Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus (Happili, Gimmeanswers, etc)


  • This topic is locked This topic is locked
21 replies to this topic

#1 HFBrowning

HFBrowning

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 30 March 2012 - 09:12 AM

Hello!

I have the google redirect virus (I don't know if it's the proper name but a quick search called it that) where 1/4 of the time if I google something, it takes me to fake websites instead of where I want to go. I found other threads on this forum with the same problem but since I don't want to mess anything up I suppose it's better to make my own thread?

I have run DDS and attached the two files requested:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by Hilary at 22:29:09 on 2012-03-29
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2037.1105 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\TODDSrv.exe
C:\windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [tcals] rundll32.exe "c:\users\hilary\appdata\local\temp\tcals.dll",CreateVolumeTextureFromFileExA
mRun: [rscofg] rundll32.exe "c:\users\hilary\appdata\local\temp\rscofg.dll",EnumShootingModeNext
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\hilary\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9BE133A1-2043-4D69-BB76-E283087A926A} : DhcpNameServer = 12.127.16.67 65.106.1.196 65.106.7.196
TCP: Interfaces\{C960AF6C-943B-4C9F-98BD-48B2EFB44EAB} : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C960AF6C-943B-4C9F-98BD-48B2EFB44EAB}\24F696E676F60284F6473707F647 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{C960AF6C-943B-4C9F-98BD-48B2EFB44EAB}\3416E672470245F6573686024586963712 : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hilary\appdata\roaming\mozilla\firefox\profiles\lag3tuj2.default\
FF - prefs.js: browser.startup.homepage - hxxp://grantsandfundinginformationserviceblog.wordpress.com/
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-3-28 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-3-28 337880]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-3-28 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-3-28 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-28 44768]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-6-25 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-25 277536]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-1 1832072]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-25 189984]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-6-25 51512]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
.
=============== Created Last 30 ================
.
2012-03-29 15:03:29 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-29 15:03:29 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-29 15:03:28 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-03-29 15:03:28 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-03-29 15:03:27 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-03-29 04:34:36 -------- d-s---w- C:\ComboFix
2012-03-29 04:14:19 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-29 04:14:17 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-29 04:14:17 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-29 04:10:27 41184 ----a-w- c:\windows\avastSS.scr
2012-03-29 04:05:01 -------- d-----w- c:\programdata\AVAST Software
2012-03-29 04:05:01 -------- d-----w- c:\program files\AVAST Software
2012-03-23 14:08:29 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{58d3f391-55e1-45fd-b6d2-b01c74fd6c73}\mpengine.dll
2012-03-21 14:04:22 -------- d-----w- c:\users\hilary\appdata\local\{BFA6430C-735E-11E1-826D-B8AC6F996F26}
2012-03-03 08:39:59 59392 ----a-w- c:\windows\system32\msscntrs.dll
.
==================== Find3M ====================
.
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 03:35:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
============= FINISH: 22:31:36.30 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 PM

Posted 31 March 2012 - 02:16 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 HFBrowning

HFBrowning
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 31 March 2012 - 04:50 PM

Hi Gringo! Thank you for the help. Below is the log from combofix; really the only problem I had is that it took almost an hour and a half to get the program to run all the way through (and it said it should take about 10 minutes?) I did about 10 google searches with no problems: is it possible to have had the virus removed by now? Sometimes I can do 10 searches without problem anyway.




ComboFix 12-03-28.02 - Hilary 03/31/2012 13:29:34.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2037.1206 [GMT -7:00]
Running from: c:\users\Hilary\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Hilary\AppData\Local\Temp\rscofg.dll
c:\users\Hilary\AppData\Local\Temp\tcals.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 21:34 . 2012-03-31 21:34 -------- d-----w- c:\users\Hilary\AppData\Local\temp
2012-03-31 21:34 . 2012-03-31 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 15:03 . 2012-03-29 15:03 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-29 15:03 . 2012-03-29 15:03 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-29 15:03 . 2012-03-29 15:03 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-29 15:03 . 2012-03-29 15:03 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-03-29 15:03 . 2012-03-29 15:03 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-29 04:14 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-29 04:14 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-29 04:14 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-29 04:14 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-29 04:14 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-29 04:14 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-29 04:10 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-29 04:10 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-29 04:05 . 2012-03-29 04:08 -------- d-----w- c:\programdata\AVAST Software
2012-03-29 04:05 . 2012-03-29 04:08 -------- d-----w- c:\program files\AVAST Software
2012-03-23 14:08 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58D3F391-55E1-45FD-B6D2-B01C74FD6C73}\mpengine.dll
2012-03-21 14:04 . 2012-03-21 14:04 -------- d-----w- c:\users\Hilary\AppData\Local\{BFA6430C-735E-11E1-826D-B8AC6F996F26}
2012-03-03 08:39 . 2011-05-04 04:32 59392 ----a-w- c:\windows\system32\msscntrs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2010-10-24 05:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-29 15:03 . 2011-12-01 22:17 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-14 694816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-07 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-16 296056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Hilary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Hilary\AppData\Roaming\Mozilla\Firefox\Profiles\lag3tuj2.default\
FF - prefs.js: browser.startup.homepage - hxxp://grantsandfundinginformationserviceblog.wordpress.com/
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-31 14:43:56
ComboFix-quarantined-files.txt 2012-03-31 21:43
.
Pre-Run: 205,561,659,392 bytes free
Post-Run: 206,198,661,120 bytes free
.
- - End Of File - - 64AD18BFDC8C5C0F73D2833C93633F19

#4 HFBrowning

HFBrowning
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 31 March 2012 - 07:16 PM

Scratch that - got another redirect to Happili while I was just casually browsing.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 PM

Posted 31 March 2012 - 08:07 PM

Greetings

In which browser does these redirects happen.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 HFBrowning

HFBrowning
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 01 April 2012 - 05:38 PM

Hi again,

I only use Firefox, so that's where I've been having my problems. Also, the first time I ran aswMBR I got a blue screen halfway through - though I don't know if that's because the internet was open at the same time. No problems the second time.

TDSSKiller log:

15:03:51.0709 3456 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
15:03:52.0166 3456 ============================================================
15:03:52.0167 3456 Current date / time: 2012/04/01 15:03:52.0166
15:03:52.0167 3456 SystemInfo:
15:03:52.0167 3456
15:03:52.0167 3456 OS Version: 6.1.7601 ServicePack: 1.0
15:03:52.0167 3456 Product type: Workstation
15:03:52.0168 3456 ComputerName: GROUNDHOG
15:03:52.0169 3456 UserName: Hilary
15:03:52.0169 3456 Windows directory: C:\windows
15:03:52.0169 3456 System windows directory: C:\windows
15:03:52.0169 3456 Processor architecture: Intel x86
15:03:52.0169 3456 Number of processors: 2
15:03:52.0169 3456 Page size: 0x1000
15:03:52.0169 3456 Boot type: Normal boot
15:03:52.0170 3456 ============================================================
15:03:54.0028 3456 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:03:54.0044 3456 \Device\Harddisk0\DR0:
15:03:54.0068 3456 MBR used
15:03:54.0068 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BF46000
15:03:54.0124 3456 Initialize success
15:03:54.0124 3456 ============================================================
15:04:11.0332 2256 ============================================================
15:04:11.0332 2256 Scan started
15:04:11.0332 2256 Mode: Manual;
15:04:11.0332 2256 ============================================================
15:04:12.0778 2256 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
15:04:12.0784 2256 1394ohci - ok
15:04:12.0829 2256 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
15:04:12.0835 2256 ACPI - ok
15:04:12.0938 2256 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
15:04:12.0941 2256 AcpiPmi - ok
15:04:13.0074 2256 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:04:13.0084 2256 adp94xx - ok
15:04:13.0154 2256 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:04:13.0162 2256 adpahci - ok
15:04:13.0248 2256 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:04:13.0253 2256 adpu320 - ok
15:04:13.0315 2256 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
15:04:13.0319 2256 AeLookupSvc - ok
15:04:13.0435 2256 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
15:04:13.0442 2256 AFD - ok
15:04:13.0507 2256 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
15:04:13.0511 2256 agp440 - ok
15:04:13.0749 2256 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:04:13.0755 2256 aic78xx - ok
15:04:13.0877 2256 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
15:04:13.0881 2256 ALG - ok
15:04:13.0995 2256 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
15:04:13.0998 2256 aliide - ok
15:04:14.0019 2256 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
15:04:14.0023 2256 amdagp - ok
15:04:14.0130 2256 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
15:04:14.0133 2256 amdide - ok
15:04:14.0182 2256 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:04:14.0185 2256 AmdK8 - ok
15:04:14.0294 2256 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:04:14.0297 2256 AmdPPM - ok
15:04:14.0376 2256 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
15:04:14.0379 2256 amdsata - ok
15:04:14.0488 2256 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:04:14.0494 2256 amdsbs - ok
15:04:14.0539 2256 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
15:04:14.0541 2256 amdxata - ok
15:04:14.0676 2256 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
15:04:14.0680 2256 AppID - ok
15:04:14.0770 2256 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
15:04:14.0774 2256 AppIDSvc - ok
15:04:14.0879 2256 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
15:04:14.0883 2256 Appinfo - ok
15:04:15.0001 2256 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:04:15.0005 2256 arc - ok
15:04:15.0051 2256 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:04:15.0055 2256 arcsas - ok
15:04:15.0144 2256 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\windows\system32\drivers\aswFsBlk.sys
15:04:15.0146 2256 aswFsBlk - ok
15:04:15.0242 2256 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\windows\system32\drivers\aswMonFlt.sys
15:04:15.0244 2256 aswMonFlt - ok
15:04:15.0390 2256 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\windows\System32\Drivers\aswrdr2.sys
15:04:15.0393 2256 aswRdr - ok
15:04:15.0554 2256 aswSnx (dcb199b967375753b5019ec15f008f53) C:\windows\system32\drivers\aswSnx.sys
15:04:15.0564 2256 aswSnx - ok
15:04:15.0677 2256 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\windows\system32\drivers\aswSP.sys
15:04:15.0683 2256 aswSP - ok
15:04:15.0820 2256 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\windows\system32\drivers\aswTdi.sys
15:04:15.0822 2256 aswTdi - ok
15:04:15.0871 2256 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:04:15.0874 2256 AsyncMac - ok
15:04:15.0977 2256 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
15:04:15.0979 2256 atapi - ok
15:04:16.0119 2256 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys
15:04:16.0142 2256 athr - ok
15:04:16.0330 2256 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:04:16.0369 2256 AudioEndpointBuilder - ok
15:04:16.0388 2256 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:04:16.0399 2256 Audiosrv - ok
15:04:16.0551 2256 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:04:16.0553 2256 avast! Antivirus - ok
15:04:16.0658 2256 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
15:04:16.0663 2256 AxInstSV - ok
15:04:16.0762 2256 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:04:16.0772 2256 b06bdrv - ok
15:04:16.0881 2256 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:04:16.0888 2256 b57nd60x - ok
15:04:16.0989 2256 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
15:04:16.0994 2256 BDESVC - ok
15:04:17.0081 2256 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:04:17.0084 2256 Beep - ok
15:04:17.0164 2256 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
15:04:17.0176 2256 BFE - ok
15:04:17.0297 2256 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
15:04:17.0328 2256 BITS - ok
15:04:17.0422 2256 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:04:17.0425 2256 blbdrive - ok
15:04:17.0475 2256 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
15:04:17.0478 2256 bowser - ok
15:04:17.0570 2256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:04:17.0574 2256 BrFiltLo - ok
15:04:17.0588 2256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:04:17.0591 2256 BrFiltUp - ok
15:04:17.0632 2256 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
15:04:17.0636 2256 BridgeMP - ok
15:04:17.0740 2256 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
15:04:17.0745 2256 Browser - ok
15:04:17.0800 2256 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:04:17.0807 2256 Brserid - ok
15:04:17.0902 2256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:04:17.0907 2256 BrSerWdm - ok
15:04:17.0922 2256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:04:17.0926 2256 BrUsbMdm - ok
15:04:17.0942 2256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:04:17.0945 2256 BrUsbSer - ok
15:04:17.0962 2256 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:04:17.0966 2256 BTHMODEM - ok
15:04:18.0010 2256 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
15:04:18.0015 2256 bthserv - ok
15:04:18.0116 2256 catchme - ok
15:04:18.0203 2256 ccEvtMgr (5e68928ba2412e60ff1c61441313cf8d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
15:04:18.0206 2256 ccEvtMgr - ok
15:04:18.0217 2256 ccSetMgr (5e68928ba2412e60ff1c61441313cf8d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
15:04:18.0220 2256 ccSetMgr - ok
15:04:18.0337 2256 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:04:18.0341 2256 cdfs - ok
15:04:18.0399 2256 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
15:04:18.0403 2256 cdrom - ok
15:04:18.0516 2256 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:04:18.0521 2256 CertPropSvc - ok
15:04:18.0629 2256 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:04:18.0632 2256 circlass - ok
15:04:18.0719 2256 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:04:18.0726 2256 CLFS - ok
15:04:18.0841 2256 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:04:18.0846 2256 clr_optimization_v2.0.50727_32 - ok
15:04:18.0926 2256 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:04:18.0928 2256 CmBatt - ok
15:04:18.0994 2256 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
15:04:18.0997 2256 cmdide - ok
15:04:19.0080 2256 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
15:04:19.0089 2256 CNG - ok
15:04:19.0326 2256 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:04:19.0328 2256 Compbatt - ok
15:04:19.0565 2256 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
15:04:19.0576 2256 CompositeBus - ok
15:04:19.0693 2256 COMSysApp - ok
15:04:19.0764 2256 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:04:19.0781 2256 crcdisk - ok
15:04:19.0944 2256 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
15:04:19.0955 2256 CryptSvc - ok
15:04:20.0090 2256 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:04:20.0121 2256 DcomLaunch - ok
15:04:20.0167 2256 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
15:04:20.0180 2256 defragsvc - ok
15:04:20.0301 2256 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
15:04:20.0305 2256 DfsC - ok
15:04:20.0425 2256 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
15:04:20.0438 2256 Dhcp - ok
15:04:20.0480 2256 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:04:20.0483 2256 discache - ok
15:04:20.0586 2256 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:04:20.0589 2256 Disk - ok
15:04:20.0672 2256 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
15:04:20.0684 2256 Dnscache - ok
15:04:20.0788 2256 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
15:04:20.0800 2256 dot3svc - ok
15:04:20.0877 2256 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
15:04:20.0888 2256 DPS - ok
15:04:20.0972 2256 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:04:20.0975 2256 drmkaud - ok
15:04:21.0055 2256 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
15:04:21.0070 2256 DXGKrnl - ok
15:04:21.0200 2256 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
15:04:21.0211 2256 EapHost - ok
15:04:21.0405 2256 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:04:21.0534 2256 ebdrv - ok
15:04:21.0650 2256 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
15:04:21.0664 2256 EFS - ok
15:04:21.0789 2256 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:04:21.0801 2256 elxstor - ok
15:04:21.0870 2256 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
15:04:21.0874 2256 ErrDev - ok
15:04:22.0002 2256 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
15:04:22.0016 2256 EventSystem - ok
15:04:22.0064 2256 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:04:22.0070 2256 exfat - ok
15:04:22.0161 2256 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:04:22.0167 2256 fastfat - ok
15:04:22.0301 2256 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
15:04:22.0321 2256 Fax - ok
15:04:22.0421 2256 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:04:22.0425 2256 fdc - ok
15:04:22.0472 2256 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
15:04:22.0481 2256 fdPHost - ok
15:04:22.0594 2256 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
15:04:22.0604 2256 FDResPub - ok
15:04:22.0717 2256 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:04:22.0721 2256 FileInfo - ok
15:04:22.0767 2256 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:04:22.0771 2256 Filetrace - ok
15:04:22.0789 2256 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:04:22.0794 2256 flpydisk - ok
15:04:22.0905 2256 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:04:22.0912 2256 FltMgr - ok
15:04:23.0001 2256 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
15:04:23.0025 2256 FontCache - ok
15:04:23.0123 2256 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:04:23.0131 2256 FontCache3.0.0.0 - ok
15:04:23.0218 2256 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:04:23.0222 2256 FsDepends - ok
15:04:23.0335 2256 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
15:04:23.0339 2256 Fs_Rec - ok
15:04:23.0537 2256 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
15:04:23.0544 2256 fvevol - ok
15:04:23.0671 2256 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:04:23.0677 2256 gagp30kx - ok
15:04:23.0828 2256 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
15:04:23.0864 2256 gpsvc - ok
15:04:24.0130 2256 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:04:24.0154 2256 hcw85cir - ok
15:04:24.0413 2256 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
15:04:24.0442 2256 HdAudAddService - ok
15:04:24.0705 2256 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
15:04:24.0731 2256 HDAudBus - ok
15:04:25.0196 2256 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:04:25.0222 2256 HidBatt - ok
15:04:25.0588 2256 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:04:25.0601 2256 HidBth - ok
15:04:25.0922 2256 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:04:25.0953 2256 HidIr - ok
15:04:26.0211 2256 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
15:04:26.0226 2256 hidserv - ok
15:04:26.0399 2256 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
15:04:26.0417 2256 HidUsb - ok
15:04:26.0551 2256 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
15:04:26.0571 2256 hkmsvc - ok
15:04:26.0692 2256 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
15:04:26.0717 2256 HomeGroupListener - ok
15:04:26.0902 2256 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
15:04:26.0933 2256 HomeGroupProvider - ok
15:04:27.0332 2256 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
15:04:27.0360 2256 HpSAMD - ok
15:04:27.0497 2256 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
15:04:27.0513 2256 HTTP - ok
15:04:27.0660 2256 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
15:04:27.0664 2256 hwpolicy - ok
15:04:27.0846 2256 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
15:04:27.0851 2256 i8042prt - ok
15:04:28.0080 2256 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
15:04:28.0088 2256 iaStor - ok
15:04:28.0260 2256 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
15:04:28.0272 2256 iaStorV - ok
15:04:28.0421 2256 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:04:28.0455 2256 idsvc - ok
15:04:29.0068 2256 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
15:04:29.0250 2256 igfx - ok
15:04:29.0571 2256 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:04:29.0590 2256 iirsp - ok
15:04:29.0812 2256 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
15:04:29.0840 2256 IKEEXT - ok
15:04:30.0271 2256 IntcAzAudAddService (c4b1d45fe135286155b9e6aa0db4e4d3) C:\windows\system32\drivers\RTKVHDA.sys
15:04:30.0343 2256 IntcAzAudAddService - ok
15:04:30.0551 2256 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
15:04:30.0562 2256 intelide - ok
15:04:30.0716 2256 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:04:30.0719 2256 intelppm - ok
15:04:31.0161 2256 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
15:04:31.0177 2256 IPBusEnum - ok
15:04:31.0507 2256 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:04:31.0525 2256 IpFilterDriver - ok
15:04:31.0745 2256 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
15:04:31.0824 2256 iphlpsvc - ok
15:04:31.0985 2256 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
15:04:32.0003 2256 IPMIDRV - ok
15:04:32.0231 2256 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:04:32.0247 2256 IPNAT - ok
15:04:32.0598 2256 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:04:32.0623 2256 IRENUM - ok
15:04:32.0738 2256 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
15:04:32.0756 2256 isapnp - ok
15:04:32.0879 2256 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
15:04:32.0896 2256 iScsiPrt - ok
15:04:33.0188 2256 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
15:04:33.0191 2256 kbdclass - ok
15:04:33.0386 2256 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys
15:04:33.0432 2256 kbdhid - ok
15:04:33.0663 2256 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:04:33.0678 2256 KeyIso - ok
15:04:34.0132 2256 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
15:04:34.0138 2256 KSecDD - ok
15:04:34.0362 2256 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
15:04:34.0380 2256 KSecPkg - ok
15:04:34.0532 2256 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
15:04:34.0600 2256 KtmRm - ok
15:04:35.0061 2256 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
15:04:35.0100 2256 LanmanServer - ok
15:04:35.0219 2256 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
15:04:35.0250 2256 LanmanWorkstation - ok
15:04:35.0650 2256 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:04:35.0664 2256 lltdio - ok
15:04:35.0892 2256 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
15:04:35.0917 2256 lltdsvc - ok
15:04:36.0199 2256 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
15:04:36.0212 2256 lmhosts - ok
15:04:36.0511 2256 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys
15:04:36.0514 2256 LPCFilter - ok
15:04:37.0127 2256 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:04:37.0145 2256 LSI_FC - ok
15:04:37.0529 2256 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:04:37.0597 2256 LSI_SAS - ok
15:04:37.0874 2256 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:04:37.0888 2256 LSI_SAS2 - ok
15:04:38.0232 2256 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:04:38.0237 2256 LSI_SCSI - ok
15:04:38.0508 2256 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:04:38.0555 2256 luafv - ok
15:04:38.0856 2256 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:04:38.0860 2256 megasas - ok
15:04:39.0121 2256 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:04:39.0133 2256 MegaSR - ok
15:04:39.0303 2256 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:04:39.0324 2256 MMCSS - ok
15:04:39.0774 2256 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:04:39.0829 2256 Modem - ok
15:04:40.0238 2256 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:04:40.0242 2256 monitor - ok
15:04:40.0699 2256 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
15:04:40.0702 2256 mouclass - ok
15:04:41.0076 2256 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:04:41.0089 2256 mouhid - ok
15:04:41.0563 2256 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
15:04:41.0577 2256 mountmgr - ok
15:04:42.0061 2256 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
15:04:42.0120 2256 mpio - ok
15:04:42.0274 2256 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:04:42.0285 2256 mpsdrv - ok
15:04:42.0717 2256 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
15:04:42.0780 2256 MpsSvc - ok
15:04:43.0139 2256 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
15:04:43.0162 2256 MRxDAV - ok
15:04:43.0515 2256 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
15:04:43.0543 2256 mrxsmb - ok
15:04:43.0959 2256 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:04:43.0973 2256 mrxsmb10 - ok
15:04:44.0343 2256 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:04:44.0361 2256 mrxsmb20 - ok
15:04:44.0800 2256 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
15:04:44.0803 2256 msahci - ok
15:04:45.0310 2256 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
15:04:45.0328 2256 msdsm - ok
15:04:45.0689 2256 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
15:04:45.0715 2256 MSDTC - ok
15:04:45.0939 2256 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:04:45.0945 2256 Msfs - ok
15:04:46.0161 2256 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:04:46.0176 2256 mshidkmdf - ok
15:04:46.0487 2256 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
15:04:46.0490 2256 msisadrv - ok
15:04:46.0756 2256 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
15:04:46.0775 2256 MSiSCSI - ok
15:04:46.0939 2256 msiserver - ok
15:04:47.0145 2256 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:04:47.0162 2256 MSKSSRV - ok
15:04:47.0456 2256 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:04:47.0481 2256 MSPCLOCK - ok
15:04:47.0623 2256 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:04:47.0627 2256 MSPQM - ok
15:04:47.0708 2256 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:04:47.0739 2256 MsRPC - ok
15:04:48.0251 2256 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
15:04:48.0255 2256 mssmbios - ok
15:04:48.0516 2256 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:04:48.0535 2256 MSTEE - ok
15:04:48.0850 2256 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:04:48.0864 2256 MTConfig - ok
15:04:49.0063 2256 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:04:49.0067 2256 Mup - ok
15:04:49.0504 2256 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
15:04:49.0540 2256 napagent - ok
15:04:49.0784 2256 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:04:49.0800 2256 NativeWifiP - ok
15:04:50.0011 2256 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
15:04:50.0029 2256 NDIS - ok
15:04:50.0212 2256 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:04:50.0216 2256 NdisCap - ok
15:04:50.0466 2256 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:04:50.0510 2256 NdisTapi - ok
15:04:50.0793 2256 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
15:04:50.0811 2256 Ndisuio - ok
15:04:50.0947 2256 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
15:04:50.0953 2256 NdisWan - ok
15:04:51.0229 2256 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
15:04:51.0241 2256 NDProxy - ok
15:04:51.0507 2256 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:04:51.0529 2256 NetBIOS - ok
15:04:51.0732 2256 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
15:04:51.0741 2256 NetBT - ok
15:04:51.0954 2256 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:04:51.0969 2256 Netlogon - ok
15:04:52.0146 2256 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
15:04:52.0193 2256 Netman - ok
15:04:52.0308 2256 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
15:04:52.0331 2256 netprofm - ok
15:04:52.0441 2256 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:52.0446 2256 NetTcpPortSharing - ok
15:04:52.0575 2256 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:04:52.0581 2256 nfrd960 - ok
15:04:52.0651 2256 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
15:04:52.0671 2256 NlaSvc - ok
15:04:52.0752 2256 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:04:52.0758 2256 Npfs - ok
15:04:52.0817 2256 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
15:04:52.0835 2256 nsi - ok
15:04:52.0912 2256 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:04:52.0916 2256 nsiproxy - ok
15:04:53.0024 2256 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
15:04:53.0054 2256 Ntfs - ok
15:04:53.0132 2256 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:04:53.0137 2256 Null - ok
15:04:53.0216 2256 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
15:04:53.0223 2256 nvraid - ok
15:04:53.0311 2256 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
15:04:53.0318 2256 nvstor - ok
15:04:53.0392 2256 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
15:04:53.0400 2256 nv_agp - ok
15:04:53.0475 2256 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
15:04:53.0498 2256 ohci1394 - ok
15:04:53.0548 2256 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:04:53.0576 2256 p2pimsvc - ok
15:04:53.0706 2256 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
15:04:53.0735 2256 p2psvc - ok
15:04:53.0913 2256 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:04:53.0922 2256 Parport - ok
15:04:54.0074 2256 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
15:04:54.0078 2256 partmgr - ok
15:04:54.0256 2256 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:04:54.0260 2256 Parvdm - ok
15:04:54.0426 2256 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
15:04:54.0454 2256 PcaSvc - ok
15:04:54.0713 2256 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
15:04:54.0757 2256 pci - ok
15:04:54.0986 2256 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
15:04:54.0989 2256 pciide - ok
15:04:55.0288 2256 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:04:55.0323 2256 pcmcia - ok
15:04:55.0789 2256 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:04:55.0793 2256 pcw - ok
15:04:56.0020 2256 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:04:56.0037 2256 PEAUTH - ok
15:04:56.0225 2256 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
15:04:56.0229 2256 PGEffect - ok
15:04:56.0375 2256 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
15:04:56.0442 2256 pla - ok
15:04:56.0667 2256 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
15:04:56.0698 2256 PlugPlay - ok
15:04:56.0988 2256 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
15:04:57.0013 2256 PNRPAutoReg - ok
15:04:57.0162 2256 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:04:57.0191 2256 PNRPsvc - ok
15:04:57.0529 2256 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
15:04:57.0548 2256 PolicyAgent - ok
15:04:57.0668 2256 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
15:04:57.0693 2256 Power - ok
15:04:57.0803 2256 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:04:57.0809 2256 PptpMiniport - ok
15:04:57.0844 2256 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:04:57.0850 2256 Processor - ok
15:04:57.0976 2256 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
15:04:57.0997 2256 ProfSvc - ok
15:04:58.0055 2256 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:04:58.0074 2256 ProtectedStorage - ok
15:04:58.0180 2256 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:04:58.0187 2256 Psched - ok
15:04:58.0284 2256 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:04:58.0326 2256 ql2300 - ok
15:04:58.0446 2256 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:04:58.0451 2256 ql40xx - ok
15:04:58.0502 2256 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
15:04:58.0520 2256 QWAVE - ok
15:04:58.0634 2256 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:04:58.0639 2256 QWAVEdrv - ok
15:04:58.0660 2256 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:04:58.0666 2256 RasAcd - ok
15:04:58.0771 2256 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:04:58.0775 2256 RasAgileVpn - ok
15:04:58.0821 2256 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
15:04:58.0843 2256 RasAuto - ok
15:04:58.0957 2256 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:04:58.0963 2256 Rasl2tp - ok
15:04:59.0042 2256 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
15:04:59.0067 2256 RasMan - ok
15:04:59.0203 2256 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:04:59.0210 2256 RasPppoe - ok
15:04:59.0238 2256 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:04:59.0245 2256 RasSstp - ok
15:04:59.0307 2256 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
15:04:59.0327 2256 rdbss - ok
15:04:59.0492 2256 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:04:59.0503 2256 rdpbus - ok
15:04:59.0648 2256 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
15:04:59.0652 2256 RDPCDD - ok
15:04:59.0813 2256 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:04:59.0816 2256 RDPENCDD - ok
15:04:59.0958 2256 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:04:59.0963 2256 RDPREFMP - ok
15:05:00.0170 2256 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
15:05:00.0186 2256 RDPWD - ok
15:05:00.0328 2256 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
15:05:00.0343 2256 rdyboost - ok
15:05:00.0491 2256 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
15:05:00.0515 2256 RemoteAccess - ok
15:05:00.0654 2256 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
15:05:00.0675 2256 RemoteRegistry - ok
15:05:00.0851 2256 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
15:05:00.0875 2256 RpcEptMapper - ok
15:05:01.0007 2256 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
15:05:01.0023 2256 RpcLocator - ok
15:05:01.0161 2256 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:05:01.0198 2256 RpcSs - ok
15:05:01.0315 2256 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:05:01.0320 2256 rspndr - ok
15:05:01.0585 2256 RSUSBSTOR (5bef0fd9b6e57bbc6f7920e3118ae108) C:\windows\system32\Drivers\RtsUStor.sys
15:05:01.0593 2256 RSUSBSTOR - ok
15:05:01.0767 2256 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\windows\system32\DRIVERS\Rt86win7.sys
15:05:01.0776 2256 RTL8167 - ok
15:05:02.0010 2256 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:05:02.0025 2256 SamSs - ok
15:05:02.0162 2256 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
15:05:02.0187 2256 sbp2port - ok
15:05:02.0276 2256 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
15:05:02.0305 2256 SCardSvr - ok
15:05:02.0508 2256 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
15:05:02.0514 2256 scfilter - ok
15:05:02.0706 2256 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
15:05:02.0771 2256 Schedule - ok
15:05:03.0066 2256 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:05:03.0072 2256 SCPolicySvc - ok
15:05:03.0312 2256 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
15:05:03.0337 2256 SDRSVC - ok
15:05:03.0602 2256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:05:03.0622 2256 secdrv - ok
15:05:03.0869 2256 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
15:05:03.0892 2256 seclogon - ok
15:05:04.0151 2256 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
15:05:04.0181 2256 SENS - ok
15:05:04.0541 2256 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:05:04.0555 2256 Serenum - ok
15:05:04.0888 2256 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:05:04.0904 2256 Serial - ok
15:05:05.0200 2256 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:05:05.0217 2256 sermouse - ok
15:05:05.0534 2256 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
15:05:05.0566 2256 SessionEnv - ok
15:05:05.0836 2256 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
15:05:05.0892 2256 sffdisk - ok
15:05:06.0196 2256 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
15:05:06.0241 2256 sffp_mmc - ok
15:05:06.0528 2256 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
15:05:06.0559 2256 sffp_sd - ok
15:05:06.0878 2256 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:05:06.0891 2256 sfloppy - ok
15:05:07.0185 2256 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
15:05:07.0202 2256 SharedAccess - ok
15:05:07.0484 2256 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
15:05:07.0529 2256 ShellHWDetection - ok
15:05:07.0867 2256 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
15:05:07.0896 2256 sisagp - ok
15:05:08.0283 2256 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:05:08.0292 2256 SiSRaid2 - ok
15:05:08.0606 2256 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:05:08.0614 2256 SiSRaid4 - ok
15:05:08.0929 2256 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:05:08.0939 2256 Smb - ok
15:05:09.0390 2256 SmcService (a651bea60428fdd94fe21e2f5c0bbcac) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
15:05:09.0475 2256 SmcService - ok
15:05:09.0810 2256 SNAC (90aee34be6f53f83db9e78344d1eec47) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
15:05:09.0829 2256 SNAC - ok
15:05:10.0097 2256 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
15:05:10.0127 2256 SNMPTRAP - ok
15:05:10.0843 2256 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
15:05:10.0908 2256 SPBBCDrv - ok
15:05:11.0176 2256 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:05:11.0181 2256 spldr - ok
15:05:11.0431 2256 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
15:05:11.0464 2256 Spooler - ok
15:05:12.0011 2256 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
15:05:12.0151 2256 sppsvc - ok
15:05:12.0418 2256 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
15:05:12.0447 2256 sppuinotify - ok
15:05:12.0776 2256 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\windows\system32\Drivers\SRTSP.SYS
15:05:12.0784 2256 SRTSP - ok
15:05:13.0112 2256 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\windows\system32\Drivers\SRTSPL.SYS
15:05:13.0136 2256 SRTSPL - ok
15:05:13.0463 2256 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\windows\system32\Drivers\SRTSPX.SYS
15:05:13.0468 2256 SRTSPX - ok
15:05:13.0850 2256 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
15:05:13.0864 2256 srv - ok
15:05:14.0393 2256 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
15:05:14.0459 2256 srv2 - ok
15:05:14.0861 2256 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
15:05:14.0880 2256 srvnet - ok
15:05:15.0156 2256 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
15:05:15.0185 2256 SSDPSRV - ok
15:05:15.0546 2256 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
15:05:15.0576 2256 SstpSvc - ok
15:05:15.0870 2256 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:05:15.0884 2256 stexstor - ok
15:05:16.0175 2256 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
15:05:16.0218 2256 StiSvc - ok
15:05:16.0607 2256 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
15:05:16.0612 2256 swenum - ok
15:05:16.0946 2256 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
15:05:16.0995 2256 swprv - ok
15:05:17.0732 2256 Symantec AntiVirus (d880fbd65b6f4885ac89628225b91398) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
15:05:17.0813 2256 Symantec AntiVirus - ok
15:05:18.0010 2256 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\windows\system32\Drivers\SYMEVENT.SYS
15:05:18.0014 2256 SymEvent - ok
15:05:18.0351 2256 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\windows\System32\Drivers\SYMTDI.SYS
15:05:18.0358 2256 SYMTDI - ok
15:05:18.0717 2256 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
15:05:18.0724 2256 SynTP - ok
15:05:18.0882 2256 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
15:05:18.0923 2256 SysMain - ok
15:05:19.0095 2256 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
15:05:19.0117 2256 TabletInputService - ok
15:05:19.0421 2256 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
15:05:19.0449 2256 TapiSrv - ok
15:05:19.0649 2256 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
15:05:19.0675 2256 TBS - ok
15:05:20.0167 2256 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
15:05:20.0226 2256 Tcpip - ok
15:05:20.0834 2256 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
15:05:20.0859 2256 TCPIP6 - ok
15:05:21.0198 2256 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
15:05:21.0210 2256 tcpipreg - ok
15:05:21.0425 2256 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
15:05:21.0440 2256 tdcmdpst - ok
15:05:21.0649 2256 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
15:05:21.0654 2256 TDPIPE - ok
15:05:21.0817 2256 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
15:05:21.0839 2256 TDTCP - ok
15:05:22.0031 2256 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
15:05:22.0052 2256 tdx - ok
15:05:22.0220 2256 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
15:05:22.0226 2256 TermDD - ok
15:05:22.0514 2256 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
15:05:22.0616 2256 TermService - ok
15:05:23.0009 2256 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
15:05:23.0033 2256 Themes - ok
15:05:23.0431 2256 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:05:23.0445 2256 THREADORDER - ok
15:05:23.0580 2256 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:05:23.0595 2256 TMachInfo - ok
15:05:23.0740 2256 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
15:05:23.0765 2256 TODDSrv - ok
15:05:23.0942 2256 TosCoSrv (85edf7a274435e4df051bb23f8e01581) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:05:23.0964 2256 TosCoSrv - ok
15:05:24.0119 2256 TOSHIBA HDD SSD Alert Service (991e324dc137402148e01c2269632c6b) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
15:05:24.0123 2256 TOSHIBA HDD SSD Alert Service - ok
15:05:24.0238 2256 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
15:05:24.0263 2256 TrkWks - ok
15:05:24.0379 2256 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
15:05:24.0386 2256 TrustedInstaller - ok
15:05:24.0682 2256 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
15:05:24.0708 2256 tssecsrv - ok
15:05:24.0837 2256 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
15:05:24.0851 2256 TsUsbFlt - ok
15:05:25.0020 2256 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
15:05:25.0034 2256 tunnel - ok
15:05:25.0333 2256 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
15:05:25.0337 2256 TVALZ - ok
15:05:25.0471 2256 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:05:25.0488 2256 uagp35 - ok
15:05:25.0636 2256 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
15:05:25.0666 2256 udfs - ok
15:05:25.0756 2256 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
15:05:25.0804 2256 UI0Detect - ok
15:05:26.0067 2256 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
15:05:26.0085 2256 uliagpkx - ok
15:05:26.0246 2256 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
15:05:26.0252 2256 umbus - ok
15:05:26.0321 2256 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:05:26.0326 2256 UmPass - ok
15:05:26.0493 2256 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
15:05:26.0560 2256 upnphost - ok
15:05:26.0996 2256 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
15:05:27.0013 2256 usbccgp - ok
15:05:27.0232 2256 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
15:05:27.0239 2256 usbcir - ok
15:05:27.0350 2256 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
15:05:27.0355 2256 usbehci - ok
15:05:27.0421 2256 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
15:05:27.0432 2256 usbhub - ok
15:05:27.0547 2256 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
15:05:27.0552 2256 usbohci - ok
15:05:27.0611 2256 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:05:27.0617 2256 usbprint - ok
15:05:27.0729 2256 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS
15:05:27.0736 2256 USBSTOR - ok
15:05:27.0804 2256 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
15:05:27.0809 2256 usbuhci - ok
15:05:27.0945 2256 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
15:05:27.0952 2256 usbvideo - ok
15:05:27.0986 2256 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
15:05:28.0014 2256 UxSms - ok
15:05:28.0114 2256 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:05:28.0128 2256 VaultSvc - ok
15:05:28.0232 2256 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
15:05:28.0241 2256 vdrvroot - ok
15:05:28.0384 2256 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
15:05:28.0417 2256 vds - ok
15:05:28.0538 2256 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:05:28.0543 2256 vga - ok
15:05:28.0583 2256 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:05:28.0588 2256 VgaSave - ok
15:05:28.0651 2256 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
15:05:28.0659 2256 vhdmp - ok
15:05:28.0784 2256 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
15:05:28.0790 2256 viaagp - ok
15:05:28.0845 2256 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:05:28.0852 2256 ViaC7 - ok
15:05:28.0971 2256 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
15:05:28.0976 2256 viaide - ok
15:05:29.0023 2256 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
15:05:29.0028 2256 volmgr - ok
15:05:29.0125 2256 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:05:29.0135 2256 volmgrx - ok
15:05:29.0205 2256 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
15:05:29.0217 2256 volsnap - ok
15:05:29.0325 2256 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:05:29.0335 2256 vsmraid - ok
15:05:29.0423 2256 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
15:05:29.0471 2256 VSS - ok
15:05:29.0576 2256 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:05:29.0581 2256 vwifibus - ok
15:05:29.0688 2256 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:05:29.0694 2256 vwififlt - ok
15:05:29.0739 2256 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
15:05:29.0769 2256 W32Time - ok
15:05:29.0889 2256 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:05:29.0904 2256 WacomPen - ok
15:05:29.0956 2256 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:05:29.0960 2256 WANARP - ok
15:05:29.0975 2256 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:05:29.0982 2256 Wanarpv6 - ok
15:05:30.0227 2256 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
15:05:30.0284 2256 wbengine - ok
15:05:30.0423 2256 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
15:05:30.0457 2256 WbioSrvc - ok
15:05:30.0608 2256 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
15:05:30.0640 2256 wcncsvc - ok
15:05:30.0762 2256 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
15:05:30.0791 2256 WcsPlugInService - ok
15:05:30.0969 2256 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:05:30.0977 2256 Wd - ok
15:05:31.0180 2256 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:05:31.0197 2256 Wdf01000 - ok
15:05:31.0382 2256 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:05:31.0412 2256 WdiServiceHost - ok
15:05:31.0438 2256 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:05:31.0472 2256 WdiSystemHost - ok
15:05:31.0707 2256 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
15:05:31.0738 2256 WebClient - ok
15:05:31.0891 2256 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
15:05:31.0920 2256 Wecsvc - ok
15:05:32.0055 2256 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
15:05:32.0083 2256 wercplsupport - ok
15:05:32.0203 2256 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
15:05:32.0235 2256 WerSvc - ok
15:05:32.0434 2256 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:05:32.0441 2256 WfpLwf - ok
15:05:32.0630 2256 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:05:32.0646 2256 WIMMount - ok
15:05:32.0783 2256 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:05:32.0811 2256 WinDefend - ok
15:05:32.0840 2256 WinHttpAutoProxySvc - ok
15:05:33.0008 2256 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
15:05:33.0025 2256 Winmgmt - ok
15:05:33.0471 2256 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
15:05:33.0560 2256 WinRM - ok
15:05:33.0744 2256 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
15:05:33.0760 2256 WinUsb - ok
15:05:33.0953 2256 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
15:05:34.0021 2256 Wlansvc - ok
15:05:34.0225 2256 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:05:34.0298 2256 wlidsvc - ok
15:05:34.0478 2256 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
15:05:34.0492 2256 WmiAcpi - ok
15:05:34.0668 2256 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
15:05:34.0683 2256 wmiApSrv - ok
15:05:34.0878 2256 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:05:34.0925 2256 WMPNetworkSvc - ok
15:05:35.0094 2256 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
15:05:35.0138 2256 WPCSvc - ok
15:05:35.0257 2256 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
15:05:35.0288 2256 WPDBusEnum - ok
15:05:35.0431 2256 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:05:35.0436 2256 ws2ifsl - ok
15:05:35.0620 2256 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
15:05:35.0653 2256 wscsvc - ok
15:05:35.0810 2256 WSearch - ok
15:05:36.0245 2256 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
15:05:36.0347 2256 wuauserv - ok
15:05:36.0532 2256 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
15:05:36.0548 2256 WudfPf - ok
15:05:36.0770 2256 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
15:05:36.0782 2256 WUDFRd - ok
15:05:36.0994 2256 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
15:05:37.0022 2256 wudfsvc - ok
15:05:37.0260 2256 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
15:05:37.0300 2256 WwanSvc - ok
15:05:37.0363 2256 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:05:37.0440 2256 \Device\Harddisk0\DR0 - ok
15:05:37.0471 2256 Boot (0x1200) (6b9376ae63008b21968de9b6f269e43d) \Device\Harddisk0\DR0\Partition0
15:05:37.0503 2256 \Device\Harddisk0\DR0\Partition0 - ok
15:05:37.0505 2256 ============================================================
15:05:37.0505 2256 Scan finished
15:05:37.0505 2256 ============================================================
15:05:37.0549 2352 Detected object count: 0
15:05:37.0549 2352 Actual detected object count: 0


aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-01 15:17:01
-----------------------------
15:17:01.926 OS Version: Windows 6.1.7601 Service Pack 1
15:17:01.926 Number of processors: 2 586 0x1C0A
15:17:01.941 ComputerName: GROUNDHOG UserName: Hilary
15:17:14.063 Initialize success
15:17:15.248 AVAST engine defs: 12040101
15:17:23.766 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:17:23.797 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
15:17:23.844 Disk 0 MBR read successfully
15:17:23.859 Disk 0 MBR scan
15:17:23.891 Disk 0 Windows VISTA default MBR code
15:17:23.937 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:17:23.984 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 229004 MB offset 3074048
15:17:24.047 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7970 MB offset 472074240
15:17:24.109 Disk 0 scanning sectors +488396800
15:17:24.203 Disk 0 scanning C:\windows\system32\drivers
15:17:48.351 Service scanning
15:18:37.258 Modules scanning
15:19:16.726 Disk 0 trace - called modules:
15:19:16.850 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
15:19:16.882 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8557a030]
15:19:16.928 3 CLASSPNP.SYS[8859159e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b16028]
15:19:18.722 AVAST engine scan C:\windows
15:19:24.073 AVAST engine scan C:\windows\system32
15:26:02.373 AVAST engine scan C:\windows\system32\drivers
15:26:40.000 AVAST engine scan C:\Users\Hilary
15:30:25.405 AVAST engine scan C:\ProgramData
15:31:02.486 Scan finished successfully
15:32:48.847 Disk 0 MBR has been saved successfully to "C:\Users\Hilary\Desktop\MBR.dat"
15:32:48.879 The log file has been saved successfully to "C:\Users\Hilary\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 PM

Posted 01 April 2012 - 06:18 PM

Hello


I want you to uninstall firefox and when asked about user data i want that removed also


then go ahead and reinstall after and see if you still get redirect



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 HFBrowning

HFBrowning
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 03 April 2012 - 12:45 AM

Hi Gringo,

Just wanted to let you know that I have uninstalled and reinstalled Firefox...no problems so far, but once again I've been artificially searching for things to see if I get a redirect. I will post again tomorrow after I've done a couple of hours of research (which involves a LOT of googling) and let you know if I have any problems.

#9 HFBrowning

HFBrowning
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 03 April 2012 - 10:35 AM

So, I haven't been getting a redirect problem, but that's mostly because I can't even really use the internet now. It takes about 10 minutes to load one webpage. I thought maybe it was a problem with the new version of Mozilla (because the infected computer is a tiny netbook that tends to run a bit slow anyway) so I downloaded Chrome to try it, and then even tried IE. Painfully slow internet on all browsers.

#10 HFBrowning

HFBrowning
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 03 April 2012 - 08:49 PM

And the internet is back up and running! I think my problems are solved too, because no redirect. Thank you so much!!!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 PM

Posted 03 April 2012 - 08:58 PM

Greetings

Sorry for not respond sooner had to take inlaws out today for some erronds

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 HFBrowning

HFBrowning
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 05 April 2012 - 10:52 AM

Sorry myself for taking so long - I've been working on it but having some issues:

First, I was running combofix with the script and kept forgetting that it's not done once the green scanning first part is over. And at first it kept giving me the message:

Error opening file for writing:
C:\32788R22FWJFW\pev.3XE
Click Abort to stop the installation, Retry to try again, or Ignore to skip this file.

Although the most recent time I tried to run it, it didn't say that. Now I'm not sure if I can run it anymore - it says it's expired? Will it still work to run it in the reduced functionality mode?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 PM

Posted 05 April 2012 - 11:23 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 HFBrowning

HFBrowning
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 06 April 2012 - 01:01 AM

Here is the new log from ComboFix. Everything appears to be running well.

ComboFix 12-04-05.09 - Hilary 04/05/2012 22:08:55.3.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.2037.1230 [GMT -7:00]
Running from: c:\users\Hilary\Desktop\ComboFix.exe
Command switches used :: c:\users\Hilary\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 05:41 . 2012-04-06 05:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-03 14:27 . 2012-04-03 14:35 -------- d-----w- c:\users\Hilary\AppData\Local\Google
2012-03-31 21:44 . 2012-04-06 05:41 -------- d-----w- c:\users\Hilary\AppData\Local\temp
2012-03-29 04:14 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-29 04:14 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-29 04:14 . 2012-03-06 23:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-29 04:14 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-29 04:14 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-29 04:14 . 2012-03-06 23:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-29 04:10 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-29 04:10 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-29 04:05 . 2012-03-29 04:08 -------- d-----w- c:\programdata\AVAST Software
2012-03-29 04:05 . 2012-03-29 04:08 -------- d-----w- c:\program files\AVAST Software
2012-03-23 14:08 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{58D3F391-55E1-45FD-B6D2-B01C74FD6C73}\mpengine.dll
2012-03-21 14:04 . 2012-03-21 14:04 -------- d-----w- c:\users\Hilary\AppData\Local\{BFA6430C-735E-11E1-826D-B8AC6F996F26}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:18 . 2010-10-24 05:06 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 03:35 . 2012-03-03 08:39 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 04:39 . 2012-04-03 05:05 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-14 694816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-05-07 115560]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-12-16 296056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
c:\users\Hilary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3284330620-1401013158-1378960008-1000Core.job
- c:\users\Hilary\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 14:27]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3284330620-1401013158-1378960008-1000UA.job
- c:\users\Hilary\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-03 14:27]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Hilary\AppData\Roaming\Mozilla\Firefox\Profiles\79gyc7ev.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-05 22:54:59
ComboFix-quarantined-files.txt 2012-04-06 05:54
ComboFix2.txt 2012-03-31 21:43
.
Pre-Run: 205,598,064,640 bytes free
Post-Run: 205,349,052,416 bytes free
.
- - End Of File - - BCB7CA7EBB83DE211CF30D4DE5E9EA01

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:39 PM

Posted 06 April 2012 - 01:13 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.0
Java™ 6 Update 20
Java™ 6 Update 23
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users