June 4th, 2012, 3:37 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Antny

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


HJT isn't really much use for detecting most modern infections, so I'll need you to run some extra scans for me so I can get some idea of what we're up against.

First

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Change parameters
    • Check Detect TDLFS file system
    • Click OK
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Summary of the logs I need from you in your next post:
  • OTL.txt
  • Extras.txt
  • TDSSKiller log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Links usually redirected

Unread postby Antny » June 5th, 2012, 9:32 am

OTL logfile created on: 6/5/2012 9:11:52 AM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Angel\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.72% Memory free
3.98 Gb Paging File | 3.04 Gb Available in Paging File | 76.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.01 Gb Total Space | 72.61 Gb Free Space | 54.19% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.56 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
Drive F: | 953.72 Mb Total Space | 924.02 Mb Free Space | 96.89% Space Free | Partition Type: FAT

Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/05 09:08:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/14 07:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/07/16 00:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/24 15:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/01/02 00:37:16 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/02 00:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/02 00:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/03 01:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/09/24 05:27:38 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 05:27:30 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 05:27:28 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 05:27:28 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/10 04:36:37 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/10 04:36:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 04:35:26 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 04:35:18 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/11/14 07:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 07:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 07:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 07:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 07:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 07:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 07:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files\MyTomTom 3\QtXml4.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/03/21 15:33:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/04 17:59:59 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/14 07:14:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2009/07/13 21:15:38 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 17:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/02 00:37:08 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/02 00:37:02 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2009/07/13 21:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/07/13 19:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2009/07/13 18:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2008/06/23 08:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/02 00:37:18 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 01:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 01:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/24 05:27:26 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/27 03:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 03:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 03:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.dell.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\..\SearchScopes\{EA515F50-79D1-47D5-807D-900095B9FC7F}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Angel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Angel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Angel\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Angel\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Angel\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Angel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Angel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Angel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-483954587-2297685522-1822080776-1000..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-483954587-2297685522-1822080776-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 165.166.142.42
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B51023C4-D5E9-435E-9557-DC75E4D17D75}: DhcpNameServer = 192.168.0.1 165.166.142.42
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 09:07:58 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2012/06/04 08:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/04 07:55:05 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2012/06/03 21:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/03 07:19:00 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Malwarebytes
[2012/06/03 07:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/02 09:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/02 09:20:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/06/02 09:09:19 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\PSOAInterface
[2012/06/02 09:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E0001508D000A484DA60145BE
[2012/05/25 17:36:04 | 002,127,448 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Angel\Desktop\TDSSKiller.exe
[2012/05/24 21:43:43 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Local\TomTom
[2012/05/24 21:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2012/05/24 21:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2012/05/24 21:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\MyTomTom 3
[2012/05/23 22:08:10 | 000,000,000 | ---D | C] -- C:\Users\Angel\AppData\Roaming\Garmin
[2012/05/23 22:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2012/05/23 22:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/05/23 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2012/05/19 16:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/19 16:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/09 21:56:21 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/09 21:56:20 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/09 21:56:20 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/09 21:46:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/09 21:46:55 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/09 21:46:54 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/09 21:46:54 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/09 21:46:54 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

========== Files - Modified Within 30 Days ==========

[2012/06/05 09:09:45 | 002,127,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Angel\Desktop\TDSSKiller.exe
[2012/06/05 09:09:05 | 002,108,825 | ---- | M] () -- C:\Users\Angel\Desktop\tdsskiller.zip
[2012/06/05 09:08:03 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Angel\Desktop\OTL.exe
[2012/06/05 09:02:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-483954587-2297685522-1822080776-1000UA.job
[2012/06/05 08:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/05 08:02:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-483954587-2297685522-1822080776-1000Core.job
[2012/06/04 10:11:04 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 10:11:04 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/04 10:08:44 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/04 10:08:44 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/04 10:03:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/04 10:03:31 | 1602,781,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/24 00:04:17 | 000,002,401 | ---- | M] () -- C:\Users\Angel\Desktop\Google Chrome.lnk
[2012/05/19 16:47:25 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/10 04:34:35 | 000,308,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/05 09:08:49 | 002,108,825 | ---- | C] () -- C:\Users\Angel\Desktop\tdsskiller.zip
[2012/05/19 16:47:25 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/04/04 15:38:57 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/04/04 15:38:56 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/01/30 09:21:20 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/27 21:36:29 | 000,000,244 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/10/27 21:36:29 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/10/27 21:35:10 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BD9320CW.DAT
[2011/10/27 21:35:05 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/10/27 21:29:46 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/27 21:29:40 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011/10/27 21:29:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/10/27 21:29:36 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/10/27 21:29:35 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC08A.DAT
[2011/10/27 21:28:15 | 000,000,074 | ---- | C] () -- C:\Windows\Brownie.ini
[2011/10/13 19:40:49 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/10/13 14:43:58 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/10/05 11:46:13 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2011/10/05 11:46:13 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2011/10/05 11:46:03 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011/10/03 21:37:56 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2012/05/23 22:08:10 | 000,000,000 | ---D | M] -- C:\Users\Angel\AppData\Roaming\Garmin
[2012/05/22 08:00:18 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(30).TXT
[2012/05/22 08:00:18 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB27473$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
Antny
Active Member
 
Posts: 4
Joined: June 4th, 2012, 7:46 am

Re: Links usually redirected

Unread postby Antny » June 5th, 2012, 9:33 am

OTL Extras logfile created on: 6/5/2012 9:11:52 AM - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Angel\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.72% Memory free
3.98 Gb Paging File | 3.04 Gb Available in Paging File | 76.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.01 Gb Total Space | 72.61 Gb Free Space | 54.19% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 9.56 Gb Free Space | 63.73% Space Free | Partition Type: NTFS
Drive F: | 953.72 Mb Total Space | 924.02 Mb Free Space | 96.89% Space Free | Partition Type: FAT

Computer Name: ANGEL-PC | User Name: Angel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1950D226-47BB-4B08-A432-63A0C1BC9918}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe |
"{2DF7393A-642E-416B-B3FC-1598385996A9}" = rport=445 | protocol=6 | dir=out | app=system |
"{3E4B9732-406A-475F-BF3E-3CDB25784A10}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3F9EA66C-2904-4618-B551-970268FFE19A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{40AAE4CD-0635-4403-9CC4-AC627F0E0B13}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4382B1A6-B84F-48E5-8982-F45CD07BFD75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F35A851-BCBC-498E-8CC6-2E4F17C83C54}" = lport=138 | protocol=17 | dir=in | app=system |
"{7720C619-FD9E-4136-9AF1-ECD40F5E6E46}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CA35231-3616-4CE8-8EE0-54B0D3227F79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FA523CF-9D13-42C3-82B9-7728F34F3BEE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85BF90B8-4C5F-499D-9198-7AC9A94801D9}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe |
"{86EC8CC3-F229-479E-B786-E2A59C97EC85}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9545A53E-CD5C-4836-8AF1-4EA0A2FE473B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FD32482-4C36-4454-A82F-F9E43A1138D5}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{A47DD167-55EE-46DB-9833-AC22C0A979B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{A70E919B-5C62-414D-AD07-95523824590E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD6C908B-FFCD-45EF-B6DC-4E36B736B0F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B086B719-9608-4950-AF2C-9C64DE90FC25}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7F94244-4917-4C5C-ADFB-463500C6A6AA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C0CC6B42-97A8-49E7-A463-0C6FDBAEC998}" = rport=138 | protocol=17 | dir=out | app=system |
"{C45F36EF-95D4-49F7-AB5E-5DFB4660611C}" = rport=139 | protocol=6 | dir=out | app=system |
"{E1EB8F29-DC22-4294-AFB0-6C03EE6F5CE1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2FB46E5-2111-478F-9A27-FDBC1409C0C4}" = lport=139 | protocol=6 | dir=in | app=system |
"{E8CBF29C-D86E-4B8D-A390-7C563665525B}" = lport=137 | protocol=17 | dir=in | app=system |
"{EA96CDB1-1138-419F-8694-C46C567CB956}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC2E8D8F-8C67-46DA-BA58-C57663B540F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FD83E6-4540-492A-B091-C07225F7ACDB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{037953E3-9D3A-40A4-A9CF-2930C3B3B5A6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0F60FFA9-F77D-4039-B301-817247073732}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{315B58B7-6168-4F02-8257-AAE93B568D8D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4049C4B2-1ADF-4FDB-B013-13A31FECB200}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl08j\faxrx.exe |
"{41A2BAD5-3DFC-46DB-9C62-50EBD2D0C71B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{41B697AE-4B39-4D18-9D48-DAB123928914}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{47BAA2D5-83ED-4B4E-8FAB-618E9BFEF834}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6DAD4D59-EFE3-4B30-A594-CD9063702774}" = protocol=6 | dir=out | app=system |
"{70C13ACE-6D56-432D-98E7-3E239AA95D61}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{74737F3D-79AE-4141-A4F5-7680DC8F5A81}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{938E16BD-B508-4EFF-865E-A954CA3B6A07}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl08j\faxrx.exe |
"{9E9A5C4A-CE63-4DD7-9872-80CFEAD0439D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AD10CBDA-4B07-4612-946A-E2975D1C8915}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B0A01A13-8296-49F8-BB40-141E29E38583}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2E68F20-2BC6-4443-BCE3-DFDCF3C52EFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BEB0BFD5-66B7-4BBD-A1D8-C050E327DEE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C318817D-5411-4B0A-ACA2-2C21B534596D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C5660A84-5FCF-4929-9940-F0D30EECEA99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0CE219A-5719-4E19-8BC4-5A054CC3E025}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E82D197F-3158-4A29-9D92-7B7BB67BA9B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEA56984-9FB5-4395-87F5-6C23366B4F4A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FEF865BE-3CC4-4FA8-BA5D-D00060DB8D8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FFC45BAD-03CE-45F2-97AB-B76812288493}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 29
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9B98010C-A6E2-40D4-A69D-7EA024EAEC79}" = e-Sword
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1BBEE16-49B1-42F2-95B8-54C8C6A1C0C3}" = Brother MFL-Pro Suite MFC-9320CW
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"KONICA MINOLTA magicolor 2400W" = KONICA MINOLTA magicolor 2400W
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MyTomTom" = MyTomTom 3.1.0.530
"Picasa 3" = Picasa 3
"TurboTax 2011" = TurboTax 2011
"TVWiz" = Intel(R) TV Wizard

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-483954587-2297685522-1822080776-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/3/2012 6:24:21 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:24:21.185]: [00001888]: GetDeviceIpAddress:
GetAddressByName [BRWEC55F96A01AF] Error

Error - 6/3/2012 6:25:04 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:25:04.041]: [00001888]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.0.3]

Error - 6/3/2012 6:25:04 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:25:04.136]: [00001888]: GetDeviceIpAddress:
GetAddressByName [BRWEC55F96A01AF] Error

Error - 6/3/2012 6:25:34 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:25:34.187]: [00001888]: GetDeviceIpAddress:
GetAddressByName [BRWEC55F96A01AF] Error

Error - 6/3/2012 6:26:17 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:26:17.042]: [00001888]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.0.3]

Error - 6/3/2012 6:26:17 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:26:17.137]: [00001888]: GetDeviceIpAddress:
GetAddressByName [BRWEC55F96A01AF] Error

Error - 6/3/2012 6:26:47 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:26:47.184]: [00001888]: GetDeviceIpAddress:
GetAddressByName [BRWEC55F96A01AF] Error

Error - 6/3/2012 6:27:30 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:27:30.042]: [00001888]: SendSKeySettingToDevice::
Snmp Load Error[-1] To[192.168.0.3]

Error - 6/3/2012 6:27:30 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:27:30.138]: [00001888]: GetDeviceIpAddress:
GetAddressByName [BRWEC55F96A01AF] Error

Error - 6/3/2012 6:28:00 AM | Computer Name = Angel-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/06/03 06:28:00.188]: [00001888]: GetDeviceIpAddress:
GetAddressByName [BRWEC55F96A01AF] Error

[ Broadcom Wireless LAN Events ]
Error - 10/13/2011 2:44:19 PM | Computer Name = Angel-PC | Source = WLAN-Tray | ID = 0
Description = 14:44:18, Thu, Oct 13, 11 Error - Unable to gain access to user store


Error - 1/29/2012 8:29:48 AM | Computer Name = Angel-PC | Source = WLAN-Tray | ID = 0
Description = 07:29:48, Sun, Jan 29, 12 Error - Unable to gain access to user store


Error - 6/4/2012 10:03:48 AM | Computer Name = Angel-PC | Source = WLAN-Tray | ID = 0
Description = 10:03:47, Mon, Jun 04, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 5/29/2012 4:14:45 PM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 4:14:40 PM - Error connecting to the internet. 4:14:40 PM - Unable
to contact server..

Error - 5/29/2012 5:15:24 PM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 5:15:23 PM - Error connecting to the internet. 5:15:23 PM - Unable
to contact server..

Error - 5/29/2012 6:16:03 PM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 6:16:03 PM - Error connecting to the internet. 6:16:03 PM - Unable
to contact server..

Error - 5/29/2012 7:16:43 PM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 7:16:42 PM - Error connecting to the internet. 7:16:42 PM - Unable
to contact server..

Error - 6/3/2012 4:22:33 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 4:22:33 AM - Error connecting to the internet. 4:22:33 AM - Unable
to contact server..

Error - 6/3/2012 4:22:43 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 4:22:38 AM - Error connecting to the internet. 4:22:38 AM - Unable
to contact server..

Error - 6/3/2012 5:22:47 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 5:22:47 AM - Error connecting to the internet. 5:22:47 AM - Unable
to contact server..

Error - 6/3/2012 5:22:53 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 5:22:52 AM - Error connecting to the internet. 5:22:52 AM - Unable
to contact server..

Error - 6/3/2012 6:22:57 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 6:22:57 AM - Error connecting to the internet. 6:22:57 AM - Unable
to contact server..

Error - 6/3/2012 6:23:03 AM | Computer Name = Angel-PC | Source = MCUpdate | ID = 0
Description = 6:23:02 AM - Error connecting to the internet. 6:23:02 AM - Unable
to contact server..

[ System Events ]
Error - 10/28/2011 7:28:17 AM | Computer Name = Angel-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 10/28/2011 7:28:18 AM | Computer Name = Angel-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR3.

Error - 11/3/2011 5:53:14 PM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 11/6/2011 10:35:41 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 11/19/2011 9:49:37 AM | Computer Name = Angel-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 11/19/2011 9:49:54 AM | Computer Name = Angel-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/19/2011 9:49:55 AM | Computer Name = Angel-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/19/2011 9:49:55 AM | Computer Name = Angel-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/19/2011 9:49:56 AM | Computer Name = Angel-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.

Error - 11/19/2011 9:49:56 AM | Computer Name = Angel-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR7.


< End of report >
Antny
Active Member
 
Posts: 4
Joined: June 4th, 2012, 7:46 am

Re: Links usually redirected

Unread postby Antny » June 5th, 2012, 9:39 am

09:35:04.0671 3860 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
09:35:05.0270 3860 ============================================================
09:35:05.0270 3860 Current date / time: 2012/06/05 09:35:05.0270
09:35:05.0270 3860 SystemInfo:
09:35:05.0270 3860
09:35:05.0280 3860 OS Version: 6.1.7600 ServicePack: 0.0
09:35:05.0280 3860 Product type: Workstation
09:35:05.0280 3860 ComputerName: ANGEL-PC
09:35:05.0280 3860 UserName: Angel
09:35:05.0280 3860 Windows directory: C:\Windows
09:35:05.0280 3860 System windows directory: C:\Windows
09:35:05.0280 3860 Processor architecture: Intel x86
09:35:05.0280 3860 Number of processors: 2
09:35:05.0280 3860 Page size: 0x1000
09:35:05.0280 3860 Boot type: Normal boot
09:35:05.0280 3860 ============================================================
09:35:05.0907 3860 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:35:05.0922 3860 Drive \Device\Harddisk1\DR1 - Size: 0x3BA00000 (0.93 Gb), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
09:35:05.0923 3860 ============================================================
09:35:05.0923 3860 \Device\Harddisk0\DR0:
09:35:05.0923 3860 MBR partitions:
09:35:05.0923 3860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1E00000
09:35:05.0923 3860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E14000, BlocksNum 0x10C05000
09:35:05.0923 3860 \Device\Harddisk1\DR1:
09:35:05.0924 3860 MBR partitions:
09:35:05.0924 3860 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1DCFE0
09:35:05.0924 3860 ============================================================
09:35:05.0955 3860 C: <-> \Device\Harddisk0\DR0\Partition1
09:35:05.0984 3860 D: <-> \Device\Harddisk0\DR0\Partition0
09:35:05.0984 3860 ============================================================
09:35:05.0984 3860 Initialize success
09:35:05.0985 3860 ============================================================
09:35:12.0556 4608 ============================================================
09:35:12.0556 4608 Scan started
09:35:12.0556 4608 Mode: Manual; TDLFS;
09:35:12.0556 4608 ============================================================
09:35:15.0042 4608 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
09:35:15.0047 4608 1394ohci - ok
09:35:15.0144 4608 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
09:35:15.0149 4608 ACPI - ok
09:35:15.0200 4608 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
09:35:15.0201 4608 AcpiPmi - ok
09:35:15.0319 4608 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:35:15.0322 4608 AdobeARMservice - ok
09:35:15.0462 4608 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:35:15.0468 4608 AdobeFlashPlayerUpdateSvc - ok
09:35:15.0568 4608 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
09:35:15.0579 4608 adp94xx - ok
09:35:15.0624 4608 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
09:35:15.0629 4608 adpahci - ok
09:35:15.0644 4608 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
09:35:15.0647 4608 adpu320 - ok
09:35:15.0684 4608 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
09:35:15.0684 4608 AeLookupSvc - ok
09:35:15.0721 4608 AESTFilters (ef1142512bec12f1c2c87735da1755be) C:\Windows\system32\aestsrv.exe
09:35:15.0723 4608 AESTFilters - ok
09:35:15.0791 4608 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
09:35:15.0796 4608 AFD - ok
09:35:15.0835 4608 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
09:35:15.0836 4608 agp440 - ok
09:35:15.0874 4608 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
09:35:15.0876 4608 aic78xx - ok
09:35:15.0932 4608 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
09:35:15.0934 4608 ALG - ok
09:35:15.0964 4608 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
09:35:15.0965 4608 aliide - ok
09:35:16.0006 4608 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
09:35:16.0006 4608 amdagp - ok
09:35:16.0041 4608 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
09:35:16.0042 4608 amdide - ok
09:35:16.0099 4608 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
09:35:16.0101 4608 AmdK8 - ok
09:35:16.0128 4608 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
09:35:16.0129 4608 AmdPPM - ok
09:35:16.0170 4608 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
09:35:16.0172 4608 amdsata - ok
09:35:16.0237 4608 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
09:35:16.0241 4608 amdsbs - ok
09:35:16.0268 4608 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
09:35:16.0269 4608 amdxata - ok
09:35:16.0337 4608 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
09:35:16.0341 4608 ApfiltrService - ok
09:35:16.0401 4608 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
09:35:16.0403 4608 AppID - ok
09:35:16.0442 4608 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
09:35:16.0443 4608 AppIDSvc - ok
09:35:16.0480 4608 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
09:35:16.0482 4608 Appinfo - ok
09:35:16.0606 4608 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:35:16.0610 4608 Apple Mobile Device - ok
09:35:16.0674 4608 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
09:35:16.0676 4608 arc - ok
09:35:16.0693 4608 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
09:35:16.0696 4608 arcsas - ok
09:35:16.0718 4608 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
09:35:16.0719 4608 AsyncMac - ok
09:35:16.0763 4608 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
09:35:16.0764 4608 atapi - ok
09:35:16.0844 4608 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
09:35:16.0852 4608 AudioEndpointBuilder - ok
09:35:16.0863 4608 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
09:35:16.0868 4608 Audiosrv - ok
09:35:16.0914 4608 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
09:35:16.0917 4608 AxInstSV - ok
09:35:16.0980 4608 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
09:35:16.0989 4608 b06bdrv - ok
09:35:17.0034 4608 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:35:17.0039 4608 b57nd60x - ok
09:35:17.0226 4608 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
09:35:17.0255 4608 BCM43XX - ok
09:35:17.0279 4608 bcm4sbxp (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
09:35:17.0280 4608 bcm4sbxp - ok
09:35:17.0308 4608 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
09:35:17.0309 4608 BDESVC - ok
09:35:17.0354 4608 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
09:35:17.0355 4608 Beep - ok
09:35:17.0401 4608 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
09:35:17.0409 4608 BFE - ok
09:35:17.0497 4608 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
09:35:17.0511 4608 BITS - ok
09:35:17.0550 4608 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
09:35:17.0552 4608 blbdrive - ok
09:35:17.0630 4608 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:35:17.0638 4608 Bonjour Service - ok
09:35:17.0663 4608 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
09:35:17.0665 4608 bowser - ok
09:35:17.0696 4608 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:35:17.0697 4608 BrFiltLo - ok
09:35:17.0708 4608 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:35:17.0709 4608 BrFiltUp - ok
09:35:17.0761 4608 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
09:35:17.0764 4608 Browser - ok
09:35:17.0800 4608 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
09:35:17.0805 4608 Brserid - ok
09:35:17.0816 4608 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
09:35:17.0818 4608 BrSerWdm - ok
09:35:17.0858 4608 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:35:17.0859 4608 BrUsbMdm - ok
09:35:17.0874 4608 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
09:35:17.0875 4608 BrUsbSer - ok
09:35:17.0890 4608 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
09:35:17.0892 4608 BTHMODEM - ok
09:35:17.0945 4608 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
09:35:17.0947 4608 bthserv - ok
09:35:17.0990 4608 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
09:35:17.0992 4608 cdfs - ok
09:35:18.0059 4608 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
09:35:18.0062 4608 cdrom - ok
09:35:18.0111 4608 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
09:35:18.0114 4608 CertPropSvc - ok
09:35:18.0153 4608 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
09:35:18.0153 4608 circlass - ok
09:35:18.0183 4608 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
09:35:18.0193 4608 CLFS - ok
09:35:18.0304 4608 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:35:18.0307 4608 clr_optimization_v2.0.50727_32 - ok
09:35:18.0359 4608 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:35:18.0363 4608 clr_optimization_v4.0.30319_32 - ok
09:35:18.0397 4608 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
09:35:18.0398 4608 CmBatt - ok
09:35:18.0419 4608 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
09:35:18.0420 4608 cmdide - ok
09:35:18.0456 4608 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
09:35:18.0461 4608 CNG - ok
09:35:18.0490 4608 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
09:35:18.0491 4608 Compbatt - ok
09:35:18.0544 4608 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:35:18.0546 4608 CompositeBus - ok
09:35:18.0560 4608 COMSysApp - ok
09:35:18.0574 4608 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
09:35:18.0575 4608 crcdisk - ok
09:35:18.0632 4608 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
09:35:18.0634 4608 CryptSvc - ok
09:35:18.0682 4608 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
09:35:18.0687 4608 DcomLaunch - ok
09:35:18.0709 4608 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
09:35:18.0713 4608 defragsvc - ok
09:35:18.0756 4608 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
09:35:18.0757 4608 DfsC - ok
09:35:18.0835 4608 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
09:35:18.0840 4608 Dhcp - ok
09:35:18.0856 4608 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
09:35:18.0858 4608 discache - ok
09:35:18.0919 4608 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
09:35:18.0920 4608 Disk - ok
09:35:18.0962 4608 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
09:35:18.0966 4608 Dnscache - ok
09:35:19.0023 4608 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
09:35:19.0029 4608 dot3svc - ok
09:35:19.0053 4608 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
09:35:19.0057 4608 DPS - ok
09:35:19.0110 4608 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
09:35:19.0111 4608 drmkaud - ok
09:35:19.0212 4608 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
09:35:19.0229 4608 DXGKrnl - ok
09:35:19.0275 4608 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
09:35:19.0278 4608 EapHost - ok
09:35:19.0549 4608 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
09:35:19.0611 4608 ebdrv - ok
09:35:19.0767 4608 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
09:35:19.0770 4608 EFS - ok
09:35:19.0872 4608 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
09:35:19.0882 4608 ehRecvr - ok
09:35:19.0922 4608 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
09:35:19.0925 4608 ehSched - ok
09:35:20.0022 4608 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
09:35:20.0030 4608 elxstor - ok
09:35:20.0042 4608 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
09:35:20.0043 4608 ErrDev - ok
09:35:20.0120 4608 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
09:35:20.0127 4608 EventSystem - ok
09:35:20.0153 4608 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
09:35:20.0156 4608 exfat - ok
09:35:20.0184 4608 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
09:35:20.0187 4608 fastfat - ok
09:35:20.0254 4608 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
09:35:20.0255 4608 Fax - ok
09:35:20.0313 4608 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
09:35:20.0314 4608 fdc - ok
09:35:20.0355 4608 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
09:35:20.0357 4608 fdPHost - ok
09:35:20.0369 4608 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
09:35:20.0371 4608 FDResPub - ok
09:35:20.0384 4608 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
09:35:20.0385 4608 FileInfo - ok
09:35:20.0400 4608 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
09:35:20.0401 4608 Filetrace - ok
09:35:20.0442 4608 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
09:35:20.0443 4608 flpydisk - ok
09:35:20.0480 4608 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
09:35:20.0484 4608 FltMgr - ok
09:35:20.0540 4608 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
09:35:20.0553 4608 FontCache - ok
09:35:20.0636 4608 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:35:20.0637 4608 FontCache3.0.0.0 - ok
09:35:20.0671 4608 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
09:35:20.0672 4608 FsDepends - ok
09:35:20.0705 4608 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
09:35:20.0706 4608 Fs_Rec - ok
09:35:20.0762 4608 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
09:35:20.0765 4608 fvevol - ok
09:35:20.0814 4608 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:35:20.0817 4608 gagp30kx - ok
09:35:20.0872 4608 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:35:20.0873 4608 GEARAspiWDM - ok
09:35:20.0949 4608 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
09:35:20.0961 4608 gpsvc - ok
09:35:20.0991 4608 grmnusb (cec45180029f1012054a41ceeea9ceab) C:\Windows\system32\drivers\grmnusb.sys
09:35:20.0992 4608 grmnusb - ok
09:35:21.0073 4608 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:35:21.0077 4608 gusvc - ok
09:35:21.0111 4608 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
09:35:21.0113 4608 hcw85cir - ok
09:35:21.0158 4608 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:35:21.0161 4608 HDAudBus - ok
09:35:21.0188 4608 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
09:35:21.0189 4608 HidBatt - ok
09:35:21.0215 4608 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
09:35:21.0218 4608 HidBth - ok
09:35:21.0255 4608 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
09:35:21.0257 4608 HidIr - ok
09:35:21.0278 4608 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
09:35:21.0293 4608 hidserv - ok
09:35:21.0346 4608 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
09:35:21.0348 4608 HidUsb - ok
09:35:21.0359 4608 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
09:35:21.0363 4608 hkmsvc - ok
09:35:21.0388 4608 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
09:35:21.0393 4608 HomeGroupListener - ok
09:35:21.0428 4608 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
09:35:21.0433 4608 HomeGroupProvider - ok
09:35:21.0473 4608 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:35:21.0475 4608 HpSAMD - ok
09:35:21.0595 4608 HSF_DPV (99f85640054ba65190b860d878a7c9ae) C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:35:21.0613 4608 HSF_DPV - ok
09:35:21.0636 4608 HSXHWAZL (cfbc2b81972e298f0e19ee68fa9e73da) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:35:21.0639 4608 HSXHWAZL - ok
09:35:21.0684 4608 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
09:35:21.0696 4608 HTTP - ok
09:35:21.0720 4608 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
09:35:21.0720 4608 hwpolicy - ok
09:35:21.0756 4608 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
09:35:21.0758 4608 i8042prt - ok
09:35:21.0805 4608 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
09:35:21.0808 4608 iaStor - ok
09:35:21.0868 4608 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
09:35:21.0874 4608 iaStorV - ok
09:35:22.0021 4608 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:35:22.0037 4608 idsvc - ok
09:35:22.0420 4608 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:35:22.0566 4608 igfx - ok
09:35:22.0737 4608 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
09:35:22.0738 4608 iirsp - ok
09:35:22.0830 4608 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
09:35:22.0843 4608 IKEEXT - ok
09:35:22.0890 4608 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
09:35:22.0890 4608 intelide - ok
09:35:22.0941 4608 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
09:35:22.0943 4608 intelppm - ok
09:35:23.0049 4608 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
09:35:23.0051 4608 IntuitUpdateServiceV4 - ok
09:35:23.0089 4608 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
09:35:23.0094 4608 IPBusEnum - ok
09:35:23.0112 4608 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:35:23.0115 4608 IpFilterDriver - ok
09:35:23.0171 4608 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
09:35:23.0179 4608 iphlpsvc - ok
09:35:23.0218 4608 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:35:23.0220 4608 IPMIDRV - ok
09:35:23.0236 4608 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
09:35:23.0239 4608 IPNAT - ok
09:35:23.0349 4608 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
09:35:23.0364 4608 iPod Service - ok
09:35:23.0398 4608 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
09:35:23.0399 4608 IRENUM - ok
09:35:23.0436 4608 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
09:35:23.0436 4608 isapnp - ok
09:35:23.0466 4608 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
09:35:23.0466 4608 iScsiPrt - ok
09:35:23.0513 4608 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:35:23.0515 4608 kbdclass - ok
09:35:23.0545 4608 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
09:35:23.0546 4608 kbdhid - ok
09:35:23.0579 4608 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
09:35:23.0582 4608 KeyIso - ok
09:35:23.0593 4608 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
09:35:23.0595 4608 KSecDD - ok
09:35:23.0616 4608 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
09:35:23.0619 4608 KSecPkg - ok
09:35:23.0673 4608 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
09:35:23.0684 4608 KtmRm - ok
09:35:23.0731 4608 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
09:35:23.0736 4608 LanmanServer - ok
09:35:23.0786 4608 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
09:35:23.0794 4608 LanmanWorkstation - ok
09:35:23.0859 4608 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
09:35:23.0861 4608 lltdio - ok
09:35:23.0912 4608 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
09:35:23.0918 4608 lltdsvc - ok
09:35:23.0932 4608 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
09:35:23.0934 4608 lmhosts - ok
09:35:23.0966 4608 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:35:23.0968 4608 LSI_FC - ok
09:35:23.0989 4608 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:35:23.0991 4608 LSI_SAS - ok
09:35:24.0003 4608 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:35:24.0005 4608 LSI_SAS2 - ok
09:35:24.0040 4608 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:35:24.0042 4608 LSI_SCSI - ok
09:35:24.0072 4608 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
09:35:24.0073 4608 luafv - ok
09:35:24.0109 4608 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
09:35:24.0114 4608 Mcx2Svc - ok
09:35:24.0154 4608 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:35:24.0155 4608 mdmxsdk - ok
09:35:24.0189 4608 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
09:35:24.0191 4608 megasas - ok
09:35:24.0235 4608 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
09:35:24.0240 4608 MegaSR - ok
09:35:24.0273 4608 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:35:24.0277 4608 MMCSS - ok
09:35:24.0289 4608 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
09:35:24.0290 4608 Modem - ok
09:35:24.0334 4608 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
09:35:24.0335 4608 monitor - ok
09:35:24.0367 4608 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
09:35:24.0368 4608 mouclass - ok
09:35:24.0391 4608 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
09:35:24.0392 4608 mouhid - ok
09:35:24.0413 4608 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
09:35:24.0414 4608 mountmgr - ok
09:35:24.0432 4608 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
09:35:24.0434 4608 mpio - ok
09:35:24.0454 4608 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
09:35:24.0455 4608 mpsdrv - ok
09:35:24.0540 4608 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
09:35:24.0556 4608 MpsSvc - ok
09:35:24.0571 4608 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
09:35:24.0571 4608 MRxDAV - ok
09:35:24.0621 4608 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:35:24.0624 4608 mrxsmb - ok
09:35:24.0656 4608 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:35:24.0660 4608 mrxsmb10 - ok
09:35:24.0676 4608 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:35:24.0678 4608 mrxsmb20 - ok
09:35:24.0718 4608 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
09:35:24.0719 4608 msahci - ok
09:35:24.0767 4608 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
09:35:24.0770 4608 msdsm - ok
09:35:24.0819 4608 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
09:35:24.0825 4608 MSDTC - ok
09:35:24.0849 4608 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
09:35:24.0850 4608 Msfs - ok
09:35:24.0859 4608 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
09:35:24.0860 4608 mshidkmdf - ok
09:35:24.0877 4608 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
09:35:24.0877 4608 msisadrv - ok
09:35:24.0932 4608 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
09:35:24.0935 4608 MSiSCSI - ok
09:35:24.0940 4608 msiserver - ok
09:35:24.0976 4608 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
09:35:24.0977 4608 MSKSSRV - ok
09:35:25.0014 4608 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
09:35:25.0015 4608 MSPCLOCK - ok
09:35:25.0031 4608 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
09:35:25.0032 4608 MSPQM - ok
09:35:25.0061 4608 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
09:35:25.0064 4608 MsRPC - ok
09:35:25.0087 4608 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
09:35:25.0088 4608 mssmbios - ok
09:35:25.0109 4608 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
09:35:25.0110 4608 MSTEE - ok
09:35:25.0143 4608 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
09:35:25.0145 4608 MTConfig - ok
09:35:25.0167 4608 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
09:35:25.0168 4608 Mup - ok
09:35:25.0218 4608 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
09:35:25.0226 4608 napagent - ok
09:35:25.0267 4608 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
09:35:25.0271 4608 NativeWifiP - ok
09:35:25.0362 4608 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
09:35:25.0376 4608 NDIS - ok
09:35:25.0393 4608 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
09:35:25.0394 4608 NdisCap - ok
09:35:25.0422 4608 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
09:35:25.0423 4608 NdisTapi - ok
09:35:25.0439 4608 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
09:35:25.0440 4608 Ndisuio - ok
09:35:25.0461 4608 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
09:35:25.0463 4608 NdisWan - ok
09:35:25.0495 4608 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
09:35:25.0497 4608 NDProxy - ok
09:35:25.0551 4608 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
09:35:25.0552 4608 NetBIOS - ok
09:35:25.0582 4608 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
09:35:25.0586 4608 NetBT - ok
09:35:25.0613 4608 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
09:35:25.0613 4608 Netlogon - ok
09:35:25.0679 4608 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
09:35:25.0685 4608 Netman - ok
09:35:25.0735 4608 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
09:35:25.0742 4608 netprofm - ok
09:35:25.0831 4608 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:35:25.0834 4608 NetTcpPortSharing - ok
09:35:25.0884 4608 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
09:35:25.0885 4608 nfrd960 - ok
09:35:25.0928 4608 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
09:35:25.0935 4608 NlaSvc - ok
09:35:25.0980 4608 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
09:35:25.0982 4608 Npfs - ok
09:35:25.0993 4608 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
09:35:25.0997 4608 nsi - ok
09:35:26.0005 4608 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
09:35:26.0007 4608 nsiproxy - ok
09:35:26.0096 4608 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
09:35:26.0115 4608 Ntfs - ok
09:35:26.0151 4608 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
09:35:26.0152 4608 Null - ok
09:35:26.0179 4608 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
09:35:26.0181 4608 nvraid - ok
09:35:26.0200 4608 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
09:35:26.0202 4608 nvstor - ok
09:35:26.0221 4608 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
09:35:26.0223 4608 nv_agp - ok
09:35:26.0369 4608 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:35:26.0380 4608 odserv - ok
09:35:26.0454 4608 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
09:35:26.0459 4608 OEM02Dev - ok
09:35:26.0472 4608 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
09:35:26.0473 4608 OEM02Vfx - ok
09:35:26.0508 4608 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
09:35:26.0510 4608 ohci1394 - ok
09:35:26.0572 4608 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:35:26.0575 4608 ose - ok
09:35:26.0634 4608 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:35:26.0642 4608 p2pimsvc - ok
09:35:26.0707 4608 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
09:35:26.0723 4608 p2psvc - ok
09:35:26.0773 4608 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
09:35:26.0775 4608 Parport - ok
09:35:26.0811 4608 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
09:35:26.0812 4608 partmgr - ok
09:35:26.0834 4608 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
09:35:26.0835 4608 Parvdm - ok
09:35:26.0881 4608 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
09:35:26.0887 4608 PcaSvc - ok
09:35:26.0933 4608 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
09:35:26.0936 4608 pci - ok
09:35:26.0970 4608 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
09:35:26.0971 4608 pciide - ok
09:35:27.0004 4608 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
09:35:27.0008 4608 pcmcia - ok
09:35:27.0030 4608 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
09:35:27.0031 4608 pcw - ok
09:35:27.0073 4608 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
09:35:27.0083 4608 PEAUTH - ok
09:35:27.0217 4608 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
09:35:27.0247 4608 pla - ok
09:35:27.0413 4608 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
09:35:27.0427 4608 PlugPlay - ok
09:35:27.0473 4608 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
09:35:27.0483 4608 PNRPAutoReg - ok
09:35:27.0515 4608 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
09:35:27.0519 4608 PNRPsvc - ok
09:35:27.0572 4608 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
09:35:27.0583 4608 PolicyAgent - ok
09:35:27.0624 4608 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
09:35:27.0629 4608 Power - ok
09:35:27.0691 4608 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
09:35:27.0694 4608 PptpMiniport - ok
09:35:27.0721 4608 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
09:35:27.0723 4608 Processor - ok
09:35:27.0779 4608 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
09:35:27.0789 4608 ProfSvc - ok
09:35:27.0819 4608 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
09:35:27.0819 4608 ProtectedStorage - ok
09:35:27.0878 4608 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
09:35:27.0880 4608 Psched - ok
09:35:27.0984 4608 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
09:35:28.0010 4608 ql2300 - ok
09:35:28.0182 4608 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
09:35:28.0185 4608 ql40xx - ok
09:35:28.0224 4608 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
09:35:28.0230 4608 QWAVE - ok
09:35:28.0244 4608 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
09:35:28.0245 4608 QWAVEdrv - ok
09:35:28.0267 4608 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
09:35:28.0268 4608 RasAcd - ok
09:35:28.0328 4608 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:35:28.0330 4608 RasAgileVpn - ok
09:35:28.0383 4608 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
09:35:28.0388 4608 RasAuto - ok
09:35:28.0410 4608 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:35:28.0413 4608 Rasl2tp - ok
09:35:28.0451 4608 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
09:35:28.0460 4608 RasMan - ok
09:35:28.0510 4608 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
09:35:28.0512 4608 RasPppoe - ok
09:35:28.0534 4608 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
09:35:28.0536 4608 RasSstp - ok
09:35:28.0590 4608 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
09:35:28.0595 4608 rdbss - ok
09:35:28.0617 4608 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
09:35:28.0618 4608 rdpbus - ok
09:35:28.0636 4608 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:35:28.0637 4608 RDPCDD - ok
09:35:28.0658 4608 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
09:35:28.0659 4608 RDPENCDD - ok
09:35:28.0689 4608 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
09:35:28.0689 4608 RDPREFMP - ok
09:35:28.0729 4608 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
09:35:28.0734 4608 RDPWD - ok
09:35:28.0776 4608 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
09:35:28.0779 4608 rdyboost - ok
09:35:28.0828 4608 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
09:35:28.0831 4608 RemoteAccess - ok
09:35:28.0874 4608 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
09:35:28.0874 4608 RemoteRegistry - ok
09:35:28.0936 4608 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
09:35:28.0938 4608 rimmptsk - ok
09:35:28.0962 4608 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
09:35:28.0964 4608 rimsptsk - ok
09:35:28.0984 4608 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
09:35:28.0986 4608 rismxdp - ok
09:35:29.0035 4608 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
09:35:29.0040 4608 RpcEptMapper - ok
09:35:29.0072 4608 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
09:35:29.0075 4608 RpcLocator - ok
09:35:29.0116 4608 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
09:35:29.0123 4608 RpcSs - ok
09:35:29.0173 4608 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
09:35:29.0175 4608 rspndr - ok
09:35:29.0213 4608 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
09:35:29.0216 4608 SamSs - ok
09:35:29.0246 4608 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
09:35:29.0249 4608 sbp2port - ok
09:35:29.0295 4608 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
09:35:29.0301 4608 SCardSvr - ok
09:35:29.0316 4608 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
09:35:29.0318 4608 scfilter - ok
09:35:29.0382 4608 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
09:35:29.0396 4608 Schedule - ok
09:35:29.0433 4608 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
09:35:29.0434 4608 SCPolicySvc - ok
09:35:29.0488 4608 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
09:35:29.0491 4608 sdbus - ok
09:35:29.0530 4608 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
09:35:29.0534 4608 SDRSVC - ok
09:35:29.0585 4608 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:35:29.0587 4608 secdrv - ok
09:35:29.0602 4608 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
09:35:29.0606 4608 seclogon - ok
09:35:29.0646 4608 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
09:35:29.0651 4608 SENS - ok
09:35:29.0685 4608 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
09:35:29.0689 4608 SensrSvc - ok
09:35:29.0708 4608 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
09:35:29.0710 4608 Serenum - ok
09:35:29.0763 4608 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
09:35:29.0766 4608 Serial - ok
09:35:29.0788 4608 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
09:35:29.0790 4608 sermouse - ok
09:35:29.0841 4608 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
09:35:29.0844 4608 SessionEnv - ok
09:35:29.0859 4608 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
09:35:29.0860 4608 sffdisk - ok
09:35:29.0868 4608 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:35:29.0869 4608 sffp_mmc - ok
09:35:29.0885 4608 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:35:29.0885 4608 sffp_sd - ok
09:35:29.0903 4608 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
09:35:29.0903 4608 sfloppy - ok
09:35:29.0964 4608 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
09:35:29.0969 4608 SharedAccess - ok
09:35:30.0020 4608 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
09:35:30.0027 4608 ShellHWDetection - ok
09:35:30.0058 4608 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
09:35:30.0060 4608 sisagp - ok
09:35:30.0090 4608 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:35:30.0091 4608 SiSRaid2 - ok
09:35:30.0108 4608 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
09:35:30.0110 4608 SiSRaid4 - ok
09:35:30.0145 4608 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
09:35:30.0147 4608 Smb - ok
09:35:30.0194 4608 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
09:35:30.0197 4608 SNMPTRAP - ok
09:35:30.0229 4608 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
09:35:30.0230 4608 spldr - ok
09:35:30.0272 4608 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
09:35:30.0277 4608 Spooler - ok
09:35:30.0437 4608 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
09:35:30.0484 4608 sppsvc - ok
09:35:30.0640 4608 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
09:35:30.0648 4608 sppuinotify - ok
09:35:30.0693 4608 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
09:35:30.0698 4608 srv - ok
09:35:30.0728 4608 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
09:35:30.0733 4608 srv2 - ok
09:35:30.0752 4608 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
09:35:30.0754 4608 srvnet - ok
09:35:30.0773 4608 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
09:35:30.0777 4608 SSDPSRV - ok
09:35:30.0797 4608 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
09:35:30.0801 4608 SstpSvc - ok
09:35:30.0861 4608 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
09:35:30.0869 4608 STacSV - ok
09:35:30.0901 4608 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
09:35:30.0902 4608 stexstor - ok
09:35:30.0930 4608 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
09:35:30.0930 4608 STHDA - ok
09:35:30.0965 4608 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
09:35:30.0966 4608 StillCam - ok
09:35:31.0051 4608 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
09:35:31.0063 4608 StiSvc - ok
09:35:31.0108 4608 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
09:35:31.0110 4608 swenum - ok
09:35:31.0172 4608 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
09:35:31.0182 4608 swprv - ok
09:35:31.0253 4608 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
09:35:31.0274 4608 SysMain - ok
09:35:31.0294 4608 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
09:35:31.0297 4608 TabletInputService - ok
09:35:31.0319 4608 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
09:35:31.0325 4608 TapiSrv - ok
09:35:31.0359 4608 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
09:35:31.0363 4608 TBS - ok
09:35:31.0446 4608 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
09:35:31.0464 4608 Tcpip - ok
09:35:31.0492 4608 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
09:35:31.0500 4608 TCPIP6 - ok
09:35:31.0536 4608 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
09:35:31.0537 4608 tcpipreg - ok
09:35:31.0557 4608 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
09:35:31.0558 4608 TDPIPE - ok
09:35:31.0588 4608 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
09:35:31.0589 4608 TDTCP - ok
09:35:31.0622 4608 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
09:35:31.0624 4608 tdx - ok
09:35:31.0661 4608 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
09:35:31.0663 4608 TermDD - ok
09:35:31.0718 4608 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
09:35:31.0730 4608 TermService - ok
09:35:31.0743 4608 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
09:35:31.0747 4608 Themes - ok
09:35:31.0785 4608 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
09:35:31.0789 4608 THREADORDER - ok
09:35:31.0833 4608 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
09:35:31.0838 4608 TrkWks - ok
09:35:31.0917 4608 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
09:35:31.0920 4608 TrustedInstaller - ok
09:35:31.0953 4608 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:35:31.0953 4608 tssecsrv - ok
09:35:31.0999 4608 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
09:35:32.0002 4608 tunnel - ok
09:35:32.0026 4608 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
09:35:32.0028 4608 uagp35 - ok
09:35:32.0065 4608 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
09:35:32.0070 4608 udfs - ok
09:35:32.0119 4608 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
09:35:32.0124 4608 UI0Detect - ok
09:35:32.0170 4608 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:35:32.0172 4608 uliagpkx - ok
09:35:32.0200 4608 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
09:35:32.0202 4608 umbus - ok
09:35:32.0225 4608 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
09:35:32.0226 4608 UmPass - ok
09:35:32.0286 4608 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
09:35:32.0295 4608 upnphost - ok
09:35:32.0342 4608 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
09:35:32.0344 4608 USBAAPL - ok
09:35:32.0367 4608 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
09:35:32.0370 4608 usbccgp - ok
09:35:32.0418 4608 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
09:35:32.0421 4608 usbcir - ok
09:35:32.0437 4608 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
09:35:32.0439 4608 usbehci - ok
09:35:32.0459 4608 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
09:35:32.0464 4608 usbhub - ok
09:35:32.0483 4608 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
09:35:32.0484 4608 usbohci - ok
09:35:32.0511 4608 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
09:35:32.0512 4608 usbprint - ok
09:35:32.0542 4608 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
09:35:32.0543 4608 usbscan - ok
09:35:32.0564 4608 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:35:32.0566 4608 USBSTOR - ok
09:35:32.0575 4608 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
09:35:32.0576 4608 usbuhci - ok
09:35:32.0612 4608 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys
09:35:32.0613 4608 usb_rndisx - ok
09:35:32.0646 4608 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
09:35:32.0649 4608 UxSms - ok
09:35:32.0679 4608 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
09:35:32.0681 4608 VaultSvc - ok
09:35:32.0721 4608 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:35:32.0724 4608 vdrvroot - ok
09:35:32.0773 4608 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
09:35:32.0786 4608 vds - ok
09:35:32.0821 4608 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
09:35:32.0823 4608 vga - ok
09:35:32.0838 4608 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
09:35:32.0839 4608 VgaSave - ok
09:35:32.0867 4608 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
09:35:32.0871 4608 vhdmp - ok
09:35:32.0917 4608 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
09:35:32.0919 4608 viaagp - ok
09:35:32.0938 4608 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
09:35:32.0940 4608 ViaC7 - ok
09:35:32.0971 4608 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
09:35:32.0972 4608 viaide - ok
09:35:32.0995 4608 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
09:35:32.0997 4608 volmgr - ok
09:35:33.0029 4608 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
09:35:33.0035 4608 volmgrx - ok
09:35:33.0090 4608 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
09:35:33.0095 4608 volsnap - ok
09:35:33.0135 4608 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
09:35:33.0139 4608 vsmraid - ok
09:35:33.0270 4608 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
09:35:33.0291 4608 VSS - ok
09:35:33.0311 4608 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
09:35:33.0312 4608 vwifibus - ok
09:35:33.0356 4608 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
09:35:33.0357 4608 vwififlt - ok
09:35:33.0393 4608 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
09:35:33.0394 4608 vwifimp - ok
09:35:33.0439 4608 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
09:35:33.0444 4608 W32Time - ok
09:35:33.0466 4608 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
09:35:33.0468 4608 WacomPen - ok
09:35:33.0492 4608 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:35:33.0494 4608 WANARP - ok
09:35:33.0498 4608 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
09:35:33.0499 4608 Wanarpv6 - ok
09:35:33.0635 4608 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
09:35:33.0660 4608 WatAdminSvc - ok
09:35:33.0752 4608 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
09:35:33.0774 4608 wbengine - ok
09:35:33.0801 4608 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
09:35:33.0807 4608 WbioSrvc - ok
09:35:33.0850 4608 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
09:35:33.0858 4608 wcncsvc - ok
09:35:33.0897 4608 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
09:35:33.0902 4608 WcsPlugInService - ok
09:35:33.0941 4608 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
09:35:33.0942 4608 Wd - ok
09:35:33.0974 4608 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:35:33.0982 4608 Wdf01000 - ok
09:35:33.0994 4608 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:35:33.0998 4608 WdiServiceHost - ok
09:35:34.0002 4608 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
09:35:34.0006 4608 WdiSystemHost - ok
09:35:34.0038 4608 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
09:35:34.0038 4608 WebClient - ok
09:35:34.0084 4608 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
09:35:34.0084 4608 Wecsvc - ok
09:35:34.0100 4608 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
09:35:34.0100 4608 wercplsupport - ok
09:35:34.0140 4608 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
09:35:34.0143 4608 WerSvc - ok
09:35:34.0185 4608 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
09:35:34.0186 4608 WfpLwf - ok
09:35:34.0209 4608 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
09:35:34.0210 4608 WIMMount - ok
09:35:34.0283 4608 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:35:34.0295 4608 winachsf - ok
09:35:34.0415 4608 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
09:35:34.0428 4608 WinDefend - ok
09:35:34.0437 4608 WinHttpAutoProxySvc - ok
09:35:34.0636 4608 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
09:35:34.0641 4608 Winmgmt - ok
09:35:34.0769 4608 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
09:35:34.0796 4608 WinRM - ok
09:35:34.0861 4608 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
09:35:34.0864 4608 WinUsb - ok
09:35:34.0958 4608 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
09:35:34.0978 4608 Wlansvc - ok
09:35:34.0990 4608 wltrysvc - ok
09:35:35.0033 4608 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:35:35.0035 4608 WmiAcpi - ok
09:35:35.0126 4608 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
09:35:35.0133 4608 wmiApSrv - ok
09:35:35.0273 4608 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:35:35.0290 4608 WMPNetworkSvc - ok
09:35:35.0332 4608 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
09:35:35.0336 4608 WPCSvc - ok
09:35:35.0356 4608 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
09:35:35.0360 4608 WPDBusEnum - ok
09:35:35.0406 4608 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
09:35:35.0407 4608 ws2ifsl - ok
09:35:35.0439 4608 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
09:35:35.0442 4608 wscsvc - ok
09:35:35.0447 4608 WSearch - ok
09:35:35.0566 4608 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
09:35:35.0599 4608 wuauserv - ok
09:35:35.0764 4608 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
09:35:35.0767 4608 WudfPf - ok
09:35:35.0818 4608 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:35:35.0823 4608 WUDFRd - ok
09:35:35.0864 4608 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
09:35:35.0869 4608 wudfsvc - ok
09:35:35.0887 4608 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
09:35:35.0893 4608 WwanSvc - ok
09:35:35.0926 4608 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
09:35:35.0927 4608 XAudio - ok
09:35:35.0976 4608 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
09:35:35.0983 4608 XAudioService - ok
09:35:36.0029 4608 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:35:37.0121 4608 \Device\Harddisk0\DR0 - ok
09:35:37.0136 4608 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
09:35:38.0037 4608 \Device\Harddisk1\DR1 - ok
09:35:38.0087 4608 Boot (0x1200) (eb6c3bdf8f3c9126c4b7b6a384e526fe) \Device\Harddisk0\DR0\Partition0
09:35:38.0090 4608 \Device\Harddisk0\DR0\Partition0 - ok
09:35:38.0115 4608 Boot (0x1200) (bfa8a7843224ab377a17e101388c5202) \Device\Harddisk0\DR0\Partition1
09:35:38.0118 4608 \Device\Harddisk0\DR0\Partition1 - ok
09:35:38.0128 4608 Boot (0x1200) (a042a4bdee6cd1dce4215f5bbf47fa7b) \Device\Harddisk1\DR1\Partition0
09:35:38.0131 4608 \Device\Harddisk1\DR1\Partition0 - ok
09:35:38.0132 4608 ============================================================
09:35:38.0132 4608 Scan finished
09:35:38.0132 4608 ============================================================
09:35:38.0208 2920 Detected object count: 0
09:35:38.0208 2920 Actual detected object count: 0
Antny
Active Member
 
Posts: 4
Joined: June 4th, 2012, 7:46 am

Re: Links usually redirected

Unread postby Gary R » June 5th, 2012, 9:59 am

Not a lot showing in your logs, the following lines ......

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB27473$] -> Error: Cannot create file handle -> Unknown point type


..... suggest you may have a "Zero Access" infection (or the remains of one).

Some versions of Zero Access can be very difficult to remove, and it's possible that the only way to clean your machine might be to reformat your hard drive and re-install Windows. So if you have not already done so, please back up your personal files and folders to some external media.

At the moment we don't have a definite confirmation of the infection, so I'd like to run further scans and see where that takes us.

First

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.

Next

  • Download aswMBR.exe to your desktop.
  • Double click aswMBR.exe to run it
Image
  • Click the SCAN button to start the scan.
Image
  • On completion of the scan click SAVE LOG and save it to your desktop.
  • Post the log contents in your next reply please.

Summary of the logs I need from you in your next post:
  • Combofix log
  • aswMBR log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Links usually redirected

Unread postby Gary R » June 8th, 2012, 4:01 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware