Author Topic: [Inactive] browsers hijacked. search results redirect to ads when clicked.  (Read 4836 times)

0 Members and 1 Guest are viewing this topic.

Offline doug1168w

  • Bronze Member
  • Posts: 31
both internet explorer and foxfire results in search lead to ads.  i can type in an address and get to a correct web page, but every link in search results leads to ads.  

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:04:19 PM, on 8/22/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
O4 - HKLM\..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} (LogMeIn Rescue Applet Downloader) - https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8773 bytes
« Last Edit: August 22, 2011, 12:59:10 pm by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25323
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

Now onto trying to fix your computer.

Please run ccleaner to remove temporary files from your system, and to improve the scanning time of the other scans we may be running. Then please run Malwarebytes' Anti-Malware to check for malware. Both sets of instructions are below

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.


    In the Applications Tab
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.


      4. Click the "Run Cleaner" button.
      5. A pop up box will appear advising this process will permanently delete files from your system.
      6. Click "OK" and it will scan and clean your system.
      7. Click "exit" when done.


      Please download Malwarebytes Anti-Malware and save it to your desktop.
      alternate download link 1
      alternate download link 2

      MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
      • Make sure you are connected to the Internet.
      • Double-click on mbam-setup.exe to install the application.
      • When the installation begins, follow the prompts and do not make any changes to default settings.
      • When installation has finished, make sure you leave both of these checked:
        • Update Malwarebytes' Anti-Malware
        • Launch Malwarebytes' Anti-Malware
        • Then click Finish.
        MBAM will automatically start and you will be asked to update the program before performing a scan.
        • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
        • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
        On the Scanner tab:
        • Make sure the "Perform Quick Scan" option is selected.
        • Then click on the Scan button.
        • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
        • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
        • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
        • Click OK to close the message box and continue with the removal process.
        Back at the main Scanner screen:
        • Click on the Show Results button to see a list of any malware that was found.
        • Make sure that everything is checked, and click Remove Selected.
        • When removal is completed, a log report will open in Notepad.
        • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
        • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
        • Exit MBAM when done.
        Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


        Please read carefully and follow these steps.
        • Download TDSSKiller and save it to your Desktop.
        • Extract its contents to your desktop.
        • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.





        • If an infected file is detected, the default action will be Cure, click on Continue.





        • If a suspicious file is detected, the default action will be Skip, click on Continue.





        • It may ask you to reboot the computer to complete the process. Click on Reboot Now.





        • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
        • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline doug1168w

        • Bronze Member
        • Posts: 31
        i have scanned this machine Malwarebytes, OTM, Ad-Aware, TDSS killer, Combofix, and Hijackthis.  also, i have downloaded the latest microsoft thing and the lavasoft product, both realtime virus protection.  i can't seem to find a free link to the CCleaner?  i keeps directing me to the paid support.  i don't see a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box.  i know where the download link is?????   but it wants me to pay.

        nevermind, i think i got it.....

        Question...can i leave desktop shortcuts box unchecked in CCleaner windows system section?????
        « Last Edit: August 22, 2011, 01:24:17 pm by doug1168w »

        Offline doug1168w

        • Bronze Member
        • Posts: 31
        Malwarebytes' Anti-Malware 1.51.1.1800
        www.malwarebytes.org

        Database version: 7538

        Windows 6.1.7600
        Internet Explorer 9.0.8112.16421

        8/22/2011 5:06:10 PM
        mbam-log-2011-08-22 (17-06-10).txt

        Scan type: Quick scan
        Objects scanned: 176866
        Time elapsed: 2 minute(s), 57 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 0

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        (No malicious items detected)

        2011/08/22 17:09:20.0749 2492   TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17
        2011/08/22 17:09:21.0342 2492   ================================================================================
        2011/08/22 17:09:21.0342 2492   SystemInfo:
        2011/08/22 17:09:21.0342 2492   
        2011/08/22 17:09:21.0342 2492   OS Version: 6.1.7600 ServicePack: 0.0
        2011/08/22 17:09:21.0342 2492   Product type: Workstation
        2011/08/22 17:09:21.0342 2492   ComputerName: MOBILE-PC
        2011/08/22 17:09:21.0342 2492   UserName: mobile
        2011/08/22 17:09:21.0342 2492   Windows directory: C:\Windows
        2011/08/22 17:09:21.0342 2492   System windows directory: C:\Windows
        2011/08/22 17:09:21.0342 2492   Running under WOW64
        2011/08/22 17:09:21.0342 2492   Processor architecture: Intel x64
        2011/08/22 17:09:21.0342 2492   Number of processors: 2
        2011/08/22 17:09:21.0342 2492   Page size: 0x1000
        2011/08/22 17:09:21.0342 2492   Boot type: Normal boot
        2011/08/22 17:09:21.0342 2492   ================================================================================
        2011/08/22 17:09:21.0935 2492   Initialize success
        2011/08/22 17:09:32.0746 4564   ================================================================================
        2011/08/22 17:09:32.0746 4564   Scan started
        2011/08/22 17:09:32.0746 4564   Mode: Manual;
        2011/08/22 17:09:32.0746 4564   ================================================================================
        2011/08/22 17:09:33.0136 4564   1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
        2011/08/22 17:09:33.0198 4564   ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
        2011/08/22 17:09:33.0307 4564   AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
        2011/08/22 17:09:33.0370 4564   adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
        2011/08/22 17:09:33.0479 4564   adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
        2011/08/22 17:09:33.0526 4564   adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
        2011/08/22 17:09:33.0697 4564   AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
        2011/08/22 17:09:33.0806 4564   agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
        2011/08/22 17:09:33.0947 4564   aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
        2011/08/22 17:09:33.0978 4564   amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
        2011/08/22 17:09:34.0025 4564   AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
        2011/08/22 17:09:34.0134 4564   AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
        2011/08/22 17:09:34.0181 4564   amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
        2011/08/22 17:09:34.0212 4564   amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
        2011/08/22 17:09:34.0306 4564   amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
        2011/08/22 17:09:34.0384 4564   AmUStor         (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
        2011/08/22 17:09:34.0493 4564   AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
        2011/08/22 17:09:34.0618 4564   arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
        2011/08/22 17:09:34.0649 4564   arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
        2011/08/22 17:09:34.0680 4564   AsDsm           (88fbc8bebfd38566235eaa5e4dbc4e05) C:\Windows\system32\drivers\AsDsm.sys
        2011/08/22 17:09:34.0774 4564   ASMMAP64        (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
        2011/08/22 17:09:34.0883 4564   AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
        2011/08/22 17:09:34.0930 4564   atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
        2011/08/22 17:09:35.0054 4564   athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
        2011/08/22 17:09:35.0210 4564   b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
        2011/08/22 17:09:35.0304 4564   b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
        2011/08/22 17:09:35.0413 4564   Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
        2011/08/22 17:09:35.0554 4564   blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
        2011/08/22 17:09:35.0632 4564   bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
        2011/08/22 17:09:35.0741 4564   BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
        2011/08/22 17:09:35.0756 4564   BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
        2011/08/22 17:09:35.0866 4564   Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
        2011/08/22 17:09:35.0897 4564   BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
        2011/08/22 17:09:35.0928 4564   BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
        2011/08/22 17:09:36.0037 4564   BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
        2011/08/22 17:09:36.0068 4564   BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
        2011/08/22 17:09:36.0178 4564   cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
        2011/08/22 17:09:36.0240 4564   cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
        2011/08/22 17:09:36.0365 4564   circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
        2011/08/22 17:09:36.0396 4564   CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
        2011/08/22 17:09:36.0552 4564   CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
        2011/08/22 17:09:36.0568 4564   cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
        2011/08/22 17:09:36.0677 4564   CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
        2011/08/22 17:09:36.0802 4564   Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
        2011/08/22 17:09:36.0817 4564   CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
        2011/08/22 17:09:36.0926 4564   crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
        2011/08/22 17:09:37.0020 4564   DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
        2011/08/22 17:09:37.0129 4564   discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
        2011/08/22 17:09:37.0176 4564   Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
        2011/08/22 17:09:37.0270 4564   drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
        2011/08/22 17:09:37.0332 4564   DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
        2011/08/22 17:09:37.0472 4564   ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
        2011/08/22 17:09:37.0675 4564   elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
        2011/08/22 17:09:37.0816 4564   ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
        2011/08/22 17:09:37.0894 4564   ETD             (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
        2011/08/22 17:09:37.0972 4564   exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
        2011/08/22 17:09:38.0034 4564   fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
        2011/08/22 17:09:38.0112 4564   fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
        2011/08/22 17:09:38.0190 4564   FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
        2011/08/22 17:09:38.0268 4564   Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
        2011/08/22 17:09:38.0408 4564   flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
        2011/08/22 17:09:38.0440 4564   FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
        2011/08/22 17:09:38.0471 4564   FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
        2011/08/22 17:09:38.0564 4564   fssfltr         (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
        2011/08/22 17:09:38.0596 4564   Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
        2011/08/22 17:09:38.0720 4564   fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
        2011/08/22 17:09:38.0752 4564   gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
        2011/08/22 17:09:38.0908 4564   GUCI_AVS        (5f1cf2ae2c2e14b0266e70c4960998c6) C:\Windows\system32\DRIVERS\GUCI_AVS.sys
        2011/08/22 17:09:39.0048 4564   hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
        2011/08/22 17:09:39.0095 4564   HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
        2011/08/22 17:09:39.0204 4564   HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
        2011/08/22 17:09:39.0235 4564   HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
        2011/08/22 17:09:39.0266 4564   HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
        2011/08/22 17:09:39.0360 4564   HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
        2011/08/22 17:09:39.0422 4564   HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
        2011/08/22 17:09:39.0516 4564   HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
        2011/08/22 17:09:39.0563 4564   HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
        2011/08/22 17:09:39.0656 4564   hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
        2011/08/22 17:09:39.0688 4564   i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
        2011/08/22 17:09:39.0797 4564   iaStor          (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
        2011/08/22 17:09:39.0844 4564   iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
        2011/08/22 17:09:40.0156 4564   igfx            (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
        2011/08/22 17:09:40.0530 4564   iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
        2011/08/22 17:09:40.0577 4564   intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
        2011/08/22 17:09:40.0670 4564   intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
        2011/08/22 17:09:40.0733 4564   IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
        2011/08/22 17:09:40.0780 4564   IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
        2011/08/22 17:09:40.0873 4564   IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
        2011/08/22 17:09:40.0920 4564   IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
        2011/08/22 17:09:41.0014 4564   isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
        2011/08/22 17:09:41.0029 4564   iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
        2011/08/22 17:09:41.0154 4564   kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
        2011/08/22 17:09:41.0201 4564   kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
        2011/08/22 17:09:41.0294 4564   kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
        2011/08/22 17:09:41.0388 4564   KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
        2011/08/22 17:09:41.0435 4564   KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
        2011/08/22 17:09:41.0513 4564   ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
        2011/08/22 17:09:41.0591 4564   L1E             (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
        2011/08/22 17:09:41.0747 4564   Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
        2011/08/22 17:09:41.0872 4564   Lbd             (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
        2011/08/22 17:09:41.0950 4564   lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
        2011/08/22 17:09:42.0106 4564   LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
        2011/08/22 17:09:42.0137 4564   LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
        2011/08/22 17:09:42.0277 4564   LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
        2011/08/22 17:09:42.0418 4564   LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
        2011/08/22 17:09:42.0480 4564   luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
        2011/08/22 17:09:42.0605 4564   lullaby         (085435ae1a124361304044029b5cc644) C:\Windows\system32\DRIVERS\lullaby.sys
        2011/08/22 17:09:42.0730 4564   MBAMProtector   (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
        2011/08/22 17:09:42.0870 4564   megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
        2011/08/22 17:09:42.0901 4564   MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
        2011/08/22 17:09:42.0948 4564   Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
        2011/08/22 17:09:43.0042 4564   monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
        2011/08/22 17:09:43.0120 4564   mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
        2011/08/22 17:09:43.0260 4564   mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
        2011/08/22 17:09:43.0338 4564   mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
        2011/08/22 17:09:43.0447 4564   MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
        2011/08/22 17:09:43.0494 4564   mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
        2011/08/22 17:09:43.0541 4564   MpNWMon         (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
        2011/08/22 17:09:43.0650 4564   mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
        2011/08/22 17:09:43.0681 4564   MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
        2011/08/22 17:09:43.0793 4564   mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
        2011/08/22 17:09:43.0844 4564   mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
        2011/08/22 17:09:43.0860 4564   mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
        2011/08/22 17:09:43.0969 4564   msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
        2011/08/22 17:09:44.0000 4564   msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
        2011/08/22 17:09:44.0112 4564   Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
        2011/08/22 17:09:44.0143 4564   mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
        2011/08/22 17:09:44.0286 4564   msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
        2011/08/22 17:09:44.0473 4564   MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
        2011/08/22 17:09:44.0614 4564   MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
        2011/08/22 17:09:44.0692 4564   MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
        2011/08/22 17:09:44.0785 4564   MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
        2011/08/22 17:09:44.0832 4564   mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
        2011/08/22 17:09:44.0957 4564   MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
        2011/08/22 17:09:45.0019 4564   MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
        2011/08/22 17:09:45.0144 4564   MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
        2011/08/22 17:09:45.0206 4564   Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
        2011/08/22 17:09:45.0316 4564   NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
        2011/08/22 17:09:45.0409 4564   NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
        2011/08/22 17:09:45.0503 4564   NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
        2011/08/22 17:09:45.0565 4564   NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
        2011/08/22 17:09:45.0628 4564   Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
        2011/08/22 17:09:45.0659 4564   NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
        2011/08/22 17:09:45.0721 4564   NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
        2011/08/22 17:09:45.0799 4564   NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
        2011/08/22 17:09:45.0862 4564   NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
        2011/08/22 17:09:45.0971 4564   nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
        2011/08/22 17:09:46.0049 4564   NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
        2011/08/22 17:09:46.0142 4564   Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
        2011/08/22 17:09:46.0189 4564   nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
        2011/08/22 17:09:46.0267 4564   Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
        2011/08/22 17:09:46.0423 4564   Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
        2011/08/22 17:09:46.0439 4564   nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
        2011/08/22 17:09:46.0486 4564   nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
        2011/08/22 17:09:46.0610 4564   nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
        2011/08/22 17:09:46.0688 4564   ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
        2011/08/22 17:09:46.0798 4564   Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
        2011/08/22 17:09:46.0844 4564   partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
        2011/08/22 17:09:46.0876 4564   pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
        2011/08/22 17:09:46.0938 4564   pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
        2011/08/22 17:09:47.0016 4564   pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
        2011/08/22 17:09:47.0047 4564   pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
        2011/08/22 17:09:47.0156 4564   PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
        2011/08/22 17:09:47.0312 4564   PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
        2011/08/22 17:09:47.0344 4564   Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
        2011/08/22 17:09:47.0390 4564   Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
        2011/08/22 17:09:47.0437 4564   PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
        2011/08/22 17:09:47.0546 4564   ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
        2011/08/22 17:09:47.0671 4564   ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
        2011/08/22 17:09:47.0718 4564   QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
        2011/08/22 17:09:47.0796 4564   RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
        2011/08/22 17:09:47.0858 4564   RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
        2011/08/22 17:09:47.0936 4564   Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
        2011/08/22 17:09:47.0999 4564   RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
        2011/08/22 17:09:48.0248 4564   RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
        2011/08/22 17:09:48.0389 4564   rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
        2011/08/22 17:09:48.0420 4564   rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
        2011/08/22 17:09:48.0592 4564   RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
        2011/08/22 17:09:48.0701 4564   RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
        2011/08/22 17:09:48.0732 4564   RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
        2011/08/22 17:09:48.0779 4564   RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
        2011/08/22 17:09:48.0841 4564   rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
        2011/08/22 17:09:48.0950 4564   rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
        2011/08/22 17:09:48.0982 4564   sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
        2011/08/22 17:09:49.0091 4564   scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
        2011/08/22 17:09:49.0122 4564   secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
        2011/08/22 17:09:49.0169 4564   Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
        2011/08/22 17:09:49.0278 4564   Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
        2011/08/22 17:09:49.0309 4564   sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
        2011/08/22 17:09:49.0372 4564   sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
        2011/08/22 17:09:49.0450 4564   sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
        2011/08/22 17:09:49.0481 4564   sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
        2011/08/22 17:09:49.0512 4564   sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
        2011/08/22 17:09:49.0606 4564   SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
        2011/08/22 17:09:49.0668 4564   SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
        2011/08/22 17:09:49.0684 4564   SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
        2011/08/22 17:09:49.0777 4564   Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
        2011/08/22 17:09:49.0824 4564   spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
        2011/08/22 17:09:49.0902 4564   srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
        2011/08/22 17:09:50.0027 4564   srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
        2011/08/22 17:09:50.0105 4564   srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
        2011/08/22 17:09:50.0230 4564   stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
        2011/08/22 17:09:50.0308 4564   swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
        2011/08/22 17:09:50.0495 4564   Tcpip           (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
        2011/08/22 17:09:50.0698 4564   TCPIP6          (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
        2011/08/22 17:09:50.0838 4564   tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
        2011/08/22 17:09:50.0885 4564   TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
        2011/08/22 17:09:50.0916 4564   TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
        2011/08/22 17:09:50.0994 4564   tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
        2011/08/22 17:09:51.0025 4564   TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
        2011/08/22 17:09:51.0181 4564   tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
        2011/08/22 17:09:51.0228 4564   tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
        2011/08/22 17:09:51.0322 4564   uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
        2011/08/22 17:09:51.0337 4564   udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
        2011/08/22 17:09:51.0400 4564   uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
        2011/08/22 17:09:51.0493 4564   umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
        2011/08/22 17:09:51.0524 4564   UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
        2011/08/22 17:09:51.0634 4564   usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
        2011/08/22 17:09:51.0665 4564   usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
        2011/08/22 17:09:51.0758 4564   usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
        2011/08/22 17:09:51.0790 4564   usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
        2011/08/22 17:09:51.0836 4564   usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
        2011/08/22 17:09:51.0914 4564   usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
        2011/08/22 17:09:51.0946 4564   usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
        2011/08/22 17:09:51.0961 4564   USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
        2011/08/22 17:09:51.0992 4564   usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
        2011/08/22 17:09:52.0102 4564   usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
        2011/08/22 17:09:52.0148 4564   vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
        2011/08/22 17:09:52.0242 4564   vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
        2011/08/22 17:09:52.0273 4564   VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
        2011/08/22 17:09:52.0320 4564   vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
        2011/08/22 17:09:52.0460 4564   VIAHdAudAddService (fe595d1a1b781190bb483444b62cc607) C:\Windows\system32\drivers\viahduaa.sys
        2011/08/22 17:09:52.0601 4564   viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
        2011/08/22 17:09:52.0632 4564   volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
        2011/08/22 17:09:52.0679 4564   volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
        2011/08/22 17:09:52.0710 4564   volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
        2011/08/22 17:09:52.0804 4564   vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
        2011/08/22 17:09:52.0850 4564   vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
        2011/08/22 17:09:52.0882 4564   vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
        2011/08/22 17:09:52.0991 4564   vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
        2011/08/22 17:09:53.0038 4564   WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
        2011/08/22 17:09:53.0162 4564   WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
        2011/08/22 17:09:53.0178 4564   Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
        2011/08/22 17:09:53.0303 4564   Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
        2011/08/22 17:09:53.0350 4564   Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
        2011/08/22 17:09:53.0537 4564   WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
        2011/08/22 17:09:53.0568 4564   WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
        2011/08/22 17:09:53.0662 4564   WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
        2011/08/22 17:09:53.0755 4564   WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
        2011/08/22 17:09:53.0927 4564   ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
        2011/08/22 17:09:53.0958 4564   WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
        2011/08/22 17:09:54.0036 4564   WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
        2011/08/22 17:09:54.0114 4564   MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
        2011/08/22 17:09:54.0130 4564   Boot (0x1200)   (6720215ca051f609ee0a1fb834894294) \Device\Harddisk0\DR0\Partition0
        2011/08/22 17:09:54.0145 4564   ================================================================================
        2011/08/22 17:09:54.0145 4564   Scan finished
        2011/08/22 17:09:54.0145 4564   ================================================================================
        2011/08/22 17:09:54.0161 4504   Detected object count: 0
        2011/08/22 17:09:54.0161 4504   Actual detected object count: 0




        PS  i don't have a harddrive encrypter that i know of.

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25323
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Open a command prompt (all programs > Accessories > Command Prompt) and type in
        Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline doug1168w

        • Bronze Member
        • Posts: 31

        Windows IP Configuration

           Host Name . . . . . . . . . . . . : mobile-PC
           Primary Dns Suffix  . . . . . . . :
           Node Type . . . . . . . . . . . . : Broadcast
           IP Routing Enabled. . . . . . . . : No
           WINS Proxy Enabled. . . . . . . . : No
           DNS Suffix Search List. . . . . . : gateway.2wire.net

        Wireless LAN adapter Wireless Network Connection 2:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
           Physical Address. . . . . . . . . : 1A-4B-D6-7B-93-C0
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes

        Ethernet adapter Local Area Connection:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . : gateway.2wire.net
           Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
           Physical Address. . . . . . . . . : 48-5B-39-0E-45-0B
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes

        Wireless LAN adapter Wireless Network Connection:

           Connection-specific DNS Suffix  . : gateway.2wire.net
           Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
           Physical Address. . . . . . . . . : 1C-4B-D6-7B-93-C0
           DHCP Enabled. . . . . . . . . . . : Yes
           Autoconfiguration Enabled . . . . : Yes
           Link-local IPv6 Address . . . . . : fe80::6c9a:e960:9874:98db%11(Preferred)
           IPv4 Address. . . . . . . . . . . : 192.168.1.75(Preferred)
           Subnet Mask . . . . . . . . . . . : 255.255.255.0
           Lease Obtained. . . . . . . . . . : Tuesday, August 23, 2011 9:03:51 AM
           Lease Expires . . . . . . . . . . : Wednesday, August 24, 2011 9:03:52 AM
           Default Gateway . . . . . . . . . : 192.168.1.254
           DHCP Server . . . . . . . . . . . : 192.168.1.254
           DHCPv6 IAID . . . . . . . . . . . : 236735446
           DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-1D-D6-9A-1C-4B-D6-7B-93-C0
           DNS Servers . . . . . . . . . . . : 192.168.1.254
           NetBIOS over Tcpip. . . . . . . . : Enabled

        Tunnel adapter isatap.gateway.2wire.net:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Microsoft ISATAP Adapter
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes

        Tunnel adapter Reusable ISATAP Interface {2AF16BB5-80A5-4178-ABE4-2A6425025336}:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . : gateway.2wire.net
           Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes

        Tunnel adapter Teredo Tunneling Pseudo-Interface:

           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes
           IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:d5:2468:3f57:feb4(Preferred)
           Link-local IPv6 Address . . . . . : fe80::d5:2468:3f57:feb4%13(Preferred)
           Default Gateway . . . . . . . . . : ::
           NetBIOS over Tcpip. . . . . . . . : Disabled

        Tunnel adapter isatap.{ECE360D8-4C6B-4C9E-A67C-37063D4B70DB}:

           Media State . . . . . . . . . . . : Media disconnected
           Connection-specific DNS Suffix  . :
           Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
           Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
           DHCP Enabled. . . . . . . . . . . : No
           Autoconfiguration Enabled . . . . : Yes

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25323
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Can you get into your router configuration page or your modem configuration page and tell me what the DNS settings are?

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline doug1168w

        • Bronze Member
        • Posts: 31
        i can get to mine if you tell me how to do it...but there are 3 other computers on this network that have no problem.  my machine only. 

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25323
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Can you run ipconfig on one of those computers just as you did on this one and post the log from that, or check and see if the DNS server is the same.

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline doug1168w

        • Bronze Member
        • Posts: 31


        Windows IP Configuration



                Host Name . . . . . . . . . . . . : doug

                Primary Dns Suffix  . . . . . . . :

                Node Type . . . . . . . . . . . . : Broadcast

                IP Routing Enabled. . . . . . . . : No

                WINS Proxy Enabled. . . . . . . . : No

                DNS Suffix Search List. . . . . . : gateway.2wire.net



        Ethernet adapter Local Area Connection:



                Media State . . . . . . . . . . . : Media disconnected

                Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

                Physical Address. . . . . . . . . : 00-0B-DB-19-5B-5D



        Ethernet adapter Local Area Connection 4:



                Connection-specific DNS Suffix  . : gateway.2wire.net

                Description . . . . . . . . . . . : Linksys USB 2.0 Network Adapter ver.2

                Physical Address. . . . . . . . . : 00-16-B6-EF-A5-84

                Dhcp Enabled. . . . . . . . . . . : Yes

                Autoconfiguration Enabled . . . . : Yes

                IP Address. . . . . . . . . . . . : 192.168.1.77

                Subnet Mask . . . . . . . . . . . : 255.255.255.0

                Default Gateway . . . . . . . . . : 192.168.1.254

                DHCP Server . . . . . . . . . . . : 192.168.1.254

                DNS Servers . . . . . . . . . . . : 192.168.1.254

                Lease Obtained. . . . . . . . . . : Tuesday, August 23, 2011 5:42:05 PM

                Lease Expires . . . . . . . . . . : Wednesday, August 24, 2011 5:42:05 PM

        so it looks like it is the same.

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25323
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Please run combofix again using the instructions below.

        * Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

        Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

        http://www.bleepingcomputer.com/combofix/how-to-use-combofix

        * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

        Please include the C:\ComboFix.txt in your next reply for further review.

        Note:
        Do not mouseclick combofix's window while it's running. That may cause it to stall

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline doug1168w

        • Bronze Member
        • Posts: 31
        i am in the process...i think the log report got stalled from a couple things that auto started on the computer.  running it again now.

        Offline Hoov

        • Malware Removal Mentors
        • Global Moderator
        • Diamond Member
        • Posts: 25323
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Please go into c:\qoobox and post any text files that begin with combofix and then a number. Copy and paste them into separate posts please.

        Consumer Security

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline doug1168w

        • Bronze Member
        • Posts: 31

        here is the second scan after the first stalled..........i will post the qoobox next

        ComboFix 11-08-23.06 - mobile 08/23/2011  21:19:35.5.2 - x64
        Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3037.1745 [GMT -4:00]
        Running from: c:\users\mobile\Desktop\ComboFix.exe
        AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
        SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
        SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        .
        .
        (((((((((((((((((((((((((   Files Created from 2011-07-24 to 2011-08-24  )))))))))))))))))))))))))))))))
        .
        .
        2011-08-24 01:47 . 2011-08-24 01:47   --------   d-----w-   c:\users\Default\AppData\Local\temp
        2011-08-24 01:05 . 2011-08-12 01:10   8862544   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
        2011-08-24 01:05 . 2011-08-12 01:10   8862544   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D7261CB4-C9AD-4EEF-BD72-9446ED9521F1}\mpengine.dll
        2011-08-23 16:02 . 2011-08-23 16:02   --------   d-----w-   c:\users\mobile\AppData\Local\Secunia PSI
        2011-08-23 16:01 . 2011-08-23 16:01   --------   d-----w-   c:\program files (x86)\Secunia
        2011-08-23 14:11 . 2011-08-23 14:40   --------   d-----w-   c:\users\mobile\AppData\Local\Adobe
        2011-08-22 19:14 . 2011-08-22 19:14   --------   d-----w-   c:\program files\CCleaner
        2011-08-22 18:02 . 2011-08-22 18:02   388096   ----a-r-   c:\users\mobile\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
        2011-08-22 18:02 . 2011-08-22 18:02   --------   d-----w-   c:\program files (x86)\Trend Micro
        2011-08-22 16:32 . 2011-08-22 16:32   --------   d-----w-   C:\_OTM
        2011-08-22 11:48 . 2011-08-22 11:48   601424   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{258A6E42-A57D-4289-9DE7-FFF792AA1EF9}\gapaengine.dll
        2011-08-22 11:44 . 2011-08-22 11:44   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
        2011-08-22 11:43 . 2011-08-22 11:44   --------   d-----w-   c:\program files\Microsoft Security Client
        2011-08-22 11:43 . 2010-04-09 11:06   374664   ----a-w-   c:\windows\system32\drivers\netio.sys
        2011-08-22 08:52 . 2011-08-22 19:25   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
        2011-08-22 08:52 . 2011-08-22 08:55   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
        2011-08-22 05:39 . 2011-02-18 06:33   31232   ----a-w-   c:\windows\system32\prevhost.exe
        2011-08-22 05:39 . 2011-02-18 05:33   31232   ----a-w-   c:\windows\SysWow64\prevhost.exe
        2011-08-22 05:10 . 2011-07-16 02:26   2048   ----a-w-   c:\windows\SysWow64\user.exe
        2011-08-22 05:01 . 2011-06-21 06:27   1896832   ----a-w-   c:\windows\system32\drivers\tcpip.sys
        2011-08-22 05:01 . 2011-06-11 02:56   3134464   ----a-w-   c:\windows\system32\win32k.sys
        2011-08-22 05:01 . 2011-06-23 05:29   5507968   ----a-w-   c:\windows\system32\ntoskrnl.exe
        2011-08-22 05:01 . 2011-06-23 04:38   3957120   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
        2011-08-22 05:01 . 2011-06-23 04:38   3902336   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
        2011-08-22 04:50 . 2011-08-22 04:50   55384   ----a-w-   c:\windows\system32\drivers\SBREDrv.sys
        2011-08-22 04:46 . 2011-08-24 00:12   --------   d-----w-   c:\programdata\Lavasoft
        2011-08-22 04:30 . 2011-08-22 04:30   --------   d-----w-   c:\users\mobile\AppData\Roaming\AVG10
        2011-08-22 04:29 . 2011-08-22 09:50   --------   d-----w-   c:\programdata\AVG10
        2011-08-22 04:29 . 2011-08-22 09:48   --------   d-----w-   c:\windows\system32\drivers\AVG
        2011-08-22 04:28 . 2011-08-22 04:28   --------   d-----w-   c:\program files (x86)\AVG
        2011-08-22 04:21 . 2011-08-22 04:21   --------   d--h--w-   c:\programdata\Common Files
        2011-08-22 04:21 . 2011-08-22 09:48   --------   d-----w-   c:\programdata\MFAData
        2011-08-22 04:11 . 2011-08-22 04:11   --------   d-----w-   c:\users\mobile\AppData\Local\Mozilla
        2011-08-22 02:55 . 2011-08-16 12:48   8862544   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC9F8311-B2C4-4514-8611-D1B9FEFB723C}\mpengine.dll
        2011-08-18 18:52 . 2011-08-18 18:52   --------   d--h--w-   c:\users\mobile\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
        .
        .
        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2011-07-20 22:40 . 2011-07-20 22:40   0   ---ha-w-   c:\users\mobile\AppData\Local\BIT6C8E.tmp
        2011-07-20 17:19 . 2011-07-20 17:19   0   ---ha-w-   c:\users\mobile\AppData\Local\BIT5C48.tmp
        2011-07-16 04:32 . 2011-08-22 05:11   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
        2011-07-06 23:52 . 2010-12-31 01:39   41272   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
        2011-06-17 19:18 . 2011-06-17 19:18   404640   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
        2009-04-08 18:31 . 2009-04-08 18:31   106496   ----a-w-   c:\program files (x86)\Common Files\CPInstallAction.dll
        2008-08-12 05:45 . 2008-08-12 05:45   155648   ----a-w-   c:\program files (x86)\Common Files\MSIactionall.dll
        .
        .
        (((((((((((((((((((((((((((((   SnapShot_2011-08-24_00.55.40   )))))))))))))))))))))))))))))))))))))))))
        .
        + 2010-03-01 20:34 . 2011-08-24 01:51   39630              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
        + 2009-07-14 05:10 . 2011-08-24 01:51   43180              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
        + 2010-05-06 23:45 . 2011-08-24 01:51   10746              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4070619054-3913346633-2204758155-1001_UserData.bin
        + 2009-07-14 04:46 . 2011-08-24 01:03   78720              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
        - 2011-08-24 00:54 . 2011-08-24 00:54   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
        + 2011-08-24 01:49 . 2011-08-24 01:49   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
        + 2011-08-24 01:49 . 2011-08-24 01:49   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
        - 2011-08-24 00:54 . 2011-08-24 00:54   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
        - 2009-07-14 05:01 . 2011-08-24 00:53   308556              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
        + 2009-07-14 05:01 . 2011-08-24 01:48   308556              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
        + 2011-08-22 04:15 . 2011-08-24 01:48   1715972              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4070619054-3913346633-2204758155-1001-12288.dat
        - 2011-08-22 04:15 . 2011-08-24 00:53   1715972              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4070619054-3913346633-2204758155-1001-12288.dat
        - 2009-07-14 02:34 . 2011-08-24 00:15   10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
        + 2009-07-14 02:34 . 2011-08-24 01:09   10485760              c:\windows\system32\SMI\Store\Machine\schema.dat
        .
        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4
        .
        [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
        @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
        [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
        2007-06-02 01:08   143360   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
        "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
        "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
        "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
        "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
        "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
        "Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
        "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
        "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
        .
        c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
        FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2010-3-1 12862]
        SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-3-1 156952]
        .
        c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
        Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "ConsentPromptBehaviorAdmin"= 0 (0x0)
        "ConsentPromptBehaviorUser"= 3 (0x3)
        "EnableLUA"= 0 (0x0)
        "EnableUIADesktopToggle"= 0 (0x0)
        "PromptOnSecureDesktop"= 0 (0x0)
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
        @="Service"
        .
        R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]
        R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
        R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS

        R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 136176]
        R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

        R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys

        R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

        R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

        R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
        R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys

        R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

        S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys

        S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

        S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

        S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe

        S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
        S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
        S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys

        S3 GUCI_AVS;ASUS USB2.0 UVC VGA WebCam;c:\windows\system32\DRIVERS\GUCI_AVS.sys

        S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys

        S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys

        .
        .
        Contents of the 'Scheduled Tasks' folder
        .
        2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
        - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 14:38]
        .
        2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
        - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-11 14:38]
        .
        2011-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070619054-3913346633-2204758155-1001Core.job
        - c:\users\mobile\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 14:38]
        .
        2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4070619054-3913346633-2204758155-1001UA.job
        - c:\users\mobile\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-01 14:38]
        .
        .
        --------- x86-64 -----------
        .
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
        @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
        [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
        2007-06-02 00:52   159744   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
        .
        ------- Supplementary Scan -------
        .
        uLocal Page = c:\windows\system32\blank.htm
        uStart Page = about:blank
        mLocal Page = c:\windows\SysWOW64\blank.htm
        IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
        TCP: DhcpNameServer = 192.168.1.254
        .
        - - - - ORPHANS REMOVED - - - -
        .
        Toolbar-Locked - (no file)
        Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
        .
        .
        .
        --------------------- LOCKED REGISTRY KEYS ---------------------
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
        @Denied: (A 2) (Everyone)
        @="FlashBroker"
        "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
        "Enabled"=dword:00000001
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
        @Denied: (A 2) (Everyone)
        @="Shockwave Flash Object"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
        "ThreadingModel"="Apartment"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
        @="0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
        @="ShockwaveFlash.ShockwaveFlash.10"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
        @="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
        @="ShockwaveFlash.ShockwaveFlash"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
        @Denied: (A 2) (Everyone)
        @="Macromedia Flash Factory Object"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
        "ThreadingModel"="Apartment"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
        @="FlashFactory.FlashFactory.1"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
        @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
        @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
        @="1.0"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
        @="FlashFactory.FlashFactory"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
        @Denied: (A 2) (Everyone)
        @="IFlashBroker4"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
        @="{00020424-0000-0000-C000-000000000046}"
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        "Version"="1.0"
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
        @Denied: (Full) (Everyone)
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
        c:\program files\ATKGFNEX\GFNEXSrv.exe
        c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
        c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
        c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
        c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
        c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
        c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
        c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
        c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
        c:\windows\AsScrPro.exe
        .
        **************************************************************************
        .
        Completion time: 2011-08-23  22:09:14 - machine was rebooted
        ComboFix-quarantined-files.txt  2011-08-24 02:09
        ComboFix2.txt  2011-08-22 17:51
        .
        Pre-Run: 250,556,719,104 bytes free
        Post-Run: 250,275,364,864 bytes free
        .
        - - End Of File - - 11E349BBDC5DFF1738F7282F3E0F63C5

        Offline doug1168w

        • Bronze Member
        • Posts: 31
        nevermind...a log wasn't created because i must have stopped it before it was generated.