Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches redirecting sporadically...please help


  • This topic is locked This topic is locked
23 replies to this topic

#1 tbeagle

tbeagle

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 14 July 2012 - 05:54 PM

Hello and thank you in advance to any kind individual who might be able to help me.

About a week ago, I began experiencing occasional redirects when I would click on a Google search link. It would happen unpredictably, maybe once every 5-10 searches. I ran a full system scan with Norton, and it didn't detect anything suspicious. Then, I did a full scan with Malwarebytes and it detected "Trojan.Happili" which it apparently removed. The redirects seemed to go away for a few days but started appearing again in the past two days. Once again, Norton didn't detect anything, but Malwarebytes detected and removed "Trojan.BHO" after a full scan. I'm afraid I picked this up during one of the redirects? After scanning again and getting the reports from Norton and Malwarebytes that all was clear, I tried a Google search again and the third search ended up redirecting me. I'm at a loss for what to do next.

My computer uses Windows Vista Home Premium, service pack 2, 64-bit version. I'm running Norton for antivirus, antispyware, and firewall.

As requested, here is my DDS.txt log and attached Attach.txt file. Thank you for any help you can provide!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by beagle at 17:26:05 on 2012-07-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2046 [GMT -5:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\runservice.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hp-laptop.aol.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Apple Computer] rundll32.exe "C:\Users\beagle\AppData\Local\Barode_Games\Apple Computer\jpyaxpbn.dll",CreateInstance
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\beagle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: hchdonline.com\citrixportal
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150 75.75.76.76
TCP: Interfaces\{032F161D-B8D7-4FAA-9409-6CF73A01F8EB} : DhcpNameServer = 68.87.85.102 68.87.69.150 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\beagle\AppData\Roaming\Mozilla\Firefox\Profiles\eb46iz7t.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMTDIV.SYS [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 02:44:30];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2009-8-27 2560]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-2-6 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R2 vfsFPService;Validity Fingerprint Service;C:\Windows\System32\vfsFPService.exe [2008-11-18 599344]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-8-23 245760]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-2-6 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-2 138912]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-2 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-11 15:01:24 -------- d-----w- C:\Users\beagle\AppData\Roaming\Malwarebytes
2012-07-11 15:01:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 15:01:14 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-11 15:01:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-11 00:12:31 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-07 04:20:43 -------- d-----w- C:\Program Files\iPod
2012-07-07 04:20:35 -------- d-----w- C:\Program Files\iTunes
2012-07-07 04:20:35 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-07 04:14:42 -------- d-----w- C:\Program Files\Bonjour
2012-07-07 04:14:42 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-29 00:26:21 -------- d-----w- C:\Users\beagle\AppData\Local\Macromedia
2012-06-21 00:46:57 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 00:46:16 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 00:46:16 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-21 00:45:59 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 00:45:59 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-21 00:45:59 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 00:45:59 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-20 02:47:46 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 02:47:46 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-14 21:44:52 7801 --sha-w- C:\Windows\SysWow64\mmf.sys
2012-07-14 00:46:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 00:46:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-25 17:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-04-25 17:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
.
============= FINISH: 17:26:45.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 14 July 2012 - 11:56 PM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tbeagle

tbeagle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 July 2012 - 01:59 PM

Thanks for your reply and help.

I set my computer up to run just Norton now. Then, I ran Security Check and Combofix as instructed.

Here is the Security Check checkup.txt:

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


Here is the Combofix log:

ComboFix 12-07-14.01 - beagle 07/15/2012 11:05:28.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.1631 [GMT -5:00]
Running from: c:\users\beagle\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\beagle\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0CD5A3C4-FAB6-47D2-B11E-850DCBF39F5B}.xps
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-11 15:01 . 2012-07-11 15:01 -------- d-----w- c:\users\beagle\AppData\Roaming\Malwarebytes
2012-07-11 15:01 . 2012-07-11 15:01 -------- d-----w- c:\programdata\Malwarebytes
2012-07-11 15:01 . 2012-07-11 15:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-11 15:01 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 00:12 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-07 04:20 . 2012-07-07 04:20 -------- d-----w- c:\program files\iPod
2012-07-07 04:20 . 2012-07-07 04:21 -------- d-----w- c:\program files\iTunes
2012-07-07 04:20 . 2012-07-07 04:21 -------- d-----w- c:\program files (x86)\iTunes
2012-07-07 04:14 . 2012-07-07 04:14 -------- d-----w- c:\program files\Bonjour
2012-07-07 04:14 . 2012-07-07 04:14 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-07 04:09 . 2012-07-07 04:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-06-29 00:26 . 2012-06-29 00:26 -------- d-----w- c:\users\beagle\AppData\Local\Macromedia
2012-06-21 00:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 00:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 00:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 00:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 00:46 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 00:46 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-21 00:46 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 00:46 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-21 00:46 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 00:46 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-21 00:45 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 00:45 . 2012-06-02 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-21 00:45 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 00:45 . 2012-06-02 20:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-20 02:47 . 2012-06-20 02:47 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 02:47 . 2012-06-20 02:47 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 00:46 . 2012-04-04 23:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 00:46 . 2011-05-24 18:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-01 14:29 . 2012-06-12 21:28 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 17:11 . 2012-04-25 17:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-04-25 17:11 . 2012-04-25 17:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-23 16:25 . 2012-06-12 21:28 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-23 16:25 . 2012-06-12 21:28 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:25 . 2012-06-12 21:28 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00 . 2012-06-12 21:28 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-23 16:00 . 2012-06-12 21:28 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-23 16:00 . 2012-06-12 21:28 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-18 966656]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-08 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-29 1148200]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-15 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2008-12-11 842816]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\beagle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 994856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 250056]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 00:46]
.
2012-07-05 c:\windows\Tasks\HPCeeScheduleForbeagle.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-06 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-17 1561384]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"combofix"="c:\combofix\CF4474.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hp-laptop.aol.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: hchdonline.com\citrixportal
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150 75.75.76.76
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\beagle\AppData\Roaming\Mozilla\Firefox\Profiles\eb46iz7t.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-Apple Computer - c:\users\beagle\AppData\Local\Barode_Games\Apple Computer\jpyaxpbn.dll
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2]
"1"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,41,89,c7,a7,5f,90,bb,
a2
"2"=hex:05,42,30,42,a7,15,e9,31,44,4c,e8,ce,26,93,4c,ff,dc,fd,7a,28,38,0d,79,
b8
"3"=hex:f3,63,02,17,10,0f,8c,72,44,b1,bf,31,22,25,c4,7d,38,a8,bc,ca,16,d6,08,
eb,9c,8b,9c,0d,35,8b,99,e4,25,24,80,ac,1f,d3,6a,72
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\81B8EBE4B3EADF39]
"1"=hex:ff,54,77,e8,ed,1b,3c,9f,5d,ea,3e,d4,ab,0a,f9,95,08,ec,0b,a5,12,35,40,
8f
"2"=hex:3b,ec,52,ae,03,c1,6c,47
"3"=hex:e8,73,92,4b,2b,dc,3e,4a,0c,09,e4,73,4c,f5,7b,cd,d6,4e,0c,92,d4,17,93,
1d,9a,60,ff,67,d4,7c,7e,e6,58,2d,6e,a7,94,81,21,90,18,78,02,19,33,85,86,b0,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:ff,54,77,e8,ed,1b,3c,9f,5d,ea,3e,d4,ab,0a,f9,95,30,e2,b8,b9,2b,a6,64,
ea,fa,8f,25,49,70,33,08,3d,04,17,e7,07,e3,67,20,68,eb,21,5e,76,47,c3,16,e0,\
"7"=hex:ff,54,77,e8,ed,1b,3c,9f,5d,ea,3e,d4,ab,0a,f9,95,d2,45,cf,99,11,98,fa,
46,a4,f6,07,e1,38,8e,05,57,57,0b,2c,39,df,50,f1,3b,ec,af,7b,78,2e,50,67,d6,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,f6,a2,1b,38,41,70,95,
50,26,45,95,77,09,e3,e5,11,05,2e,6d,a8,e6,bb,1d,5c,38,53,73,f9,a2,49,b1,af,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:93,7b,ad,6f,9a,a1,ab,70,7d,2f,32,10,e9,db,94,8e,11,ec,9d,fe,3a,4a,c4,
b8,0a,23,e3,77,19,ed,31,37,e6,aa,0d,22,92,06,11,de,a5,3b,ba,5f,ad,89,3f,92,\
"13"=hex:bf,bd,4d,36,80,e1,99,83,cb,99,cc,13,b8,80,25,1a,46,49,0b,a1,10,f0,66,
1b
"14"=hex:cc,1e,df,0f,ee,ea,6a,d9,af,5b,33,30,eb,73,e0,84,63,3c,c6,d3,a9,48,49,
25
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:39,0a,0c,f0,9d,77,20,a1,46,81,c3,67,cd,5d,e4,ab
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:cb,e6,81,5a,18,b5,c3,8e,eb,0b,a5,52,96,91,51,b1,9a,3a,cb,51,1d,17,6e,
8f,fe,ea,02,a8,b2,c0,ac,f3,bd,d4,a5,82,dd,d1,38,57,39,c7,35,a4,6b,51,5d,f3,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \103076C71E8172E2\AAEBAA674720777F98D3CB19E52B3725]
"1"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
f6,85,c6,80,d5,b6,ed,0d,87
"2"=hex:02,1f,c0,10,16,f0,88,c8
"3"=hex:7e,2d,37,e2,45,bc,42,e9,59,2b,55,c8,b9,13,2c,07,4e,6a,b8,b7,4b,4f,9c,
06,7a,1c,d9,1a,f7,ae,d8,f7,f6,2f,db,6a,b2,4e,20,e5,d6,6f,5c,ef,f9,1d,d7,17,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:81,20,8f,ab,28,6a,52,9c
"7"=hex:33,08,da,55,f6,12,dc,ab,f4,e9,74,73,21,3e,6a,85,2f,ad,11,35,1e,74,d2,
f6,d6,93,62,58,16,ac,98,9d,fb,96,15,df,14,58,40,fd,da,1c,0b,31,a3,58,f4,6f,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,f6,a2,1b,38,41,70,95,
50,26,45,95,77,09,e3,e5,11,05,2e,6d,a8,e6,bb,1d,5c,24,52,7f,86,24,1e,fd,cc,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:97,c9,43,db,87,99,83,04,19,0a,f8,cf,08,c5,64,11,9f,2c,6b,47,73,bd,36,
76,40,de,f5,23,96,7c,b3,d1,88,ca,dc,e8,10,47,21,8d,27,83,85,74,30,f7,07,e7,\
"13"=hex:56,f2,61,2a,57,3e,43,8f,5b,d7,7c,d9,a0,8f,03,19,26,1f,bb,1c,c9,74,93,
1d
"14"=hex:83,34,31,f7,8e,d5,03,43,c8,8e,e9,f6,fc,e8,bb,e7,f8,34,65,93,0a,d3,2c,
14
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:fe,4d,15,81,e6,71,53,59,e6,84,8b,1f,8b,6e,2b,5c
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:99,75,4a,62,dc,28,49,a4,c7,0f,47,95,2c,e6,ec,fb,46,a2,30,3a,dc,0a,32,
80,d9,6b,ec,3d,4d,e6,e7,43,3c,8c,d7,31,ac,bb,62,3b,2a,62,04,44,63,01,bb,ba,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847]
"1"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,86,2b,9b,9b,f3,96,a9,
e9
"2"=hex:05,83,26,a9,dc,b6,17,45,de,2e,f0,41,a5,95,91,56,fe,07,ca,23,63,6c,c8,
df,a0,cb,29,a7,07,62,23,54
"3"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,39,39,6a,6e,1d,99,29,
0e,9a,9e,61,33,16,37,68,38,ee,25,f6,f1,91,9f,21,a9,58,ec,19,f6,96,30,78,09
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\13D3AF07D4AFC792B9BD996AC108D6B5]
"1"=hex:6a,02,e3,17,35,aa,4f,41,58,69,23,a3,81,f4,a8,0e,0a,4e,8a,24,18,b0,7f,
17,12,df,d0,2e,5e,18,49,90,15,18,bd,aa,84,24,4a,2c
"2"=hex:8a,38,16,48,1e,84,02,e7
"3"=hex:cf,b4,d7,20,c3,02,b4,fd,86,20,99,71,b0,ca,d3,fb,0a,fe,d7,02,83,d3,a7,
21,83,74,ba,41,0c,48,1d,dc,ea,32,26,0b,8f,3b,74,91,db,7f,df,7e,d1,c2,de,e3,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:6a,02,e3,17,35,aa,4f,41,58,69,23,a3,81,f4,a8,0e,0a,4e,8a,24,18,b0,7f,
17,12,df,d0,2e,5e,18,49,90,dc,73,88,43,a7,ef,1c,89,82,2c,d3,15,5a,cf,a4,82,\
"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,
02,5c,f2,b7,9f,8e,b8,9a,b3,47,aa,06,9a,55,51,85,6f,7c,bd,b8,83,41,dc,29,77,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,0e,29,7c,bc,26,a7,9a,
2d,61,16,ed,1a,77,52,2b,60,99,31,f8,e1,92,d8,24,ca,35,38,08,03,a8,28,60,8c,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:92,74,7e,1e,a2,88,32,00,77,71,cd,06,e3,3d,e5,59,76,79,2b,65,23,35,77,
9f,53,2c,0b,68,04,65,d2,48,08,8e,5d,21,01,5e,63,f2,45,bb,0b,9c,ec,85,9e,5e,\
"13"=hex:4f,d6,9d,00,76,6f,56,5b,c5,dd,17,8a,7b,1c,92,e7,6b,ea,78,0f,43,4a,87,
5e
"14"=hex:0d,7e,11,86,a7,43,bb,80,cb,84,d6,9b,52,2b,0b,b6
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:65,ad,b5,4a,e6,4c,16,be,f8,eb,3c,4b,47,e9,dc,c4
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:92,f3,c8,84,1f,c6,c6,3f,44,47,1e,9e,30,39,c8,e3,96,8b,e2,cb,fa,fc,2a,
e1,16,9f,90,d9,1d,ae,9d,83,2c,da,90,c4,e7,66,f6,27,1a,90,01,b2,71,1a,26,28,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \169D180DB7FE8847\CC7B909C85BC507A2CDBC39B09A1A69B]
"1"=hex:6a,02,e3,17,35,aa,4f,41,58,69,23,a3,81,f4,a8,0e,57,fe,fa,3f,01,c1,2c,
1c,5e,e5,91,0b,2f,7e,4c,e7,3c,a9,5c,7c,76,d5,a4,ad
"2"=hex:3b,ec,52,ae,03,c1,6c,47
"3"=hex:a0,d5,e9,82,20,f6,97,3e,f5,ab,4e,ca,ea,e1,a8,a6,74,9d,6c,ad,99,c4,bd,
61,b2,ff,92,cd,56,c9,30,38,2f,00,81,7e,0b,31,54,33,97,85,d7,88,77,85,e3,0e,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:6a,02,e3,17,35,aa,4f,41,58,69,23,a3,81,f4,a8,0e,57,fe,fa,3f,01,c1,2c,
1c,5e,e5,91,0b,2f,7e,4c,e7,35,4a,1a,11,ed,6f,bf,b0,b8,00,48,6e,1e,ca,18,0c,\
"7"=hex:1a,c6,90,39,73,14,70,4f,c7,99,3b,d6,b3,40,09,16,5c,6c,8a,b0,95,8d,88,
02,5c,f2,b7,9f,8e,b8,9a,b3,47,aa,06,9a,55,51,85,6f,7c,bd,b8,83,41,dc,29,77,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,0e,29,7c,bc,26,a7,9a,
2d,61,16,ed,1a,77,52,2b,60,99,31,f8,e1,92,d8,24,ca,02,2d,a2,88,88,9c,73,65,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:09,08,1d,c4,2e,40,53,28,20,37,76,39,36,0f,cf,21,97,99,88,29,4c,0c,df,
5f,94,a5,9d,ab,2d,fd,2b,a0,50,d3,70,b7,3e,66,9a,51,2d,ea,65,fd,f7,96,ad,5a,\
"13"=hex:d8,86,43,28,1f,ff,66,52,d6,d0,86,f6,2e,7b,fa,ef,28,2b,ab,6e,82,e3,4a,
bc
"14"=hex:0d,f5,4e,44,fe,9e,11,67,d4,ec,25,e7,d8,da,e7,24
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:6d,14,d2,f6,d2,7d,70,31,03,3f,c5,e5,11,6d,09,b6
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:7b,82,9a,d3,9b,d2,e3,2e,c3,69,df,96,13,bf,13,9e,c1,3c,86,c5,67,ac,4b,
b4,4e,d0,3b,5c,53,1b,25,5b,49,7e,f6,ab,89,f2,a0,10,fe,a5,13,e7,3f,98,20,5e,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,44,f7,88,8f,b5,4c,1b,f9,3e,da,c2,d2,eb,69,77,32,91,02,8c,84,09,5e,d2,d3
"2"=hex:f1,df,16,de,80,08,0e,2a,d1,38,b5,6f,94,ca,dc,d2,b3,e8,d2,40,6c,6f,61,
5e,d2,5e,7f,21,14,b5,b2,29
"3"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,c2,97,86,6a,a5,82,f8,
d5,f2,55,76,c8,bc,53,92,25,3f,d1,b6,bc,00,35,73,43,96,90,79,f6,5b,97,35,47,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F3F0046F119EFA4F\58BBB2CAA762B86BF8228F8849EB5144]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,53,74,ea,24,5b,d9,02,83
"2"=hex:84,00,a2,e9,a5,84,bc,35
"3"=hex:cc,ce,b8,91,0b,a7,55,64,a6,63,cb,ae,09,ad,ce,0d,9a,78,00,8d,72,fd,72,
c5,5c,76,c3,87,92,50,df,f1,05,2f,aa,ac,b9,90,ed,59,7e,9d,aa,f3,2c,34,de,51,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,0b,6a,8c,ca,2a,b0,fe,b3,4b,64,48,ea,1f,44,5e,dc,e9,a1,c1,1e,2b,ba,8b,4e,\
"7"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,53,74,ea,24,5b,d9,02,83
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,dd,5f,b3,ed,0b,f3,84,
77,45,a9,de,2e,a4,95,f6,88,d1,8e,cf,5a,45,90,66,fc,23,93,03,59,55,2d,c6,bd,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:3c,ef,17,bb,11,ca,cb,ac,03,fe,09,e2,f6,2b,e6,98,2b,66,e6,60,d4,ac,51,
fe,41,f5,8d,8a,78,a6,66,9f,5e,b5,81,6d,85,aa,3d,70,37,ae,f4,14,f9,2a,e3,9c,\
"13"=hex:57,8f,da,51,d4,79,ac,c1,bc,e9,be,d2,02,3d,cf,5b,b7,30,41,84,bb,bf,e5,
dd
"14"=hex:84,23,eb,9e,98,3e,c4,f1
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:56,49,e0,dc,f4,0c,cb,e9,95,c4,42,e1,59,4f,c2,62
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:31,ac,99,bd,c7,1a,93,60,4b,b9,10,2a,31,15,c8,e7,8e,5e,b4,8b,4e,0c,b1,
71,ca,6d,6c,f3,81,da,0f,ca,5c,8f,f7,ec,35,c4,23,1d,80,50,20,83,b7,51,01,d5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\B07E347364287A4AA0F58972B4F736DB]
"1"=hex:67,c1,45,0b,0e,cc,05,8b,7d,72,6c,7c,94,20,ad,48,f7,a0,a9,3e,34,fc,8c,
d7,8c,36,b1,29,5d,f8,e5,08
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:c9,ea,82,a1,99,c0,45,a8,2e,d4,51,d7,d5,8b,9b,c5,83,6f,5a,e4,12,2e,81,
bb,8d,da,cd,78,d4,bf,60,d0,d5,1b,72,89,1c,c1,d3,53,03,be,51,a0,41,53,16,24,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:67,c1,45,0b,0e,cc,05,8b,7d,72,6c,7c,94,20,ad,48,f7,a0,a9,3e,34,fc,8c,
d7,5b,cd,9c,a9,8e,c7,41,bf,aa,b9,b8,e5,43,ad,04,2e,e9,a9,65,85,1e,c8,6b,29,\
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,60,98,b5,a5,7c,38,
74,0a,ce,60,fe,98,18,4b,86,6f,af,94,23,f4,5b,db,c2,76,6e,2b,6f,55,b2,53,6a,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:4b,72,8f,bc,6c,3f,e4,15
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:1d,93,dd,c0,30,1f,4b,c1,de,67,53,dd,34,cd,5e,d5,b4,e0,e2,45,2b,68,86,
b5,e5,69,03,01,fa,51,96,fe,db,99,25,e1,fc,ce,f5,de,67,c6,c0,74,a8,02,a1,8d,\
"13"=hex:6d,8c,ed,f4,0a,a1,03,72,a9,33,44,07,cd,43,9c,ec,5a,12,f9,84,01,7a,d8,
2f
"14"=hex:f1,f6,da,a8,ee,a5,49,3c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:f0,e9,63,34,99,14,d9,f5,b8,5e,50,e8,28,28,cf,2a
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:41,fd,19,aa,76,70,ce,20,ff,3d,51,eb,ad,dd,5d,08,55,a8,3b,d7,2f,fe,7e,
18,a8,05,ab,48,a0,a1,5a,95,8d,5d,33,eb,15,11,0b,e6,fa,82,f8,92,68,32,6f,df,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\DBF31101A5C3B93315CBBEA90ED13257]
"1"=hex:05,63,4e,ca,af,1d,39,e0,e8,3b,06,bc,35,26,5b,04,02,70,fd,49,72,ea,3f,
0d,c1,ed,7b,62,a7,87,bb,89
"2"=hex:c6,d7,96,b5,5f,fa,3f,77
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,96,a6,43,00,08,a7,a8,
d1,a4,cd,ac,42,1d,60,62,ae,4b,ee,0e,92,e7,bf,f1,1a
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\runservice.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Browny02\BrYNSvc.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-07-15 13:36:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 18:36
.
Pre-Run: 346,382,008,320 bytes free
Post-Run: 346,171,998,208 bytes free
.
- - End Of File - - 2B1F92B226E15B8EC2253AF45D301DF6


I didn't have any problems running either Security Check or Combofix. Security Check took about 3 minutes, and Combofix finished in about 2.5 hours.

I did a Google search afterwards, and it appears I'm still getting the redirects.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 15 July 2012 - 02:54 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tbeagle

tbeagle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 July 2012 - 07:37 PM

I was able to run TDSSKiller and aswMBR without any difficulties.

This is the report from TDSSKiller:

18:30:14.0456 1756 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
18:30:14.0753 1756 ============================================================
18:30:14.0753 1756 Current date / time: 2012/07/15 18:30:14.0753
18:30:14.0753 1756 SystemInfo:
18:30:14.0753 1756
18:30:14.0753 1756 OS Version: 6.0.6002 ServicePack: 2.0
18:30:14.0753 1756 Product type: Workstation
18:30:14.0753 1756 ComputerName: BEAGLE-PC
18:30:14.0753 1756 UserName: beagle
18:30:14.0753 1756 Windows directory: C:\Windows
18:30:14.0753 1756 System windows directory: C:\Windows
18:30:14.0753 1756 Running under WOW64
18:30:14.0753 1756 Processor architecture: Intel x64
18:30:14.0753 1756 Number of processors: 2
18:30:14.0753 1756 Page size: 0x1000
18:30:14.0753 1756 Boot type: Normal boot
18:30:14.0753 1756 ============================================================
18:30:16.0095 1756 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:16.0095 1756 ============================================================
18:30:16.0095 1756 \Device\Harddisk0\DR0:
18:30:16.0095 1756 MBR partitions:
18:30:16.0095 1756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38FCE000
18:30:16.0095 1756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x38FCE800, BlocksNum 0x13B6000
18:30:16.0095 1756 ============================================================
18:30:16.0142 1756 C: <-> \Device\Harddisk0\DR0\Partition0
18:30:16.0189 1756 D: <-> \Device\Harddisk0\DR0\Partition1
18:30:16.0189 1756 ============================================================
18:30:16.0189 1756 Initialize success
18:30:16.0189 1756 ============================================================
18:30:17.0218 4516 ============================================================
18:30:17.0218 4516 Scan started
18:30:17.0218 4516 Mode: Manual;
18:30:17.0218 4516 ============================================================
18:30:18.0201 4516 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:30:18.0201 4516 Accelerometer - ok
18:30:18.0248 4516 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:30:18.0248 4516 ACPI - ok
18:30:18.0404 4516 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:30:18.0404 4516 AdobeFlashPlayerUpdateSvc - ok
18:30:18.0498 4516 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:30:18.0498 4516 adp94xx - ok
18:30:18.0544 4516 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:30:18.0544 4516 adpahci - ok
18:30:18.0560 4516 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:30:18.0560 4516 adpu160m - ok
18:30:18.0607 4516 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:30:18.0607 4516 adpu320 - ok
18:30:18.0654 4516 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
18:30:18.0669 4516 AeLookupSvc - ok
18:30:18.0763 4516 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
18:30:18.0763 4516 AFD - ok
18:30:19.0059 4516 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:30:19.0059 4516 agp440 - ok
18:30:19.0122 4516 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:30:19.0122 4516 aic78xx - ok
18:30:19.0137 4516 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
18:30:19.0137 4516 ALG - ok
18:30:19.0184 4516 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
18:30:19.0184 4516 aliide - ok
18:30:19.0184 4516 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
18:30:19.0184 4516 amdide - ok
18:30:19.0231 4516 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
18:30:19.0231 4516 AmdK8 - ok
18:30:19.0293 4516 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
18:30:19.0293 4516 Appinfo - ok
18:30:19.0434 4516 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:30:19.0449 4516 Apple Mobile Device - ok
18:30:19.0496 4516 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:30:19.0496 4516 arc - ok
18:30:19.0527 4516 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:30:19.0527 4516 arcsas - ok
18:30:19.0590 4516 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:30:19.0590 4516 AsyncMac - ok
18:30:19.0621 4516 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:30:19.0636 4516 atapi - ok
18:30:19.0730 4516 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:30:19.0730 4516 AudioEndpointBuilder - ok
18:30:19.0730 4516 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:30:19.0746 4516 AudioSrv - ok
18:30:19.0777 4516 Beep - ok
18:30:19.0855 4516 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
18:30:19.0855 4516 BFE - ok
18:30:20.0073 4516 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
18:30:20.0089 4516 BHDrvx64 - ok
18:30:20.0276 4516 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
18:30:20.0276 4516 BITS - ok
18:30:20.0338 4516 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:30:20.0338 4516 blbdrive - ok
18:30:20.0463 4516 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:30:20.0463 4516 Bonjour Service - ok
18:30:20.0510 4516 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:30:20.0510 4516 bowser - ok
18:30:20.0557 4516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:30:20.0557 4516 BrFiltLo - ok
18:30:20.0572 4516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:30:20.0572 4516 BrFiltUp - ok
18:30:20.0635 4516 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
18:30:20.0635 4516 Browser - ok
18:30:20.0697 4516 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:30:20.0697 4516 Brserid - ok
18:30:20.0713 4516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:30:20.0713 4516 BrSerWdm - ok
18:30:20.0744 4516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:30:20.0744 4516 BrUsbMdm - ok
18:30:20.0760 4516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:30:20.0760 4516 BrUsbSer - ok
18:30:20.0869 4516 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
18:30:20.0869 4516 BrYNSvc - ok
18:30:20.0947 4516 BthEnum (09f926a0d9c0bafd8417a4307d2ed13c) C:\Windows\system32\DRIVERS\BthEnum.sys
18:30:20.0947 4516 BthEnum - ok
18:30:21.0009 4516 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:30:21.0009 4516 BTHMODEM - ok
18:30:21.0056 4516 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
18:30:21.0056 4516 BthPan - ok
18:30:21.0181 4516 BTHPORT (e1466882252ff51edde48c3f7eda2591) C:\Windows\system32\Drivers\BTHport.sys
18:30:21.0181 4516 BTHPORT - ok
18:30:21.0243 4516 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
18:30:21.0243 4516 BthServ - ok
18:30:21.0274 4516 BTHUSB (970192cded77a128e7e30722e5ee6b9c) C:\Windows\system32\Drivers\BTHUSB.sys
18:30:21.0290 4516 BTHUSB - ok
18:30:21.0337 4516 btwaudio (0c5d9c8b412be72c4535ec67a24c01db) C:\Windows\system32\drivers\btwaudio.sys
18:30:21.0337 4516 btwaudio - ok
18:30:21.0352 4516 btwavdt (df18e4291c43bed05b1d0c2d5c0e96d6) C:\Windows\system32\drivers\btwavdt.sys
18:30:21.0368 4516 btwavdt - ok
18:30:21.0384 4516 btwrchid (637a44c54520a9958e2e5e3ee9e26c4a) C:\Windows\system32\DRIVERS\btwrchid.sys
18:30:21.0384 4516 btwrchid - ok
18:30:21.0415 4516 catchme - ok
18:30:21.0446 4516 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:30:21.0446 4516 cdfs - ok
18:30:21.0524 4516 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:30:21.0524 4516 cdrom - ok
18:30:21.0586 4516 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:30:21.0586 4516 CertPropSvc - ok
18:30:21.0602 4516 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
18:30:21.0618 4516 circlass - ok
18:30:21.0680 4516 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:30:21.0680 4516 CLFS - ok
18:30:21.0758 4516 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:30:21.0758 4516 clr_optimization_v2.0.50727_32 - ok
18:30:21.0836 4516 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:30:21.0852 4516 clr_optimization_v2.0.50727_64 - ok
18:30:21.0945 4516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:30:21.0945 4516 clr_optimization_v4.0.30319_32 - ok
18:30:21.0992 4516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:30:21.0992 4516 clr_optimization_v4.0.30319_64 - ok
18:30:22.0023 4516 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
18:30:22.0023 4516 CmBatt - ok
18:30:22.0039 4516 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
18:30:22.0039 4516 cmdide - ok
18:30:22.0179 4516 Com4QLBEx (f9a79c5b27037821112c50a9c8fb367a) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:30:22.0179 4516 Com4QLBEx - ok
18:30:22.0210 4516 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
18:30:22.0210 4516 Compbatt - ok
18:30:22.0226 4516 COMSysApp - ok
18:30:22.0242 4516 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:30:22.0242 4516 crcdisk - ok
18:30:22.0304 4516 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
18:30:22.0304 4516 CryptSvc - ok
18:30:22.0382 4516 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:30:22.0382 4516 ctxusbm - ok
18:30:22.0476 4516 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:30:22.0491 4516 DcomLaunch - ok
18:30:22.0522 4516 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:30:22.0522 4516 DfsC - ok
18:30:22.0897 4516 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
18:30:22.0944 4516 DFSR - ok
18:30:23.0068 4516 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
18:30:23.0084 4516 Dhcp - ok
18:30:23.0146 4516 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:30:23.0146 4516 disk - ok
18:30:23.0209 4516 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
18:30:23.0209 4516 Dnscache - ok
18:30:23.0256 4516 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
18:30:23.0271 4516 dot3svc - ok
18:30:23.0365 4516 DpHost (087236f57b946424c263fa7b5bc28499) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
18:30:23.0365 4516 DpHost - ok
18:30:23.0427 4516 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
18:30:23.0427 4516 DPS - ok
18:30:23.0458 4516 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:30:23.0458 4516 drmkaud - ok
18:30:23.0552 4516 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:30:23.0568 4516 DXGKrnl - ok
18:30:23.0599 4516 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:30:23.0599 4516 E1G60 - ok
18:30:23.0661 4516 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
18:30:23.0661 4516 EapHost - ok
18:30:23.0724 4516 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:30:23.0739 4516 Ecache - ok
18:30:23.0880 4516 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:30:23.0880 4516 eeCtrl - ok
18:30:23.0942 4516 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
18:30:23.0942 4516 ehRecvr - ok
18:30:23.0958 4516 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
18:30:23.0958 4516 ehSched - ok
18:30:24.0004 4516 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
18:30:24.0004 4516 ehstart - ok
18:30:24.0067 4516 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:30:24.0067 4516 elxstor - ok
18:30:24.0129 4516 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
18:30:24.0129 4516 EMDMgmt - ok
18:30:24.0160 4516 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys
18:30:24.0160 4516 enecir - ok
18:30:24.0270 4516 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:30:24.0270 4516 EraserUtilRebootDrv - ok
18:30:24.0285 4516 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:30:24.0285 4516 ErrDev - ok
18:30:24.0348 4516 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
18:30:24.0348 4516 EventSystem - ok
18:30:24.0394 4516 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:30:24.0394 4516 exfat - ok
18:30:24.0426 4516 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:30:24.0441 4516 fastfat - ok
18:30:24.0504 4516 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:30:24.0504 4516 fdc - ok
18:30:24.0535 4516 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
18:30:24.0535 4516 fdPHost - ok
18:30:24.0550 4516 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
18:30:24.0550 4516 FDResPub - ok
18:30:24.0566 4516 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:30:24.0566 4516 FileInfo - ok
18:30:24.0597 4516 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:30:24.0597 4516 Filetrace - ok
18:30:24.0628 4516 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:30:24.0628 4516 flpydisk - ok
18:30:24.0675 4516 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:30:24.0675 4516 FltMgr - ok
18:30:24.0800 4516 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
18:30:24.0816 4516 FontCache - ok
18:30:24.0878 4516 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:30:24.0894 4516 FontCache3.0.0.0 - ok
18:30:24.0925 4516 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
18:30:24.0925 4516 Fs_Rec - ok
18:30:24.0956 4516 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:30:24.0956 4516 gagp30kx - ok
18:30:25.0018 4516 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:30:25.0018 4516 GEARAspiWDM - ok
18:30:25.0096 4516 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
18:30:25.0112 4516 gpsvc - ok
18:30:25.0159 4516 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
18:30:25.0159 4516 HdAudAddService - ok
18:30:25.0252 4516 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:30:25.0252 4516 HDAudBus - ok
18:30:25.0284 4516 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:30:25.0284 4516 HidBth - ok
18:30:25.0330 4516 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
18:30:25.0330 4516 HidIr - ok
18:30:25.0362 4516 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
18:30:25.0362 4516 hidserv - ok
18:30:25.0393 4516 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:30:25.0393 4516 HidUsb - ok
18:30:25.0408 4516 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
18:30:25.0408 4516 hkmsvc - ok
18:30:25.0518 4516 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:30:25.0518 4516 HP Health Check Service - ok
18:30:25.0564 4516 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:30:25.0564 4516 HpCISSs - ok
18:30:25.0596 4516 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:30:25.0596 4516 hpdskflt - ok
18:30:25.0627 4516 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:30:25.0627 4516 HpqKbFiltr - ok
18:30:25.0689 4516 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:30:25.0689 4516 hpqwmiex - ok
18:30:25.0705 4516 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
18:30:25.0705 4516 hpsrv - ok
18:30:25.0783 4516 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:30:25.0783 4516 HTTP - ok
18:30:25.0798 4516 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:30:25.0798 4516 i2omp - ok
18:30:25.0845 4516 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:30:25.0861 4516 i8042prt - ok
18:30:25.0892 4516 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:30:25.0892 4516 iaStorV - ok
18:30:25.0986 4516 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:30:25.0986 4516 IDriverT - ok
18:30:26.0142 4516 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:30:26.0142 4516 idsvc - ok
18:30:26.0282 4516 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120713.001\IDSvia64.sys
18:30:26.0298 4516 IDSVia64 - ok
18:30:26.0391 4516 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:30:26.0391 4516 iirsp - ok
18:30:26.0454 4516 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
18:30:26.0454 4516 IKEEXT - ok
18:30:26.0500 4516 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
18:30:26.0500 4516 intelide - ok
18:30:26.0516 4516 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:30:26.0516 4516 intelppm - ok
18:30:26.0547 4516 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
18:30:26.0563 4516 IPBusEnum - ok
18:30:26.0594 4516 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:30:26.0610 4516 IpFilterDriver - ok
18:30:26.0656 4516 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
18:30:26.0656 4516 iphlpsvc - ok
18:30:26.0656 4516 IpInIp - ok
18:30:26.0688 4516 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:30:26.0688 4516 IPMIDRV - ok
18:30:26.0719 4516 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:30:26.0719 4516 IPNAT - ok
18:30:26.0844 4516 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:30:26.0844 4516 iPod Service - ok
18:30:26.0890 4516 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:30:26.0906 4516 IRENUM - ok
18:30:26.0937 4516 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:30:26.0937 4516 isapnp - ok
18:30:26.0984 4516 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:30:26.0984 4516 iScsiPrt - ok
18:30:27.0000 4516 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:30:27.0000 4516 iteatapi - ok
18:30:27.0046 4516 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:30:27.0046 4516 iteraid - ok
18:30:27.0109 4516 JMCR (54df9eafb54a98e1a2ac3db69c16cf05) C:\Windows\system32\DRIVERS\jmcr.sys
18:30:27.0109 4516 JMCR - ok
18:30:27.0124 4516 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:30:27.0124 4516 kbdclass - ok
18:30:27.0156 4516 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
18:30:27.0156 4516 kbdhid - ok
18:30:27.0187 4516 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:30:27.0187 4516 KeyIso - ok
18:30:27.0265 4516 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
18:30:27.0280 4516 KSecDD - ok
18:30:27.0312 4516 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:30:27.0312 4516 ksthunk - ok
18:30:27.0405 4516 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
18:30:27.0405 4516 KtmRm - ok
18:30:27.0483 4516 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
18:30:27.0483 4516 LanmanServer - ok
18:30:27.0561 4516 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
18:30:27.0561 4516 LanmanWorkstation - ok
18:30:27.0624 4516 LicCtrlService (29fab5363138f6e322f4cd780ed9d337) C:\Windows\runservice.exe
18:30:27.0624 4516 LicCtrlService - ok
18:30:27.0733 4516 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:30:27.0733 4516 LightScribeService - ok
18:30:27.0780 4516 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:30:27.0780 4516 lltdio - ok
18:30:27.0842 4516 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
18:30:27.0858 4516 lltdsvc - ok
18:30:27.0873 4516 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
18:30:27.0873 4516 lmhosts - ok
18:30:27.0904 4516 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:30:27.0904 4516 LSI_FC - ok
18:30:27.0936 4516 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:30:27.0936 4516 LSI_SAS - ok
18:30:27.0967 4516 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:30:27.0967 4516 LSI_SCSI - ok
18:30:27.0967 4516 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:30:27.0967 4516 luafv - ok
18:30:28.0014 4516 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
18:30:28.0014 4516 Mcx2Svc - ok
18:30:28.0060 4516 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:30:28.0060 4516 megasas - ok
18:30:28.0138 4516 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:30:28.0138 4516 MegaSR - ok
18:30:28.0170 4516 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:30:28.0170 4516 MMCSS - ok
18:30:28.0201 4516 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:30:28.0201 4516 Modem - ok
18:30:28.0216 4516 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:30:28.0216 4516 monitor - ok
18:30:28.0232 4516 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:30:28.0232 4516 mouclass - ok
18:30:28.0294 4516 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:30:28.0294 4516 mouhid - ok
18:30:28.0326 4516 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:30:28.0326 4516 MountMgr - ok
18:30:28.0466 4516 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:30:28.0466 4516 MozillaMaintenance - ok
18:30:28.0544 4516 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:30:28.0544 4516 mpio - ok
18:30:28.0575 4516 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:30:28.0575 4516 mpsdrv - ok
18:30:28.0653 4516 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
18:30:28.0669 4516 MpsSvc - ok
18:30:28.0700 4516 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:30:28.0700 4516 Mraid35x - ok
18:30:28.0731 4516 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:30:28.0731 4516 MRxDAV - ok
18:30:28.0778 4516 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:30:28.0778 4516 mrxsmb - ok
18:30:28.0840 4516 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:30:28.0856 4516 mrxsmb10 - ok
18:30:28.0872 4516 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:30:28.0872 4516 mrxsmb20 - ok
18:30:28.0934 4516 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
18:30:28.0934 4516 msahci - ok
18:30:28.0950 4516 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:30:28.0950 4516 msdsm - ok
18:30:28.0981 4516 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
18:30:28.0981 4516 MSDTC - ok
18:30:29.0012 4516 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:30:29.0012 4516 Msfs - ok
18:30:29.0059 4516 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:30:29.0059 4516 msisadrv - ok
18:30:29.0106 4516 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
18:30:29.0106 4516 MSiSCSI - ok
18:30:29.0106 4516 msiserver - ok
18:30:29.0137 4516 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:30:29.0137 4516 MSKSSRV - ok
18:30:29.0152 4516 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:30:29.0152 4516 MSPCLOCK - ok
18:30:29.0184 4516 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:30:29.0184 4516 MSPQM - ok
18:30:29.0230 4516 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:30:29.0230 4516 MsRPC - ok
18:30:29.0246 4516 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:30:29.0246 4516 mssmbios - ok
18:30:29.0324 4516 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:30:29.0324 4516 MSTEE - ok
18:30:29.0355 4516 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:30:29.0355 4516 Mup - ok
18:30:29.0418 4516 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
18:30:29.0433 4516 napagent - ok
18:30:29.0511 4516 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:30:29.0511 4516 NativeWifiP - ok
18:30:29.0620 4516 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120714.017\ENG64.SYS
18:30:29.0620 4516 NAVENG - ok
18:30:29.0745 4516 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120714.017\EX64.SYS
18:30:29.0761 4516 NAVEX15 - ok
18:30:29.0901 4516 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:30:29.0917 4516 NDIS - ok
18:30:29.0932 4516 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:29.0932 4516 NdisTapi - ok
18:30:29.0948 4516 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:29.0948 4516 Ndisuio - ok
18:30:29.0979 4516 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:29.0979 4516 NdisWan - ok
18:30:29.0995 4516 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:30:29.0995 4516 NDProxy - ok
18:30:30.0010 4516 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:30:30.0010 4516 NetBIOS - ok
18:30:30.0073 4516 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:30:30.0073 4516 netbt - ok
18:30:30.0120 4516 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:30:30.0120 4516 Netlogon - ok
18:30:30.0151 4516 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
18:30:30.0166 4516 Netman - ok
18:30:30.0198 4516 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
18:30:30.0198 4516 netprofm - ok
18:30:30.0260 4516 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:30:30.0260 4516 NetTcpPortSharing - ok
18:30:30.0556 4516 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
18:30:30.0572 4516 NETw3v64 - ok
18:30:31.0087 4516 NETw5v64 (50d4c98bc85e87e5f38bd3960457c18b) C:\Windows\system32\DRIVERS\NETw5v64.sys
18:30:31.0134 4516 NETw5v64 - ok
18:30:31.0227 4516 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:30:31.0227 4516 nfrd960 - ok
18:30:31.0336 4516 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
18:30:31.0352 4516 NIS - ok
18:30:31.0383 4516 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
18:30:31.0383 4516 NlaSvc - ok
18:30:31.0414 4516 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:30:31.0414 4516 Npfs - ok
18:30:31.0430 4516 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
18:30:31.0430 4516 nsi - ok
18:30:31.0461 4516 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:30:31.0461 4516 nsiproxy - ok
18:30:31.0602 4516 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:30:31.0617 4516 Ntfs - ok
18:30:31.0695 4516 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:30:31.0695 4516 Null - ok
18:30:31.0726 4516 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
18:30:31.0726 4516 NVHDA - ok
18:30:32.0491 4516 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:30:32.0569 4516 nvlddmkm - ok
18:30:32.0662 4516 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:30:32.0662 4516 nvraid - ok
18:30:32.0678 4516 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:30:32.0678 4516 nvstor - ok
18:30:32.0725 4516 nvsvc (9544962d1192469ddce055873f4904c0) C:\Windows\system32\nvvsvc.exe
18:30:32.0725 4516 nvsvc - ok
18:30:32.0756 4516 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:30:32.0756 4516 nv_agp - ok
18:30:32.0756 4516 NwlnkFlt - ok
18:30:32.0772 4516 NwlnkFwd - ok
18:30:32.0834 4516 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
18:30:32.0834 4516 ohci1394 - ok
18:30:32.0943 4516 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:30:32.0943 4516 ose - ok
18:30:33.0302 4516 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:30:33.0333 4516 osppsvc - ok
18:30:33.0489 4516 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:30:33.0505 4516 p2pimsvc - ok
18:30:33.0505 4516 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:30:33.0520 4516 p2psvc - ok
18:30:33.0583 4516 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:30:33.0583 4516 Parport - ok
18:30:33.0614 4516 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
18:30:33.0614 4516 partmgr - ok
18:30:33.0645 4516 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
18:30:33.0645 4516 PcaSvc - ok
18:30:33.0692 4516 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:30:33.0692 4516 pci - ok
18:30:33.0708 4516 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
18:30:33.0708 4516 pciide - ok
18:30:33.0739 4516 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:30:33.0739 4516 pcmcia - ok
18:30:33.0801 4516 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:30:33.0801 4516 PEAUTH - ok
18:30:33.0879 4516 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
18:30:33.0895 4516 PerfHost - ok
18:30:34.0004 4516 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
18:30:34.0020 4516 pla - ok
18:30:34.0066 4516 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
18:30:34.0066 4516 PlugPlay - ok
18:30:34.0160 4516 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:30:34.0160 4516 PNRPAutoReg - ok
18:30:34.0176 4516 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:30:34.0176 4516 PNRPsvc - ok
18:30:34.0238 4516 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
18:30:34.0254 4516 PolicyAgent - ok
18:30:34.0316 4516 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:30:34.0316 4516 PptpMiniport - ok
18:30:34.0347 4516 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:30:34.0347 4516 Processor - ok
18:30:34.0410 4516 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
18:30:34.0410 4516 ProfSvc - ok
18:30:34.0441 4516 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:30:34.0456 4516 ProtectedStorage - ok
18:30:34.0488 4516 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:30:34.0488 4516 PSched - ok
18:30:34.0581 4516 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:30:34.0597 4516 ql2300 - ok
18:30:34.0628 4516 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:30:34.0628 4516 ql40xx - ok
18:30:34.0659 4516 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
18:30:34.0659 4516 QWAVE - ok
18:30:34.0675 4516 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:30:34.0675 4516 QWAVEdrv - ok
18:30:34.0706 4516 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:30:34.0706 4516 RasAcd - ok
18:30:34.0768 4516 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
18:30:34.0768 4516 RasAuto - ok
18:30:34.0815 4516 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:30:34.0815 4516 Rasl2tp - ok
18:30:34.0846 4516 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
18:30:34.0846 4516 RasMan - ok
18:30:34.0878 4516 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:30:34.0878 4516 RasPppoe - ok
18:30:34.0924 4516 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:30:34.0924 4516 RasSstp - ok
18:30:34.0956 4516 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:30:34.0971 4516 rdbss - ok
18:30:35.0002 4516 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:30:35.0002 4516 RDPCDD - ok
18:30:35.0034 4516 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:30:35.0034 4516 rdpdr - ok
18:30:35.0034 4516 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:30:35.0034 4516 RDPENCDD - ok
18:30:35.0096 4516 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
18:30:35.0096 4516 RDPWD - ok
18:30:35.0190 4516 Recovery Service for Windows (bc0a4d47472b042537f4e57b950415fa) C:\Program Files (x86)\SMINST\BLService.exe
18:30:35.0190 4516 Recovery Service for Windows - ok
18:30:35.0221 4516 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
18:30:35.0221 4516 RemoteAccess - ok
18:30:35.0252 4516 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
18:30:35.0252 4516 RemoteRegistry - ok
18:30:35.0330 4516 RFCOMM (cd71e053d7260e4102d99a28f9196070) C:\Windows\system32\DRIVERS\rfcomm.sys
18:30:35.0330 4516 RFCOMM - ok
18:30:35.0392 4516 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:30:35.0392 4516 RichVideo - ok
18:30:35.0408 4516 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
18:30:35.0408 4516 RpcLocator - ok
18:30:35.0486 4516 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:30:35.0502 4516 RpcSs - ok
18:30:35.0517 4516 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:30:35.0533 4516 rspndr - ok
18:30:35.0580 4516 RTL8169 (8b91737da75add21cb1554b38089196a) C:\Windows\system32\DRIVERS\Rtlh64.sys
18:30:35.0580 4516 RTL8169 - ok
18:30:35.0626 4516 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:30:35.0626 4516 SamSs - ok
18:30:35.0658 4516 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:30:35.0658 4516 sbp2port - ok
18:30:35.0689 4516 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
18:30:35.0689 4516 SCardSvr - ok
18:30:35.0767 4516 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
18:30:35.0782 4516 Schedule - ok
18:30:35.0814 4516 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:30:35.0814 4516 SCPolicySvc - ok
18:30:35.0860 4516 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
18:30:35.0860 4516 sdbus - ok
18:30:35.0892 4516 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
18:30:35.0892 4516 SDRSVC - ok
18:30:35.0923 4516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:30:35.0923 4516 secdrv - ok
18:30:35.0938 4516 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
18:30:35.0938 4516 seclogon - ok
18:30:35.0970 4516 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
18:30:35.0970 4516 SENS - ok
18:30:35.0985 4516 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
18:30:35.0985 4516 Serenum - ok
18:30:36.0016 4516 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:30:36.0016 4516 Serial - ok
18:30:36.0032 4516 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:30:36.0032 4516 sermouse - ok
18:30:36.0079 4516 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
18:30:36.0079 4516 SessionEnv - ok
18:30:36.0110 4516 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:30:36.0110 4516 sffdisk - ok
18:30:36.0110 4516 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:30:36.0110 4516 sffp_mmc - ok
18:30:36.0126 4516 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:30:36.0126 4516 sffp_sd - ok
18:30:36.0141 4516 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
18:30:36.0141 4516 sfloppy - ok
18:30:36.0188 4516 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
18:30:36.0204 4516 SharedAccess - ok
18:30:36.0282 4516 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
18:30:36.0282 4516 ShellHWDetection - ok
18:30:36.0313 4516 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:30:36.0313 4516 SiSRaid2 - ok
18:30:36.0328 4516 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:30:36.0328 4516 SiSRaid4 - ok
18:30:36.0531 4516 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
18:30:36.0547 4516 slsvc - ok
18:30:36.0640 4516 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
18:30:36.0656 4516 SLUINotify - ok
18:30:36.0718 4516 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:30:36.0718 4516 Smb - ok
18:30:36.0734 4516 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
18:30:36.0750 4516 SNMPTRAP - ok
18:30:36.0781 4516 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:30:36.0781 4516 spldr - ok
18:30:36.0828 4516 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
18:30:36.0828 4516 Spooler - ok
18:30:36.0968 4516 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
18:30:36.0968 4516 SRTSP - ok
18:30:36.0984 4516 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
18:30:36.0984 4516 SRTSPX - ok
18:30:37.0046 4516 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:30:37.0046 4516 srv - ok
18:30:37.0093 4516 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:30:37.0093 4516 srv2 - ok
18:30:37.0108 4516 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:30:37.0108 4516 srvnet - ok
18:30:37.0155 4516 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
18:30:37.0155 4516 SSDPSRV - ok
18:30:37.0233 4516 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
18:30:37.0233 4516 SstpSvc - ok
18:30:37.0327 4516 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
18:30:37.0327 4516 STacSV - ok
18:30:37.0405 4516 Steam Client Service - ok
18:30:37.0498 4516 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
18:30:37.0498 4516 STHDA - ok
18:30:37.0561 4516 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
18:30:37.0576 4516 stisvc - ok
18:30:37.0608 4516 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:30:37.0608 4516 swenum - ok
18:30:37.0670 4516 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
18:30:37.0670 4516 swprv - ok
18:30:37.0701 4516 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:30:37.0701 4516 Symc8xx - ok
18:30:37.0795 4516 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
18:30:37.0810 4516 SymDS - ok
18:30:37.0873 4516 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
18:30:37.0888 4516 SymEFA - ok
18:30:37.0920 4516 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
18:30:37.0920 4516 SymEvent - ok
18:30:37.0982 4516 SymIM (3aa3b2df451da88c38ab00b19fa3562e) C:\Windows\system32\DRIVERS\SymIMv.sys
18:30:37.0982 4516 SymIM - ok
18:30:38.0029 4516 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
18:30:38.0029 4516 SymIRON - ok
18:30:38.0091 4516 SYMTDIv (61d06be74fa23ebb7d816e4468edd19e) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMTDIV.SYS
18:30:38.0091 4516 SYMTDIv - ok
18:30:38.0122 4516 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:30:38.0122 4516 Sym_hi - ok
18:30:38.0122 4516 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:30:38.0122 4516 Sym_u3 - ok
18:30:38.0169 4516 SynTP (f1e453df1ccb8ac217b6efcc77466d65) C:\Windows\system32\DRIVERS\SynTP.sys
18:30:38.0169 4516 SynTP - ok
18:30:38.0247 4516 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
18:30:38.0263 4516 SysMain - ok
18:30:38.0294 4516 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
18:30:38.0294 4516 TabletInputService - ok
18:30:38.0341 4516 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
18:30:38.0341 4516 TapiSrv - ok
18:30:38.0372 4516 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
18:30:38.0372 4516 TBS - ok
18:30:38.0544 4516 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
18:30:38.0544 4516 Tcpip - ok
18:30:38.0762 4516 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
18:30:38.0778 4516 Tcpip6 - ok
18:30:38.0871 4516 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
18:30:38.0871 4516 tcpipreg - ok
18:30:38.0902 4516 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:30:38.0902 4516 TDPIPE - ok
18:30:38.0918 4516 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:30:38.0918 4516 TDTCP - ok
18:30:38.0949 4516 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:30:38.0949 4516 tdx - ok
18:30:38.0980 4516 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:30:38.0980 4516 TermDD - ok
18:30:39.0043 4516 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
18:30:39.0058 4516 TermService - ok
18:30:39.0090 4516 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
18:30:39.0105 4516 Themes - ok
18:30:39.0121 4516 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:30:39.0121 4516 THREADORDER - ok
18:30:39.0152 4516 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
18:30:39.0152 4516 TrkWks - ok
18:30:39.0199 4516 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
18:30:39.0214 4516 TrustedInstaller - ok
18:30:39.0230 4516 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:39.0246 4516 tssecsrv - ok
18:30:39.0292 4516 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:30:39.0292 4516 tunnel - ok
18:30:39.0402 4516 TVCapSvc (1c31169dddc70c1605f703da701eaeea) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
18:30:39.0402 4516 TVCapSvc - ok
18:30:39.0417 4516 TVSched (290b8c381dbc15d3dbcbd2bdb6b0ba12) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
18:30:39.0417 4516 TVSched - ok
18:30:39.0433 4516 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:30:39.0433 4516 uagp35 - ok
18:30:39.0495 4516 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:30:39.0495 4516 udfs - ok
18:30:39.0558 4516 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
18:30:39.0558 4516 UI0Detect - ok
18:30:39.0589 4516 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:30:39.0589 4516 uliagpkx - ok
18:30:39.0636 4516 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:30:39.0636 4516 uliahci - ok
18:30:39.0667 4516 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:30:39.0667 4516 UlSata - ok
18:30:39.0682 4516 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:30:39.0682 4516 ulsata2 - ok
18:30:39.0698 4516 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:30:39.0698 4516 umbus - ok
18:30:39.0745 4516 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
18:30:39.0745 4516 upnphost - ok
18:30:39.0792 4516 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:30:39.0792 4516 USBAAPL64 - ok
18:30:39.0838 4516 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:39.0838 4516 usbccgp - ok
18:30:39.0870 4516 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:30:39.0870 4516 usbcir - ok
18:30:39.0901 4516 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:30:39.0901 4516 usbehci - ok
18:30:39.0932 4516 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:30:39.0932 4516 usbhub - ok
18:30:39.0963 4516 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
18:30:39.0963 4516 usbohci - ok
18:30:39.0994 4516 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
18:30:39.0994 4516 usbprint - ok
18:30:40.0057 4516 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
18:30:40.0057 4516 usbscan - ok
18:30:40.0104 4516 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:40.0104 4516 USBSTOR - ok
18:30:40.0119 4516 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:30:40.0119 4516 usbuhci - ok
18:30:40.0182 4516 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
18:30:40.0197 4516 usbvideo - ok
18:30:40.0228 4516 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
18:30:40.0228 4516 UxSms - ok
18:30:40.0291 4516 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
18:30:40.0306 4516 vds - ok
18:30:40.0369 4516 vfsFPService (4b6f9959f8df8fadc8170cd8a6bce5c2) C:\Windows\system32\vfsFPService.exe
18:30:40.0369 4516 vfsFPService - ok
18:30:40.0462 4516 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:40.0462 4516 vga - ok
18:30:40.0478 4516 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:30:40.0478 4516 VgaSave - ok
18:30:40.0509 4516 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
18:30:40.0509 4516 viaide - ok
18:30:40.0540 4516 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:30:40.0540 4516 volmgr - ok
18:30:40.0603 4516 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:30:40.0618 4516 volmgrx - ok
18:30:40.0665 4516 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:30:40.0665 4516 volsnap - ok
18:30:40.0696 4516 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:30:40.0696 4516 vsmraid - ok
18:30:40.0806 4516 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
18:30:40.0821 4516 VSS - ok
18:30:40.0930 4516 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
18:30:40.0930 4516 W32Time - ok
18:30:40.0993 4516 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:30:40.0993 4516 WacomPen - ok
18:30:41.0024 4516 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:41.0024 4516 Wanarp - ok
18:30:41.0040 4516 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:41.0040 4516 Wanarpv6 - ok
18:30:41.0102 4516 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
18:30:41.0118 4516 wcncsvc - ok
18:30:41.0133 4516 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
18:30:41.0133 4516 WcsPlugInService - ok
18:30:41.0164 4516 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:30:41.0164 4516 Wd - ok
18:30:41.0227 4516 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:30:41.0242 4516 Wdf01000 - ok
18:30:41.0274 4516 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:30:41.0274 4516 WdiServiceHost - ok
18:30:41.0274 4516 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:30:41.0274 4516 WdiSystemHost - ok
18:30:41.0305 4516 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
18:30:41.0320 4516 WebClient - ok
18:30:41.0367 4516 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
18:30:41.0367 4516 Wecsvc - ok
18:30:41.0398 4516 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
18:30:41.0398 4516 wercplsupport - ok
18:30:41.0414 4516 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
18:30:41.0414 4516 WerSvc - ok
18:30:41.0445 4516 WinDefend - ok
18:30:41.0445 4516 WinHttpAutoProxySvc - ok
18:30:41.0539 4516 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
18:30:41.0539 4516 Winmgmt - ok
18:30:41.0742 4516 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
18:30:41.0757 4516 WinRM - ok
18:30:41.0866 4516 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys
18:30:41.0866 4516 WinUSB - ok
18:30:41.0944 4516 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
18:30:41.0944 4516 Wlansvc - ok
18:30:41.0976 4516 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:30:41.0976 4516 WmiAcpi - ok
18:30:42.0038 4516 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
18:30:42.0054 4516 wmiApSrv - ok
18:30:42.0069 4516 WMPNetworkSvc - ok
18:30:42.0100 4516 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
18:30:42.0100 4516 WPCSvc - ok
18:30:42.0147 4516 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
18:30:42.0147 4516 WPDBusEnum - ok
18:30:42.0210 4516 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:30:42.0210 4516 WpdUsb - ok
18:30:42.0381 4516 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:30:42.0397 4516 WPFFontCache_v0400 - ok
18:30:42.0412 4516 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:30:42.0412 4516 ws2ifsl - ok
18:30:42.0444 4516 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
18:30:42.0459 4516 wscsvc - ok
18:30:42.0459 4516 WSearch - ok
18:30:42.0693 4516 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:30:42.0709 4516 wuauserv - ok
18:30:42.0834 4516 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:42.0834 4516 WUDFRd - ok
18:30:42.0880 4516 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
18:30:42.0880 4516 wudfsvc - ok
18:30:42.0912 4516 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
18:30:42.0912 4516 yukonx64 - ok
18:30:43.0021 4516 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
18:30:43.0021 4516 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
18:30:43.0068 4516 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
18:30:43.0192 4516 \Device\Harddisk0\DR0 - ok
18:30:43.0192 4516 Boot (0x1200) (3baf2e9ce931735bc5dcfeef672cedce) \Device\Harddisk0\DR0\Partition0
18:30:43.0208 4516 \Device\Harddisk0\DR0\Partition0 - ok
18:30:43.0208 4516 Boot (0x1200) (cd236b458241b612134fb4eb199380b9) \Device\Harddisk0\DR0\Partition1
18:30:43.0208 4516 \Device\Harddisk0\DR0\Partition1 - ok
18:30:43.0208 4516 ============================================================
18:30:43.0208 4516 Scan finished
18:30:43.0208 4516 ============================================================
18:30:43.0224 4468 Detected object count: 0
18:30:43.0224 4468 Actual detected object count: 0


This is the report from aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 18:35:11
-----------------------------
18:35:11.711 OS Version: Windows x64 6.0.6002 Service Pack 2
18:35:11.711 Number of processors: 2 586 0x170A
18:35:11.711 ComputerName: BEAGLE-PC UserName: beagle
18:35:13.932 Initialize success
18:48:07.151 AVAST engine defs: 12071501
18:50:11.104 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:50:11.104 Disk 0 Vendor: TOSHIBA_MK5055GSX FG002C Size: 476940MB BusType: 3
18:50:11.136 Disk 0 MBR read successfully
18:50:11.136 Disk 0 MBR scan
18:50:11.151 Disk 0 unknown MBR code
18:50:11.151 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466844 MB offset 2048
18:50:11.198 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10092 MB offset 956098560
18:50:11.245 Disk 0 scanning C:\Windows\system32\drivers
18:50:24.084 Service scanning
18:51:11.554 Modules scanning
18:51:11.554 Disk 0 trace - called modules:
18:51:11.586 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:51:11.601 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005eec300]
18:51:11.601 3 CLASSPNP.SYS[fffffa6000a4ac33] -> nt!IofCallDriver -> [0xfffffa8004dce8f0]
18:51:11.601 5 hpdskflt.sys[fffffa6001bf30ee] -> nt!IofCallDriver -> [0xfffffa8004c34520]
18:51:11.601 7 acpi.sys[fffffa6000901fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004110940]
18:51:13.489 AVAST engine scan C:\Windows
18:51:19.854 AVAST engine scan C:\Windows\system32
18:56:12.244 AVAST engine scan C:\Windows\system32\drivers
18:56:34.552 AVAST engine scan C:\Users\beagle
19:25:11.678 AVAST engine scan C:\ProgramData
19:27:58.379 Scan finished successfully
19:30:25.160 Disk 0 MBR has been saved successfully to "C:\Users\beagle\Desktop\MBR.dat"
19:30:25.175 The log file has been saved successfully to "C:\Users\beagle\Desktop\aswMBR.txt"


Another file (MBR.dat) was generated after running aswMBR. Do I need to do anything with this?

Thanks again.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 15 July 2012 - 08:01 PM

Hello

Save it for now.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tbeagle

tbeagle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 July 2012 - 08:52 PM

I was able to run Farbar Recovery Scan Tool x64 without difficulty.

This is the report for FRST.txt


Scan result of Farbar Recovery Scan Tool Version: 15-07-2012
Ran by SYSTEM at 15-07-2012 20:38:46
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1561384 2008-07-17] (Synaptics, Inc.)
HKLM\...\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [1148200 2008-11-28] (CyberLink Corp.)
HKLM-x32\...\Run: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [1316136 2008-12-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [189736 2008-12-25] (CyberLink)
HKLM-x32\...\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [210216 2009-01-21] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [218408 2008-11-14] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2008-11-26] (CyberLink Corp.)
HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2008-12-10] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [210216 2008-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [210216 2008-06-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)
HKLM-x32\...\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\beagle\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2008-06-09] (Hewlett-Packard Company)
HKU\beagle\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard)
HKU\beagle\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-03-08] (Valve Corporation)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard)
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2009-04-10] (Microsoft Corporation)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [966656 2008-11-18] (Hewlett-Packard)
Tcpip\Parameters: [DhcpNameServer] 68.87.85.102 68.87.69.150 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\beagle\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 LicCtrlService; C:\Windows\runservice.exe [2560 2009-08-27] ()
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2008-11-26] ()
2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2008-11-26] ()
2 vfsFPService; C:\Windows\system32\vfsFPService.exe [721712 2008-11-18] (Validity Sensors, Inc.)
2 vfsFPService; C:\Windows\SysWow64\vfsFPService.exe [599344 2008-11-18] (Validity Sensors, Inc.)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-31] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-05-31] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120713.001\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120714.017\ENG64.SYS [120440 2012-07-07] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120714.017\EX64.SYS [2068600 2012-07-07] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-07-21] (Symantec Corporation)
1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-03-30] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMTDIV.SYS [432760 2011-04-20] (Symantec Corporation)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2008-11-28] (CyberLink Corp.)
1 Beep; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-15 16:30 - 2012-07-15 16:30 - 00002043 ____A C:\Users\beagle\Desktop\aswMBR.txt
2012-07-15 16:30 - 2012-07-15 16:30 - 00000512 ____A C:\Users\beagle\Desktop\MBR.dat
2012-07-15 15:32 - 2012-07-15 15:34 - 04731392 ____A (AVAST Software) C:\Users\beagle\Desktop\aswMBR.exe
2012-07-15 15:25 - 2012-07-15 15:26 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\beagle\Desktop\tdsskiller.exe
2012-07-15 10:41 - 2012-07-15 10:41 - 00032565 ____A C:\Users\beagle\Desktop\ComboFix.txt
2012-07-15 10:36 - 2012-07-15 10:36 - 00032565 ____A C:\ComboFix.txt
2012-07-15 08:01 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-15 08:01 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-15 08:01 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-15 08:01 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-15 08:01 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-15 08:01 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-15 08:01 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-15 08:01 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-15 08:00 - 2012-07-15 10:36 - 00000000 ____D C:\Qoobox
2012-07-15 08:00 - 2012-07-15 10:34 - 00000000 ____D C:\Windows\erdnt
2012-07-15 07:56 - 2012-07-15 07:56 - 04579346 ____R (Swearware) C:\Users\beagle\Desktop\ComboFix.exe
2012-07-15 07:49 - 2012-07-15 07:49 - 00000983 ____A C:\Users\beagle\Desktop\checkup.txt
2012-07-15 07:42 - 2012-07-15 07:42 - 00881475 ____A C:\Users\beagle\Desktop\SecurityCheck.exe
2012-07-14 14:33 - 2012-07-14 14:33 - 00008333 ____A C:\Users\beagle\Desktop\Attach.txt
2012-07-14 14:32 - 2012-07-14 14:32 - 00026873 ____A C:\Users\beagle\Desktop\DDS.txt
2012-07-14 14:20 - 2012-07-14 14:20 - 00607260 ____R (Swearware) C:\Users\beagle\Desktop\dds.scr
2012-07-13 16:03 - 2012-07-15 15:46 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 07:01 - 2012-07-11 07:01 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 07:01 - 2012-07-11 07:01 - 00000948 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 07:01 - 2012-07-11 07:01 - 00000000 ____D C:\Users\beagle\Application Data\Malwarebytes
2012-07-11 07:01 - 2012-07-11 07:01 - 00000000 ____D C:\Users\beagle\AppData\Roaming\Malwarebytes
2012-07-11 07:01 - 2012-07-11 07:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-11 07:01 - 2012-07-11 07:01 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-07-11 07:01 - 2012-07-11 07:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-11 07:01 - 2012-04-04 12:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-11 00:02 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 00:02 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 00:02 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 00:02 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 00:02 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 00:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 00:02 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 00:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 00:02 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 00:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 00:02 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 00:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 00:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 00:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 00:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 00:02 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 00:02 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 00:02 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 00:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 00:02 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 00:02 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 00:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 00:02 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 00:02 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 00:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 00:02 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 00:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 00:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 00:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 17:31 - 2012-07-10 19:32 - 00000000 ____D C:\Users\beagle\Desktop\Website
2012-07-10 16:12 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 16:12 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 16:12 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 16:12 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 16:12 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 16:12 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 16:12 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 16:12 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 16:12 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 16:12 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 16:12 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 16:12 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-06 20:21 - 2012-07-06 20:21 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-06 20:21 - 2012-07-06 20:21 - 00001694 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-07-06 20:20 - 2012-07-06 20:21 - 00000000 ____D C:\Program Files\iTunes
2012-07-06 20:20 - 2012-07-06 20:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-07-06 20:20 - 2012-07-06 20:20 - 00000000 ____D C:\Program Files\iPod
2012-07-06 20:14 - 2012-07-06 20:14 - 00000000 ____D C:\Program Files\Bonjour
2012-07-06 20:14 - 2012-07-06 20:14 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-07-06 20:09 - 2012-07-06 20:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-06-28 16:26 - 2012-06-28 16:26 - 00000000 ____D C:\Users\beagle\Local Settings\Macromedia
2012-06-28 16:26 - 2012-06-28 16:26 - 00000000 ____D C:\Users\beagle\Local Settings\Application Data\Macromedia
2012-06-28 16:26 - 2012-06-28 16:26 - 00000000 ____D C:\Users\beagle\AppData\Local\Macromedia
2012-06-20 16:46 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-20 16:46 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-20 16:46 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-20 16:46 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-20 16:46 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-20 16:46 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-20 16:46 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-20 16:46 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-20 16:46 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-20 16:46 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-20 16:45 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-20 16:45 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-20 16:45 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 16:45 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe


============ 3 Months Modified Files ========================

2012-07-15 17:35 - 2009-07-20 01:09 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-07-15 17:35 - 2006-11-02 07:42 - 00032650 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-15 17:35 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-15 17:34 - 2009-08-27 20:07 - 00007801 __ASH C:\Windows\SysWOW64\mmf.sys
2012-07-15 17:34 - 2009-08-25 17:07 - 00116034 ____A C:\Users\All Users\nvModes.001
2012-07-15 17:34 - 2009-08-25 17:07 - 00116034 ____A C:\Users\All Users\Application Data\nvModes.001
2012-07-15 17:34 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-15 17:34 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-15 17:33 - 2009-07-20 01:09 - 02002642 ____A C:\Windows\WindowsUpdate.log
2012-07-15 17:06 - 2009-08-24 20:42 - 00116034 ____A C:\Users\All Users\nvModes.dat
2012-07-15 17:06 - 2009-08-24 20:42 - 00116034 ____A C:\Users\All Users\Application Data\nvModes.dat
2012-07-15 16:30 - 2012-07-15 16:30 - 00002043 ____A C:\Users\beagle\Desktop\aswMBR.txt
2012-07-15 16:30 - 2012-07-15 16:30 - 00000512 ____A C:\Users\beagle\Desktop\MBR.dat
2012-07-15 15:46 - 2012-07-13 16:03 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-15 15:34 - 2012-07-15 15:32 - 04731392 ____A (AVAST Software) C:\Users\beagle\Desktop\aswMBR.exe
2012-07-15 15:26 - 2012-07-15 15:25 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\beagle\Desktop\tdsskiller.exe
2012-07-15 10:41 - 2012-07-15 10:41 - 00032565 ____A C:\Users\beagle\Desktop\ComboFix.txt
2012-07-15 10:36 - 2012-07-15 10:36 - 00032565 ____A C:\ComboFix.txt
2012-07-15 10:29 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2012-07-15 10:28 - 2008-01-20 19:26 - 00697346 ____A C:\Windows\PFRO.log
2012-07-15 10:27 - 2006-11-02 04:33 - 74448896 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-15 10:27 - 2006-11-02 04:33 - 56360960 ____A C:\Windows\System32\config\COMPONENTS.bak
2012-07-15 10:27 - 2006-11-02 04:33 - 19660800 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-15 10:27 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-15 10:27 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-07-15 10:27 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-15 07:56 - 2012-07-15 07:56 - 04579346 ____R (Swearware) C:\Users\beagle\Desktop\ComboFix.exe
2012-07-15 07:49 - 2012-07-15 07:49 - 00000983 ____A C:\Users\beagle\Desktop\checkup.txt
2012-07-15 07:42 - 2012-07-15 07:42 - 00881475 ____A C:\Users\beagle\Desktop\SecurityCheck.exe
2012-07-14 14:33 - 2012-07-14 14:33 - 00008333 ____A C:\Users\beagle\Desktop\Attach.txt
2012-07-14 14:32 - 2012-07-14 14:32 - 00026873 ____A C:\Users\beagle\Desktop\DDS.txt
2012-07-14 14:20 - 2012-07-14 14:20 - 00607260 ____R (Swearware) C:\Users\beagle\Desktop\dds.scr
2012-07-13 16:46 - 2012-04-04 15:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-13 16:46 - 2011-05-24 10:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 07:01 - 2012-07-11 07:01 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 07:01 - 2012-07-11 07:01 - 00000948 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-11 00:35 - 2006-11-02 07:21 - 00317152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:05 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-06 20:21 - 2012-07-06 20:21 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-06 20:21 - 2012-07-06 20:21 - 00001694 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-07-05 15:50 - 2009-08-23 12:04 - 00000338 ____A C:\Windows\Tasks\HPCeeScheduleForbeagle.job
2012-06-29 11:39 - 2011-01-28 21:15 - 00002637 ____A C:\Users\beagle\Desktop\Microsoft Word 2010.lnk
2012-06-26 11:37 - 2010-01-19 12:45 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-13 05:58 - 2012-07-11 00:02 - 02769408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 00:56 - 2011-07-21 19:54 - 00002270 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-06-13 00:56 - 2011-07-21 19:54 - 00002270 ____A C:\Users\All Users\Desktop\Norton Internet Security.lnk
2012-06-13 00:31 - 2006-11-02 04:46 - 00719076 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-08 09:59 - 2012-07-10 16:12 - 12899840 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 09:47 - 2012-07-10 16:12 - 11586048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 16:42 - 2010-02-05 13:27 - 00000680 ____A C:\Users\beagle\Local Settings\d3d9caps.dat
2012-06-06 16:42 - 2010-02-05 13:27 - 00000680 ____A C:\Users\beagle\Local Settings\Application Data\d3d9caps.dat
2012-06-06 16:42 - 2010-02-05 13:27 - 00000680 ____A C:\Users\beagle\AppData\Local\d3d9caps.dat
2012-06-05 08:47 - 2012-07-10 16:12 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 08:47 - 2012-07-10 16:12 - 01248768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 08:22 - 2012-07-10 16:12 - 01869824 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 08:22 - 2012-07-10 16:12 - 01797120 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-04 07:29 - 2012-07-10 16:12 - 00516480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 14:19 - 2012-06-20 16:46 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 16:46 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 16:46 - 00577048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2012-06-02 14:19 - 2012-06-20 16:46 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 16:46 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 16:46 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-20 16:46 - 00035864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2012-06-02 14:15 - 2012-06-20 16:46 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 16:46 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-20 16:46 - 00088576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2012-06-02 12:19 - 2012-06-20 16:45 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:19 - 2012-06-20 16:45 - 00171904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2012-06-02 12:15 - 2012-06-20 16:45 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 12:12 - 2012-06-20 16:45 - 00033792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2012-06-02 04:49 - 2012-07-11 00:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 00:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 00:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 00:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 00:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 00:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 00:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 00:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 00:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 00:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 00:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 00:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 00:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 00:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 00:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 00:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 00:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 16:22 - 2012-07-10 16:12 - 00347136 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 16:22 - 2012-07-10 16:12 - 00254464 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 16:05 - 2012-07-10 16:12 - 00077312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 16:04 - 2012-07-10 16:12 - 00278528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 16:03 - 2012-07-10 16:12 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-05-22 20:41 - 2011-01-28 21:16 - 00002595 ____A C:\Users\beagle\Desktop\Microsoft Excel 2010.lnk
2012-05-16 15:19 - 2012-05-16 15:17 - 03500544 ____A C:\Users\beagle\Desktop\MDBPlus_v2.14.exe
2012-05-01 06:29 - 2012-06-12 13:28 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 09:11 - 2012-04-25 09:11 - 04547944 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-04-25 09:11 - 2012-04-25 09:11 - 00052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys
2012-04-23 08:25 - 2012-06-12 13:28 - 01267200 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:25 - 2012-06-12 13:28 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:25 - 2012-06-12 13:28 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 08:00 - 2012-06-12 13:28 - 00984064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 08:00 - 2012-06-12 13:28 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 08:00 - 2012-06-12 13:28 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 4062.25 MB
Available physical RAM: 3387.04 MB
Total Pagefile: 3737.73 MB
Available Pagefile: 3367.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:455.9 GB) (Free:322.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:9.86 GB) (Free:1.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (TravelDrive) (Removable) (Total:0.23 GB) (Free:0.1 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1024 KB
Disk 1 Online 239 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 456 GB 1024 KB
Partition 2 Primary 10 GB 456 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 456 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RECOVERY NTFS Partition 10 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 239 MB 2048 B

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F TravelDrive FAT Removable 239 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-15 10:35

======================= End Of Log ==========================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 15 July 2012 - 09:12 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tbeagle

tbeagle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 July 2012 - 10:03 PM

After running the batch file, a file called Log1.txt was created.

Here are the contents of Log1.txt



Windows IP Configuration

Host Name . . . . . . . . . . . . : beagle-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.tx.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.tx.comcast.net.
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-1E-65-60-08-74
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5124:1b62:e463:a46c%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, July 15, 2012 8:47:06 PM
Lease Expires . . . . . . . . . . : Monday, July 16, 2012 8:47:07 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 318774885
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-F5-EE-82-00-26-9E-11-07-3E
DNS Servers . . . . . . . . . . . : 68.87.85.102
68.87.69.150
75.75.76.76
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-24-7E-AB-A0-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-26-9E-11-07-3E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.tx.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{99A38EE9-40F6-4F54-A3A4-80944AABE7F0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: cns.cmc.co.denver.comcast.net
Address: 68.87.85.102

Name: google.com
Addresses: 2001:4860:800a::64
74.125.45.102
74.125.45.101
74.125.45.138
74.125.45.113
74.125.45.100
74.125.45.139

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 68.87.85.102

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24



Pinging google.com [173.194.37.72] with 32 bytes of data:

Reply from 173.194.37.72: bytes=32 time=33ms TTL=55

Reply from 173.194.37.72: bytes=32 time=35ms TTL=55



Ping statistics for 173.194.37.72:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 35ms, Average = 34ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=30ms TTL=51

Reply from 209.191.122.70: bytes=32 time=31ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 30ms, Maximum = 31ms, Average = 30ms

===========================================================================
Interface List
13 ...00 1e 65 60 08 74 ...... Intel® WiFi Link 5100 AGN
12 ...00 24 7e ab a0 b7 ...... Bluetooth Device (Personal Area Network)
10 ...00 26 9e 11 07 3e ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
25 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16 ...00 00 00 00 00 00 00 e0 isatap.hsd1.tx.comcast.net.
15 ...00 00 00 00 00 00 00 e0 isatap.{99A38EE9-40F6-4F54-A3A4-80944AABE7F0}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.102 281
192.168.2.102 255.255.255.255 On-link 192.168.2.102 281
192.168.2.255 255.255.255.255 On-link 192.168.2.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
13 281 fe80::/64 On-link
13 281 fe80::5124:1b62:e463:a46c/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 15 July 2012 - 10:15 PM

are you still getting redirected?

and if so verify which browsers are getting redirected



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tbeagle

tbeagle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 July 2012 - 10:23 PM

Yes, it looks like I am still getting redirected when I use Google on Firefox 13.0.1

I also have Internet Explorer 9 on this computer but have not experienced a redirect using this browser.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 15 July 2012 - 10:33 PM

Greetings


I want you to uninstall firefox and if asked about user data or settings then remove those also


restart the computer and reinstall firefox - verify if it is working



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tbeagle

tbeagle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 July 2012 - 11:05 PM

Hello,

I uninstalled Firefox, then restarted the computer and reinstalled Firefox.

It appears to be working now (20-of-20 searches took me to the intended sites without any redirects). Thank you so much for your help! *crossing my fingers that it stays this way*

Do you think this was related to the initial Trojan which was detected last week? If I may ask also, do you think Firefox is good security-wise for issues like this (I used Internet Explorer for many years before switching to Firefox last year).

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:04 AM

Posted 15 July 2012 - 11:12 PM

Greetings

there is still more out there that target IE but things are starting to even out as firefox is growing in popularity

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 31
Java™ 6 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tbeagle

tbeagle
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 15 July 2012 - 11:54 PM

Hello,

Thank you for the reply to my question about the browsers.

I wanted to let you know that I'll be away from my computer for about the next 20 hours, but I will post my logs and information from your most recent post as soon as I return.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users