Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Browser rnning slow and redirecting

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 17th, 2012, 1:14 pm

OTL logfile created on: 17/06/2012 18:03:01 - Run 3
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\cgrabarz\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 55.92% Memory free
7.20 Gb Paging File | 5.37 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.34 Gb Total Space | 186.59 Gb Free Space | 80.31% Space Free | Partition Type: NTFS
Drive D: | 233.02 Gb Total Space | 220.03 Gb Free Space | 94.42% Space Free | Partition Type: NTFS

Computer Name: CGRABARZ-TOSH | User Name: cgrabarz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\cgrabarz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
PRC - C:\Program Files (x86)\ToolKitService\tktray.exe (ToolKit Development, Ltd.)
PRC - C:\Program Files (x86)\ToolKitService\toolkitservice.exe (ToolKit Development, Ltd.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe ()
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (ToolkitSvc) -- C:\Program Files (x86)\ToolKitService\toolkitservice.exe (ToolKit Development, Ltd.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (NAUpdate) @c:\Program Files (x86) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (ToolkitDisk) -- C:\Windows\SysNative\drivers\toolkitdisk.sys (Toolkit Development, Ltd.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbd) -- C:\Windows\SysNative\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Tosrfusb) -- C:\Windows\SysNative\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Tosrfcom) -- C:\Windows\SysNative\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tosrfbnp) -- C:\Windows\SysNative\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Plc)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (Tosrfhid) -- C:\Windows\SysNative\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfec) -- C:\Windows\SysNative\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV:64bit: - (TosRfSnd) -- C:\Windows\SysNative\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (LgBttPort) -- C:\Windows\SysNative\drivers\lgbtpt64.sys (LG Electronics Inc.)
DRV:64bit: - (LGVMODEM) -- C:\Windows\SysNative\drivers\lgvmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (lgbusenum) -- C:\Windows\SysNative\drivers\lgbtbs64.sys (LG Electronics Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (tosrfnds) -- C:\Windows\SysNative\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV:64bit: - (NMgamingmsFltr) -- C:\Windows\SysNative\drivers\NMgamingms.sys (Primax Ltd)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (tosporte) -- C:\Windows\SysNative\drivers\tosporte.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 B9 86 DE B4 49 CD 01 [binary data]
IE - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\cgrabarz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\toolkit@toolkitdevelopment.com: C:\Program Files (x86)\ToolKitService\ffext [2012/06/10 01:00:30 | 000,000,000 | ---D | M]

[2011/11/09 02:29:31 | 000,002,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/31 01:24:40 | 000,044,218 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\toolkitsearch.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll (Toolkit Development, Ltd.)
O3:64bit: - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\..\Toolbar\WebBrowser: (eToolKit Toolbar) - {D3B22A92-87A2-47B6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll (Toolkit Development, Ltd.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-3624782270-356045228-2059181731-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3624782270-356045228-2059181731-1000..\Run: [Facebook Update] C:\Users\cgrabarz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3624782270-356045228-2059181731-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3624782270-356045228-2059181731-1000..\Run: [tktray] C:\Program Files (x86)\ToolKitService\tktray.exe (ToolKit Development, Ltd.)
O4 - HKU\S-1-5-21-3624782270-356045228-2059181731-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - Startup: C:\Users\cgrabarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk = C:\Program Files (x86)\Verbatim GREEN BUTTON\GREEN BUTTON.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Mcx1-CGRABARZ-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3624782270-356045228-2059181731-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EA92CB5-D7BA-451C-9A46-4851F2AE9456}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ca7fe84d-06d2-11e1-8f1b-e89a8fac41c5}\Shell - "" = AutoRun
O33 - MountPoints2\{ca7fe84d-06d2-11e1-8f1b-e89a8fac41c5}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 17:05:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/06/14 00:14:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 00:14:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 00:13:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 00:13:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 00:13:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 00:13:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 00:13:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 00:13:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 00:13:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 00:13:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 00:13:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 00:13:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/14 00:13:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 23:23:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/13 22:34:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 22:34:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 22:34:39 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 22:34:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 22:34:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 22:34:22 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 22:34:16 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 22:34:03 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 22:34:02 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 13:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verbatim GREEN BUTTON
[2012/06/13 13:56:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verbatim GREEN BUTTON
[2012/06/12 23:59:07 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\cgrabarz\Desktop\OTL.exe
[2012/06/12 21:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/12 21:30:43 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/06/12 21:29:36 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/06/12 21:29:36 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/06/11 20:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/06/11 20:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GFI Software
[2012/06/11 20:41:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/11 20:40:17 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/06/11 16:08:22 | 000,000,000 | ---D | C] -- C:\Users\cgrabarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/06/11 12:37:17 | 000,000,000 | ---D | C] -- C:\Users\cgrabarz\AppData\Local\Apple Computer
[2012/06/11 12:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2012/06/11 12:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/11 12:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/06/10 00:59:18 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/10 00:59:18 | 000,839,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/10 00:59:18 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/10 00:58:49 | 000,189,384 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/10 00:58:49 | 000,188,872 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/10 00:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/06/10 00:42:09 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/06/10 00:42:08 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/06/10 00:42:08 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/06/10 00:42:07 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/06/10 00:42:07 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/06/10 00:42:07 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/06/10 00:42:07 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/06/10 00:42:07 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/06/10 00:42:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/06/10 00:42:07 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/06/10 00:42:06 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/06/10 00:42:06 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/06/10 00:42:06 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/06/10 00:42:06 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/06/10 00:42:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/06/10 00:42:06 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/06/10 00:42:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/06/10 00:42:05 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/06/10 00:42:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/06/10 00:42:05 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/06/10 00:42:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/06/10 00:42:05 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/06/10 00:42:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/06/10 00:42:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/06/10 00:42:04 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/06/10 00:42:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/06/10 00:42:02 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/06/10 00:42:01 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/06/10 00:42:00 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/06/10 00:42:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/06/10 00:42:00 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/06/10 00:42:00 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/06/10 00:42:00 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/06/10 00:42:00 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/06/10 00:42:00 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/06/10 00:42:00 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/06/10 00:41:59 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/06/10 00:41:59 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/06/10 00:41:59 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/06/10 00:41:59 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/06/10 00:41:59 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/06/10 00:41:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/06/10 00:41:59 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/06/10 00:41:58 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/06/10 00:41:58 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/06/10 00:41:58 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/06/10 00:41:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/06/10 00:41:57 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/06/10 00:41:57 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/06/10 00:41:57 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/06/10 00:41:57 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/06/10 00:41:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/06/10 00:41:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/06/10 00:41:56 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/10 00:41:56 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/06/10 00:41:56 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/06/10 00:41:56 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/06/10 00:41:56 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/06/10 00:41:55 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/06/10 00:24:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/10 00:22:37 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/09 13:06:55 | 000,000,000 | ---D | C] -- C:\Users\cgrabarz\Documents\Simply Super Software
[2012/06/08 21:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop
[2012/06/08 16:35:24 | 000,000,000 | ---D | C] -- C:\Users\cgrabarz\AppData\Local\Adobe
[2012/06/07 13:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/07 13:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/07 10:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2012/06/07 10:15:38 | 000,000,000 | ---D | C] -- C:\Users\cgrabarz\AppData\Roaming\Malwarebytes
[2012/06/07 10:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/06 12:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/06 09:40:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/06 09:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/05 12:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\eToolKit
[2012/05/21 10:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012/05/21 10:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2012/05/21 08:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\samsung-video-converter
[2012/05/21 08:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/18 19:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2012/05/18 19:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare

========== Files - Modified Within 30 Days ==========

[2012/06/17 18:07:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 18:00:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 17:53:05 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/17 17:43:15 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 17:43:15 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 17:35:16 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 17:34:18 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 17:23:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3624782270-356045228-2059181731-1000UA.job
[2012/06/16 22:05:01 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3624782270-356045228-2059181731-1000Core.job
[2012/06/16 09:38:39 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/16 09:38:39 | 000,629,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/16 09:38:39 | 000,111,212 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/13 23:56:36 | 000,165,376 | ---- | M] () -- C:\Users\cgrabarz\Desktop\SystemLook_x64.exe
[2012/06/13 14:08:52 | 000,003,067 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp.lnk
[2012/06/13 13:56:18 | 000,001,037 | ---- | M] () -- C:\Users\cgrabarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk
[2012/06/13 13:56:17 | 000,001,001 | ---- | M] () -- C:\Users\cgrabarz\Desktop\GREEN BUTTON.lnk
[2012/06/13 00:02:37 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\cgrabarz\Desktop\OTL.exe
[2012/06/11 21:14:05 | 000,000,092 | ---- | M] () -- C:\Users\cgrabarz\AppData\Roaming\netstat.bat
[2012/06/11 10:28:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/11 10:28:20 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/10 00:58:30 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/06/10 00:58:30 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/06/10 00:58:30 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/06/10 00:58:30 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/06/10 00:58:30 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/06/10 00:44:19 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/10 00:42:09 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/06/10 00:42:08 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/06/10 00:42:08 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/06/10 00:42:07 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/06/10 00:42:07 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/06/10 00:42:07 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/06/10 00:42:07 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/06/10 00:42:07 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/06/10 00:42:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/06/10 00:42:07 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/06/10 00:42:06 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/06/10 00:42:06 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/06/10 00:42:06 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/06/10 00:42:06 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/06/10 00:42:06 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/06/10 00:42:06 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/10 00:42:06 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/06/10 00:42:06 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/06/10 00:42:05 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/06/10 00:42:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/06/10 00:42:05 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/06/10 00:42:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/06/10 00:42:05 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/06/10 00:42:04 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/06/10 00:42:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/06/10 00:42:04 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/06/10 00:42:04 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/06/10 00:42:02 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/06/10 00:42:01 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/06/10 00:42:00 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/06/10 00:42:00 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/06/10 00:42:00 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/06/10 00:42:00 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/06/10 00:42:00 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/06/10 00:42:00 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/06/10 00:42:00 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/06/10 00:42:00 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/06/10 00:41:59 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/06/10 00:41:59 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/06/10 00:41:59 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/06/10 00:41:59 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/06/10 00:41:59 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/06/10 00:41:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/06/10 00:41:59 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/06/10 00:41:58 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/06/10 00:41:58 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/06/10 00:41:58 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/06/10 00:41:58 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/06/10 00:41:57 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/06/10 00:41:57 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/06/10 00:41:57 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/06/10 00:41:57 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/06/10 00:41:57 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/06/10 00:41:57 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/10 00:41:57 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/06/10 00:41:56 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/10 00:41:56 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/06/10 00:41:56 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/06/10 00:41:56 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/06/10 00:41:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/06/10 00:41:55 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/06/07 13:52:54 | 000,001,188 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/07 09:47:31 | 000,007,662 | ---- | M] () -- C:\Users\cgrabarz\AppData\Local\Resmon.ResmonCfg
[2012/06/05 20:03:01 | 000,736,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/06/13 23:56:23 | 000,165,376 | ---- | C] () -- C:\Users\cgrabarz\Desktop\SystemLook_x64.exe
[2012/06/13 14:08:52 | 000,003,067 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp.lnk
[2012/06/13 13:56:18 | 000,001,037 | ---- | C] () -- C:\Users\cgrabarz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verbatim GREEN BUTTON.lnk
[2012/06/13 13:56:17 | 000,001,001 | ---- | C] () -- C:\Users\cgrabarz\Desktop\GREEN BUTTON.lnk
[2012/06/11 21:14:05 | 000,000,092 | ---- | C] () -- C:\Users\cgrabarz\AppData\Roaming\netstat.bat
[2012/06/11 12:36:58 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/06/10 00:42:06 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/10 00:41:57 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/07 13:52:54 | 000,001,188 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml
[2012/06/07 09:33:46 | 000,007,662 | ---- | C] () -- C:\Users\cgrabarz\AppData\Local\Resmon.ResmonCfg
[2012/06/05 20:41:08 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/27 01:08:58 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/10 21:40:46 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/12/04 11:44:05 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/11/03 23:17:30 | 000,736,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/20 07:42:21 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011/08/20 06:51:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/20 06:48:40 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/02/03 18:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

< End of report >
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top
Advertisement
Register to Remove

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 17th, 2012, 1:16 pm

Wireless router
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 17th, 2012, 1:22 pm

No change to system, still redirecting and a sophos Tjo alert.
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby torreattack » June 18th, 2012, 8:21 am

Hi Chrisg2441 :

Those bad entries still refuse to go, we will try other methods and dig some information.

1. RogueKiller
  • Please download RogueKiller by Tigzy and save it to your desktop.
  • Allow the download if prompted by your security software and please close all your programs.
  • Right click on RogueKiller.exe and select " Run as administrator " to run it.
  • If it does not run, please try a few times.
  • Wait for PreScan to finish, then click on Scan.
  • Once completed, a log called RKreport[1].txt will be created on the desktop. It can also be accessed via the Report button.
  • Please copy and paste the contents of that log in your next reply.


2. MiniToolBox
Please download MiniToolBox.exe and save it to your Desktop.
  • Right click MiniToolBox and select " Run as administrator " to run it.
  • Check the following in the list:
    • Flush DNS.
    • List contents of Hosts.
    • List IP Configuration.
  • Click Go.
  • A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  • Please post the contents of the Result.txt in your next Reply.


3. Malwarebytes' Anti-Malware (MBAM)
As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform FULL scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
Note: If MBAM doesn't return after an update, please start it again.


4. Checklist
Please post:
  • RogueKiller log
  • MiniToolBox log
  • mbam-log-date (time).txt
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 18th, 2012, 12:49 pm

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: cgrabarz [Admin rights]
Mode: Scan -- Date: 06/18/2012 17:45:44

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++
--- User ---
[MBR] 08069609ae2035ff172a3619e51d429c
[BSP] 25aa688f1fa44ddf8277e6c522f05859 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 819200 | Size: 237917 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488073216 | Size: 238613 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 4b13c0c863bf3477e566c040915977fa
[BSP] 25aa688f1fa44ddf8277e6c522f05859 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 399 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 819200 | Size: 237917 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 488073216 | Size: 238613 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 976773120 | Size: 0 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 18th, 2012, 12:57 pm

MiniToolBox by Farbar Version: 09-06-2012
Ran by cgrabarz (administrator) on 18-06-2012 at 17:54:41
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR9002WB-1NG Wireless Network Adapter = Wireless Network Connection (Connected)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : cgrabarz-TOSH
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : F2-DF-9A-D4-A3-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
Physical Address. . . . . . . . . : D0-DF-9A-D4-A3-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9ca4:215b:d50b:1d79%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 18 June 2012 09:44:25
Lease Expires . . . . . . . . . . : 19 June 2012 12:44:32
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 433119130
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E1-01-F0-E8-9A-8F-AC-41-C5
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : E8-9A-8F-AC-41-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:2461:30c4:a1f8:2d38(Preferred)
Link-local IPv6 Address . . . . . : fe80::2461:30c4:a1f8:2d38%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{8BB71F4A-EE6A-4BB1-81F0-4806FD19C1E8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{E8761176-8B81-4156-BCE7-C825B08ABE67}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: MyRouter.Home
Address: 192.168.0.1

Name: google.com
Addresses: 2a00:1450:4009:806::1001
173.194.41.67
173.194.41.68
173.194.41.69
173.194.41.70
173.194.41.71
173.194.41.72
173.194.41.73
173.194.41.78
173.194.41.64
173.194.41.65
173.194.41.66


Pinging google.com [173.194.41.67] with 32 bytes of data:
Reply from 173.194.41.67: bytes=32 time=33ms TTL=57
Reply from 173.194.41.67: bytes=32 time=33ms TTL=57

Ping statistics for 173.194.41.67:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 33ms, Average = 33ms
Server: MyRouter.Home
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=155ms TTL=52
Reply from 209.191.122.70: bytes=32 time=162ms TTL=52

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 155ms, Maximum = 162ms, Average = 158ms
Server: MyRouter.Home
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...f2 df 9a d4 a3 7f ......Microsoft Virtual WiFi Miniport Adapter
13...d0 df 9a d4 a3 7f ......Atheros AR9002WB-1NG Wireless Network Adapter
11...e8 9a 8f ac 41 c5 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
32...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.5 281
192.168.0.5 255.255.255.255 On-link 192.168.0.5 281
192.168.0.255 255.255.255.255 On-link 192.168.0.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:5ef5:79fd:2461:30c4:a1f8:2d38/128
On-link
13 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::2461:30c4:a1f8:2d38/128
On-link
13 281 fe80::9ca4:215b:d50b:1d79/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

**** End of log ****
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 18th, 2012, 3:47 pm

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
cgrabarz :: CGRABARZ-TOSH [administrator]

Protection: Disabled

18/06/2012 18:11:18
mbam-log-2012-06-18 (18-11-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362571
Time elapsed: 1 hour(s), 16 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
cgrabarz :: CGRABARZ-TOSH [administrator]

Protection: Disabled

18/06/2012 18:11:18
mbam-log-2012-06-18 (18-11-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362571
Time elapsed: 1 hour(s), 16 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 18th, 2012, 5:25 pm

Seems to have stopped redirecting but browser running very slow, sophos still identifying:-
****************** Sophos Anti-Virus Log - 18/06/2012 21:24:12 **************

...
20120618 211358 File "C:\Users\cgrabarz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQMD3TLL\main[1].htm" belongs to virus/spyware 'Troj/ExpJs-CI'.
20120618 211358 On-access scanner has denied access to location "C:\Users\cgrabarz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQMD3TLL\main[1].htm" for user cgrabarz-TOSH\cgrabarz
20120618 211419 File "C:\Users\cgrabarz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQMD3TLL\main[1].htm" belongs to virus/spyware 'Troj/ExpJs-CI'.
20120618 211431 File "C:\Users\cgrabarz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQMD3TLL\main[1].htm" has been cleaned up.
20120618 211431 Virus/spyware 'Troj/ExpJs-CI' has been removed.
20120618 211742 File "C:\Users\cgrabarz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5BXU78JU\8zAm0fJCMTstfkpnda7lkCDKKEne7gZ2[1].htm" belongs to virus/spyware 'Troj/ExpJS-EU'.
20120618 211742 On-access scanner has denied access to location "C:\Users\cgrabarz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5BXU78JU\8zAm0fJCMTstfkpnda7lkCDKKEne7gZ2[1].htm" for user cgrabarz-TOSH\cgrabarz
20120618 211747 Scanning "C:\Users\cgrabarz\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5BXU78JU\8zAm0fJCMTstfkpnda7lkCDKKEne7gZ2[1].htm" returned SAV Interface error 0xa0040210: The file could not be accessed.
20120618 211747 Item 'Troj/ExpJS-EU' could not be redetected.
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby torreattack » June 19th, 2012, 11:15 am

Hi Chrisg2441 :

1.aswMBR.exe
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.


2. Please attach the MBR.dat to me. If needed, please upload to any online free file sharing and storage websites such as mediafire.com


3. FRST64.exe
  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment
  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image
  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.


4. Checklist
Please post:
  • aswMBR.txt
  • attach or upload MBR.dat
  • FRST.txt
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 19th, 2012, 4:09 pm

The aswMBR doesnt do anything not even opening up?
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 19th, 2012, 4:31 pm

Pressed f8 and repair anf all that comes up on screen is windows is loading files? How long should it do this?
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 20th, 2012, 4:11 am

Left laptop on all night still reads windows is loading files!
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby torreattack » June 20th, 2012, 11:59 am

Hi Chrisg2441 :

I am sorry for taking so much time to deal with this infection.

At first, you logs showed the infection of searchqu, we managed to fix some of the bad entries but some keep hiding or preventing us from remove them.

As a result, I suspect it is a rootkit. While we scan with RougeKiller, this tool revealed that we might had a partition infection.

for this kind of infection, the malware will keep coming back even after reformat because it is still in another separate active partition.

As a result, I want to scan with some MBR scanning and backup tools to confirm the infection before we try to remove them. This is because different infection has different method to deal with.

As for me, this process will take longer because better slower than "sorry".



Now, let's create an MBR backup. Then, we try to identify the infection with another tools name TDSSKiller (since you said aswMBR won't run==>might block by malware). Beside that, we will try to get some detail regarding the active partition with FRST. I hope we can do it slowly but steady.

Let backup the MBR now.
1. MBRBackup
Download MBRBackup to your Desktop.
  • Right-click MBRBackup.exe and select " Run as administrator " to run it.
  • Click SaveMBR (top left corner) and save the backup file to your Desktop.
  • It will have a name similar to MBR_2012-06-20.bin where the numbers correspond to the date the backup was made.
  • Exit the program.
  • I strongly suggest you keep a copy of this backup stored on an external device.


2. Please attach the MBR_YYYY-MM-DD.bin to me. If needed, please upload to any online free file sharing and storage websites such as mediafire.com

3. TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


4. FRST64.exe
  • Download FRST64 to a USB flash drive.
  • Plug the USB drive into the infected machine.

Boot your computer into Recovery Environment

Question
Do you have access to Windows installation disc? If "yes", please continue with the instruction from Method 1 below.
Otherwise, just let's me know, we will try to boot into Recovery Environment with other method.

Method 1: To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


Image
  • Select the Command Prompt option.
  • A command window will open.
    • Type notepad then hit Enter.
    • Notepad will open.
      • Click File > Open then select Computer.
      • Note down the drive letter for your USB Drive.
      • Close Notepad.
  • Back in the command window ....
    • Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press Scan button.
      • When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Boot back into normal mode and post me the FRST.txt log please.


5. Checklist
Please post:
  • attach or upload MBR_YYYY-MM-DD.bin
  • TDSSKiller log
  • FRST.txt
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 20th, 2012, 12:38 pm

Sorry to be a pain but i havent got a clue about free file sharing and storage websites such as mediafire.com or how to use them!
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top

Re: Browser rnning slow and redirecting

Unread postby Chrisg2441 » June 20th, 2012, 12:50 pm

TDSKILLER wount run!
Do you have access to Windows installation disc? no, sorry again, bought PC new at Christmas with windows pre installed!
Been onto Microsoft they have validated my licence and give me link to download full version
Chrisg2441
Regular Member
 
Posts: 59
Joined: June 7th, 2012, 6:02 am
Top
Advertisement
Register to Remove
PreviousNext
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 118 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index