Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect


  • This topic is locked This topic is locked
26 replies to this topic

#1 Pliney

Pliney

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 15 July 2012 - 10:59 AM

Over the past few days (starting 7/12) when I search on Google, I get a valid list of search results, but occasionally, when clicking on the link for one of the results, instead of being brought to the desired link, I get a new tab with "search results" from an IP address (examples: 63.209.69.107, 8.26.70.252) or pages like ampnetwork.com or Merchant Circle. This does not happen all the time, but maybe every 4th or 5th click on a search result. I am not noticing any other obvious suspicious activity -- at least nothing outwardly obvious. (No deleted files, no home page hijack, no problems booting, etc.)

I'm running Norton Internet Security v18.7.2.3.
I have run scans with:
  • Trend Micro House Call
  • Dr. Web's Cure It
  • MalwareBytes Anti-Malware
  • SUPERAntiSpyware
  • Symantec's FixTDSS.exe
  • Kaspersky's TDSSKiller.exe
  • HitmanPro 3.6
  • Sophos Virus Removal Tool.

Some of them found nothing; some of them found various different "threats," which they (supposedly) successfully cleaned/removed. Yet, I still have the Google redirect problem.

Below are the results of my DDS scan. The "Attach.txt" file is attached to this post.
Thanks in advance for your attention.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Admin at 11:52:52 on 2012-07-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8182.3858 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Vista Start Menu\VistaHookApp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Vista Start Menu\VistaHookApp.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: CompTool0234 Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll
mURLSearchHooks: CompTool0234 Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: CompTool0234 Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB: CompTool0234 Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [VistaStartMenu] C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [ReimageFTP] C:\Program Files (x86)\Reimage\Reimage Repair\ReiFTPWatchDog.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://myconnection-va.wellpoint.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{F0C063AA-2AE8-45CA-945B-6ACD5DE2BDE5} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{F0C063AA-2AE8-45CA-945B-6ACD5DE2BDE5}\05572707C65644F6C6078696E6 : DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.1.1
TCP: Interfaces\{F0C063AA-2AE8-45CA-945B-6ACD5DE2BDE5}\34963736F62393037303 : DhcpNameServer = 68.87.71.230 68.87.73.246 192.168.1.1
TCP: Interfaces\{F0C063AA-2AE8-45CA-945B-6ACD5DE2BDE5}\35D434 : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: CompTool0234 Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll
BHO-X64: CompTool0234 - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
TB-X64: CompTool0234 Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [ReimageFTP] C:\Program Files (x86)\Reimage\Reimage Repair\ReiFTPWatchDog.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=161edd48000000000000062100e8a523
FF - prefs.js: keyword.URL - hxxp://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=161edd48000000000000062100e8a523&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - component: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 161edd48000000000000062100e8a523
FF - user.js: extensions.BabylonToolbar_i.hardId - 161edd48000000000000062100e8a523
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15414
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:05:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 DRVECDB;DRVECDB;C:\Windows\system32\Drivers\DRVECDB.SYS --> C:\Windows\system32\Drivers\DRVECDB.SYS [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-12 1161376]
R1 DLACDBHE;DLACDBHE;C:\Windows\system32\Drivers\DLACDBHE.SYS --> C:\Windows\system32\Drivers\DLACDBHE.SYS [?]
R1 DLARTL_E;DLARTL_E;C:\Windows\system32\Drivers\DLARTL_E.SYS --> C:\Windows\system32\Drivers\DLARTL_E.SYS [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DLABMFSE;DLABMFSE;C:\Windows\system32\DLA\DLABMFSE.SYS --> C:\Windows\system32\DLA\DLABMFSE.SYS [?]
R2 DLABOIOE;DLABOIOE;C:\Windows\system32\DLA\DLABOIOE.SYS --> C:\Windows\system32\DLA\DLABOIOE.SYS [?]
R2 DLADResE;DLADResE;C:\Windows\system32\DLA\DLADResE.SYS --> C:\Windows\system32\DLA\DLADResE.SYS [?]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\system32\DLA\DLAIFS_E.SYS --> C:\Windows\system32\DLA\DLAIFS_E.SYS [?]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\system32\DLA\DLAOPIOE.SYS --> C:\Windows\system32\DLA\DLAOPIOE.SYS [?]
R2 DLAPoolE;DLAPoolE;C:\Windows\system32\DLA\DLAPoolE.SYS --> C:\Windows\system32\DLA\DLAPoolE.SYS [?]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\system32\DLA\DLAUDF_E.SYS --> C:\Windows\system32\DLA\DLAUDF_E.SYS [?]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\system32\DLA\DLAUDFAE.SYS --> C:\Windows\system32\DLA\DLAUDFAE.SYS [?]
R2 DRVEDDM;DRVEDDM;C:\Windows\system32\Drivers\DRVEDDM.SYS --> C:\Windows\system32\Drivers\DRVEDDM.SYS [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-16 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-1 138912]
R3 TotRec8;Total Recorder WDM audio filter driver;\??\C:\Windows\system32\drivers\TotRec8.sys --> C:\Windows\system32\drivers\TotRec8.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca1bb4ce9c1840;Google Update Service (gupdate1ca1bb4ce9c1840);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-8-12 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-8-12 133104]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-25 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-07-14 15:54:04 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-14 15:36:34 -------- d-----w- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-07-14 15:36:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-14 15:36:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-14 00:32:11 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-07-13 19:25:29 36168 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-07-13 16:01:21 -------- d-----w- C:\ProgramData\PC Tools
2012-07-13 15:58:36 -------- d-----w- C:\Users\Admin\AppData\Roaming\Ad-Aware Antivirus
2012-07-13 14:47:52 -------- d-----w- C:\Program Files\HitmanPro
2012-07-13 12:25:21 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-13 12:01:23 -------- d-----w- C:\ProgramData\Sophos
2012-07-13 12:00:54 73728 ----a-r- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-13 12:00:54 73728 ----a-r- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-13 12:00:54 73728 ----a-r- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-07-13 12:00:36 -------- d-----w- C:\Program Files (x86)\Sophos
2012-07-12 19:13:24 -------- d-----w- C:\Users\Admin\AppData\Roaming\Malwarebytes
2012-07-12 19:13:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-12 19:13:13 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-12 19:13:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2012-07-12 07:23:02 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 11:50:01 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 11:50:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-21 11:20:36 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 11:20:05 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 11:19:24 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 11:19:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-14 15:54:09 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 15:54:09 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-14 12:02:06 121691 ----a-w- C:\Windows\File Renamer - Basic Uninstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 11:56:44.24 ===============

Attached Files


Edited by Pliney, 15 July 2012 - 11:03 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 16 July 2012 - 01:01 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Pliney

Pliney
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 17 July 2012 - 09:15 AM

Thanks for the prompt reply, Gringo.

The only problem I had with running the Security Check and ComboFix programs is that ComboFix appeared to hang a couple of times (around Stage_48) and I had to stop it, but on the third attempt it ran much quicker, to successful completion.

I am still experiencing the Google redirect, which is described in my original post as follows:

"Over the past few days (starting 7/12) when I search on Google, I get a valid list of search results, but occasionally, when clicking on the link for one of the results, instead of being brought to the desired link, I get a new tab with "search results" from an IP address (examples: 63.209.69.107, 8.26.70.252) or pages like ampnetwork.com or Merchant Circle. This does not happen all the time, but maybe every 4th or 5th click on a search result. I am not noticing any other obvious suspicious activity -- at least nothing outwardly obvious. (No deleted files, no home page hijack, no problems booting, etc.)"


Here are the contents of the logs you requested.

Checkup.txt:
-------------------------------------------------------------------------------------------------

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

-------------------------------------------------------------------------------------------------


ComboFix.txt:
-------------------------------------------------------------------------------------------------

ComboFix 12-07-16.01 - Admin 07/17/2012 9:30.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8182.5991 [GMT -4:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\{873833CF-D48B-4047-8A41-FC90E10E4DB4}.xps
c:\users\Larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9CF45B52-D02D-4B74-8AAE-CCFE0BF08DD8}.xps
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 13:41 . 2012-07-17 13:41 -------- d-----w- c:\users\Jen\AppData\Local\temp
2012-07-17 13:41 . 2012-07-17 13:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-17 13:41 . 2012-07-17 13:41 -------- d-----w- c:\users\Larry\AppData\Local\temp
2012-07-17 13:41 . 2012-07-17 13:41 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-15 20:31 . 2012-07-15 20:32 -------- d-----w- c:\program files (x86)\GUM15BC.tmp
2012-07-14 21:32 . 2012-07-14 21:32 -------- d-----w- c:\users\Larry\AppData\Roaming\SUPERAntiSpyware.com
2012-07-14 15:54 . 2012-07-14 15:54 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-14 15:36 . 2012-07-14 15:36 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-07-14 15:36 . 2012-07-14 15:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-14 01:02 . 2012-07-14 02:10 -------- d-----w- c:\users\Larry\DoctorWeb
2012-07-14 00:32 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-07-13 19:25 . 2012-07-13 19:25 36168 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-07-13 15:58 . 2012-07-13 15:59 -------- d-----w- c:\users\Admin\AppData\Roaming\Ad-Aware Antivirus
2012-07-13 14:47 . 2012-07-13 14:47 -------- d-----w- c:\program files\HitmanPro
2012-07-13 12:00 . 2012-07-13 12:00 73728 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-13 12:00 . 2012-07-13 12:00 73728 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-07-13 12:00 . 2012-07-13 12:00 73728 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-07-13 12:00 . 2012-07-13 12:00 -------- d-----w- c:\program files (x86)\Sophos
2012-07-12 19:43 . 2012-07-12 19:43 -------- d-----w- c:\users\Larry\AppData\Roaming\Malwarebytes
2012-07-12 19:13 . 2012-07-12 19:13 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-07-12 19:13 . 2012-07-12 19:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2012-07-12 19:13 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 07:23 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:50 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:50 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-26 12:51 . 2012-06-26 12:51 -------- d-----w- c:\users\Larry\AppData\Roaming\StartMenuX
2012-06-26 02:43 . 2012-06-26 02:43 -------- d-----w- c:\users\Jen\AppData\Local\Mozilla
2012-06-24 02:18 . 2012-06-24 02:18 -------- d-----w- c:\users\Larry\AppData\Local\Macromedia
2012-06-21 11:20 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 11:20 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 11:20 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 11:20 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 11:20 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 11:20 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 11:20 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 11:19 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 11:19 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 15:54 . 2012-04-04 21:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 15:54 . 2011-05-17 11:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-14 12:02 . 2012-05-14 12:02 121691 ----a-w- c:\windows\File Renamer - Basic Uninstaller.exe
2012-05-04 11:06 . 2012-06-14 11:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-14 11:38 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 11:25 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 11:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-14 11:38 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-14 11:25 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 11:25 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 11:25 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 11:25 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 11:25 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 11:25 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 11:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 11:25 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 11:25 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 11:25 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 11:25 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files (x86)\Coupons.com\prxtbCou1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Coupons.com\prxtbCou1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files (x86)\Coupons.com\prxtbCou1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="c:\program files (x86)\Vista Start Menu\VistaStartMenu.exe" [2010-10-18 2749336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca1bb4ce9c1840;Google Update Service (gupdate1ca1bb4ce9c1840);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-13 133104]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 250056]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2007-06-19 24576]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-13 133104]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-13 36168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-09 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS [2006-10-25 123928]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 DLACDBHE;DLACDBHE;c:\windows\system32\Drivers\DLACDBHE.SYS [2007-02-09 15864]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS [2006-09-15 39288]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120715.001\IDSvia64.sys [2012-06-14 509088]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\DLA\DLABMFSE.SYS [2006-11-01 44152]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\DLA\DLABOIOE.SYS [2006-11-01 41976]
S2 DLADResE;DLADResE;c:\windows\system32\DLA\DLADResE.SYS [2006-11-01 10360]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\DLA\DLAIFS_E.SYS [2006-11-01 142200]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\DLA\DLAOPIOE.SYS [2006-11-01 34552]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\DLA\DLAPoolE.SYS [2006-11-01 18040]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\DLA\DLAUDF_E.SYS [2006-11-01 143736]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\DLA\DLAUDFAE.SYS [2006-11-01 137080]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS [2007-02-09 63608]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-11-23 122448]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ccHP
*Deregistered* - SYMFW
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:35]
.
2012-07-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-13 10:57]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-13 01:24]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-13 01:24]
.
2012-07-01 c:\windows\Tasks\Norton Internet Security - Admin - Full System Scan.job
- c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\navw32.exe [2012-06-11 00:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 363544]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=161edd48000000000000062100e8a523
FF - prefs.js: keyword.URL - hxxp://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=161edd48000000000000062100e8a523&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - user.js: extensions.BabylonToolbar_i.id - 161edd48000000000000062100e8a523
FF - user.js: extensions.BabylonToolbar_i.hardId - 161edd48000000000000062100e8a523
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15414
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110141
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ReimageFTP - c:\program files (x86)\Reimage\Reimage Repair\ReiFTPWatchDog.exe
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]
@Denied: (C D) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-07-17 10:00:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 14:00
.
Pre-Run: 671,728,713,728 bytes free
Post-Run: 674,888,257,536 bytes free
.
- - End Of File - - 1FC83F1D3E95CAE8486EEA18C1BA58C4

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 17 July 2012 - 09:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Pliney

Pliney
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 17 July 2012 - 02:14 PM

Below are the two logs you requested.
After running, I have not rebooted (no reboot was required/requested by TSDDKiller), but so far I am still experiencing the original issue, which is:

"Over the past few days (starting 7/12) when I search on Google, I get a valid list of search results, but occasionally, when clicking on the link for one of the results, instead of being brought to the desired link, I get a new tab with "search results" from an IP address (examples: 63.209.69.107, 8.26.70.252) or pages like ampnetwork.com or Merchant Circle. This does not happen all the time, but maybe every 4th or 5th click on a search result. I am not noticing any other obvious suspicious activity -- at least nothing outwardly obvious. (No deleted files, no home page hijack, no problems booting, etc.)"


I ran aswMBR.exe as a "QuickScan" since that was the default selection and there were no instructions in your post to change any settings; I hope that was appropriate.


TDSSKiller log:

12:10:26.0680 6056 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
12:10:27.0040 6056 ============================================================
12:10:27.0040 6056 Current date / time: 2012/07/17 12:10:27.0040
12:10:27.0040 6056 SystemInfo:
12:10:27.0040 6056
12:10:27.0040 6056 OS Version: 6.1.7601 ServicePack: 1.0
12:10:27.0040 6056 Product type: Workstation
12:10:27.0040 6056 ComputerName: HOME-PC
12:10:27.0040 6056 UserName: Admin
12:10:27.0040 6056 Windows directory: C:\Windows
12:10:27.0040 6056 System windows directory: C:\Windows
12:10:27.0040 6056 Running under WOW64
12:10:27.0040 6056 Processor architecture: Intel x64
12:10:27.0040 6056 Number of processors: 4
12:10:27.0040 6056 Page size: 0x1000
12:10:27.0040 6056 Boot type: Normal boot
12:10:27.0040 6056 ============================================================
12:10:27.0720 6056 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:10:27.0740 6056 ============================================================
12:10:27.0740 6056 \Device\Harddisk0\DR0:
12:10:27.0740 6056 MBR partitions:
12:10:27.0740 6056 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72BA8B08
12:10:27.0740 6056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x72BA8B47, BlocksNum 0x1B5CE7A
12:10:27.0740 6056 ============================================================
12:10:27.0850 6056 C: <-> \Device\Harddisk0\DR0\Partition0
12:10:28.0320 6056 D: <-> \Device\Harddisk0\DR0\Partition1
12:10:28.0320 6056 ============================================================
12:10:28.0320 6056 Initialize success
12:10:28.0320 6056 ============================================================
12:10:45.0361 7644 ============================================================
12:10:45.0361 7644 Scan started
12:10:45.0361 7644 Mode: Manual;
12:10:45.0361 7644 ============================================================
12:10:46.0171 7644 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:10:46.0171 7644 !SASCORE - ok
12:10:46.0511 7644 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:10:46.0511 7644 1394ohci - ok
12:10:46.0581 7644 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:10:46.0581 7644 ACPI - ok
12:10:46.0651 7644 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:10:46.0651 7644 AcpiPmi - ok
12:10:46.0842 7644 AdobeActiveFileMonitor8.0 (4451cc2275b04043ec2bcc757af97291) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
12:10:46.0852 7644 AdobeActiveFileMonitor8.0 - ok
12:10:47.0042 7644 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:10:47.0802 7644 AdobeARMservice - ok
12:10:48.0162 7644 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:10:48.0392 7644 AdobeFlashPlayerUpdateSvc - ok
12:10:48.0592 7644 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:10:48.0602 7644 adp94xx - ok
12:10:49.0042 7644 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:10:49.0052 7644 adpahci - ok
12:10:49.0092 7644 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:10:49.0092 7644 adpu320 - ok
12:10:49.0132 7644 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:10:49.0132 7644 AeLookupSvc - ok
12:10:49.0592 7644 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:10:49.0602 7644 AFD - ok
12:10:49.0652 7644 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:10:49.0662 7644 agp440 - ok
12:10:49.0712 7644 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:10:51.0652 7644 ALG - ok
12:10:51.0932 7644 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:10:51.0962 7644 aliide - ok
12:10:52.0112 7644 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:10:52.0142 7644 amdide - ok
12:10:52.0722 7644 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:10:52.0752 7644 AmdK8 - ok
12:10:52.0842 7644 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:10:52.0882 7644 AmdPPM - ok
12:10:53.0372 7644 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:10:53.0552 7644 amdsata - ok
12:10:53.0602 7644 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:10:53.0602 7644 amdsbs - ok
12:10:53.0782 7644 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:10:53.0782 7644 amdxata - ok
12:10:53.0852 7644 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:10:53.0852 7644 AppID - ok
12:10:53.0902 7644 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:10:53.0902 7644 AppIDSvc - ok
12:10:54.0012 7644 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:10:54.0012 7644 Appinfo - ok
12:10:54.0172 7644 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:10:54.0172 7644 Apple Mobile Device - ok
12:10:54.0232 7644 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:10:54.0232 7644 arc - ok
12:10:54.0252 7644 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:10:54.0252 7644 arcsas - ok
12:10:54.0352 7644 aspnet_state - ok
12:10:54.0432 7644 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:10:54.0432 7644 AsyncMac - ok
12:10:54.0522 7644 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:10:54.0522 7644 atapi - ok
12:10:54.0732 7644 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
12:10:54.0752 7644 athr - ok
12:10:54.0973 7644 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:10:54.0983 7644 AudioEndpointBuilder - ok
12:10:54.0983 7644 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:10:54.0993 7644 AudioSrv - ok
12:10:55.0043 7644 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:10:55.0043 7644 AxInstSV - ok
12:10:55.0153 7644 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:10:55.0153 7644 b06bdrv - ok
12:10:55.0233 7644 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:10:55.0233 7644 b57nd60a - ok
12:10:55.0293 7644 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:10:55.0293 7644 BDESVC - ok
12:10:55.0303 7644 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:10:55.0303 7644 Beep - ok
12:10:55.0413 7644 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:10:55.0423 7644 BFE - ok
12:10:55.0883 7644 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
12:10:55.0893 7644 BHDrvx64 - ok
12:10:58.0183 7644 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:10:58.0193 7644 BITS - ok
12:10:58.0413 7644 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:10:58.0413 7644 blbdrive - ok
12:10:59.0024 7644 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:10:59.0084 7644 Bonjour Service - ok
12:10:59.0254 7644 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:10:59.0254 7644 bowser - ok
12:10:59.0424 7644 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:10:59.0424 7644 BrFiltLo - ok
12:10:59.0524 7644 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:10:59.0524 7644 BrFiltUp - ok
12:10:59.0624 7644 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:10:59.0624 7644 BridgeMP - ok
12:10:59.0804 7644 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:10:59.0804 7644 Browser - ok
12:11:00.0754 7644 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:11:00.0764 7644 Brserid - ok
12:11:00.0814 7644 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:11:00.0814 7644 BrSerWdm - ok
12:11:00.0884 7644 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:11:00.0884 7644 BrUsbMdm - ok
12:11:00.0884 7644 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:11:00.0894 7644 BrUsbSer - ok
12:11:00.0914 7644 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:11:00.0914 7644 BTHMODEM - ok
12:11:01.0004 7644 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:11:01.0014 7644 bthserv - ok
12:11:01.0824 7644 CarboniteService (33e43a31ac6ac6ba95d4772d8cca076f) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
12:11:01.0994 7644 CarboniteService - ok
12:11:02.0034 7644 catchme - ok
12:11:03.0214 7644 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:11:03.0254 7644 cdfs - ok
12:11:03.0344 7644 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:11:03.0344 7644 cdrom - ok
12:11:03.0394 7644 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:11:03.0394 7644 CertPropSvc - ok
12:11:03.0454 7644 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:11:03.0454 7644 circlass - ok
12:11:03.0504 7644 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:11:03.0514 7644 CLFS - ok
12:11:03.0924 7644 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:11:03.0924 7644 clr_optimization_v2.0.50727_32 - ok
12:11:04.0234 7644 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:11:04.0234 7644 clr_optimization_v2.0.50727_64 - ok
12:11:04.0364 7644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:11:04.0364 7644 clr_optimization_v4.0.30319_32 - ok
12:11:04.0404 7644 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:11:04.0404 7644 clr_optimization_v4.0.30319_64 - ok
12:11:04.0444 7644 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:11:04.0444 7644 CmBatt - ok
12:11:04.0484 7644 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:11:04.0484 7644 cmdide - ok
12:11:04.0934 7644 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
12:11:04.0974 7644 CNG - ok
12:11:05.0054 7644 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:11:05.0054 7644 Compbatt - ok
12:11:05.0154 7644 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:11:05.0154 7644 CompositeBus - ok
12:11:05.0194 7644 COMSysApp - ok
12:11:05.0744 7644 cpuz132 - ok
12:11:05.0854 7644 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:11:05.0854 7644 crcdisk - ok
12:11:06.0094 7644 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:11:06.0094 7644 CryptSvc - ok
12:11:06.0364 7644 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
12:11:06.0364 7644 dc3d - ok
12:11:06.0574 7644 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:11:06.0574 7644 DcomLaunch - ok
12:11:07.0804 7644 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:11:07.0864 7644 defragsvc - ok
12:11:07.0914 7644 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:11:07.0924 7644 DfsC - ok
12:11:08.0214 7644 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:11:08.0214 7644 Dhcp - ok
12:11:08.0554 7644 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:11:08.0554 7644 discache - ok
12:11:08.0794 7644 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:11:08.0794 7644 Disk - ok
12:11:09.0224 7644 DLABMFSE (17e6a205960c775a6f2bed1dd9e56214) C:\Windows\system32\DLA\DLABMFSE.SYS
12:11:09.0224 7644 DLABMFSE - ok
12:11:09.0364 7644 DLABOIOE (92e787b6af9b75a39c99d0a31c05b857) C:\Windows\system32\DLA\DLABOIOE.SYS
12:11:09.0364 7644 DLABOIOE - ok
12:11:09.0384 7644 DLACDBHE (8bffdf668b5b3db82b45fd98f6d5b047) C:\Windows\system32\Drivers\DLACDBHE.SYS
12:11:09.0384 7644 DLACDBHE - ok
12:11:09.0414 7644 DLADResE (b207bcf0307b191a5068a003c520283a) C:\Windows\system32\DLA\DLADResE.SYS
12:11:09.0414 7644 DLADResE - ok
12:11:09.0434 7644 DLAIFS_E (9448aad0502e570de2275b5f2927c314) C:\Windows\system32\DLA\DLAIFS_E.SYS
12:11:09.0434 7644 DLAIFS_E - ok
12:11:09.0474 7644 DLAOPIOE (02923de961a916675059d44a32ed7a90) C:\Windows\system32\DLA\DLAOPIOE.SYS
12:11:09.0474 7644 DLAOPIOE - ok
12:11:09.0484 7644 DLAPoolE (9c82599cc61e3a467cb5bbe66c111e3a) C:\Windows\system32\DLA\DLAPoolE.SYS
12:11:09.0484 7644 DLAPoolE - ok
12:11:09.0494 7644 DLARTL_E (f24ae7967965cc29fb709191401ab8b7) C:\Windows\system32\Drivers\DLARTL_E.SYS
12:11:09.0494 7644 DLARTL_E - ok
12:11:09.0504 7644 DLAUDFAE (e8fed969b01cacec08ffe88914d992d4) C:\Windows\system32\DLA\DLAUDFAE.SYS
12:11:09.0504 7644 DLAUDFAE - ok
12:11:09.0784 7644 DLAUDF_E (e5a481115ccc2506d5b425e913170df1) C:\Windows\system32\DLA\DLAUDF_E.SYS
12:11:09.0784 7644 DLAUDF_E - ok
12:11:09.0884 7644 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:11:09.0884 7644 Dnscache - ok
12:11:10.0014 7644 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:11:10.0024 7644 dot3svc - ok
12:11:10.0204 7644 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:11:10.0204 7644 DPS - ok
12:11:10.0354 7644 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:11:10.0354 7644 drmkaud - ok
12:11:10.0414 7644 DRVECDB (5e049ca729a0e763c73de4de39ff83e0) C:\Windows\system32\Drivers\DRVECDB.SYS
12:11:10.0424 7644 DRVECDB - ok
12:11:10.0544 7644 DRVEDDM (20c296250f155e60b16a3b4601d28695) C:\Windows\system32\Drivers\DRVEDDM.SYS
12:11:10.0544 7644 DRVEDDM - ok
12:11:10.0884 7644 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:11:10.0894 7644 DXGKrnl - ok
12:11:11.0054 7644 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:11:11.0054 7644 EapHost - ok
12:11:11.0584 7644 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:11:11.0664 7644 ebdrv - ok
12:11:11.0984 7644 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:11:11.0984 7644 eeCtrl - ok
12:11:12.0894 7644 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:11:12.0894 7644 EFS - ok
12:11:13.0114 7644 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:11:13.0334 7644 ehRecvr - ok
12:11:13.0414 7644 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:11:13.0414 7644 ehSched - ok
12:11:13.0694 7644 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:11:13.0714 7644 elxstor - ok
12:11:14.0235 7644 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:11:14.0235 7644 EraserUtilRebootDrv - ok
12:11:14.0345 7644 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:11:14.0345 7644 ErrDev - ok
12:11:14.0465 7644 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:11:14.0465 7644 EventSystem - ok
12:11:14.0705 7644 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:11:14.0725 7644 exfat - ok
12:11:14.0755 7644 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:11:14.0755 7644 fastfat - ok
12:11:14.0835 7644 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:11:14.0835 7644 Fax - ok
12:11:14.0885 7644 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:11:14.0885 7644 fdc - ok
12:11:14.0905 7644 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:11:14.0905 7644 fdPHost - ok
12:11:14.0915 7644 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:11:14.0915 7644 FDResPub - ok
12:11:14.0955 7644 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:11:14.0955 7644 FileInfo - ok
12:11:14.0975 7644 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:11:14.0975 7644 Filetrace - ok
12:11:15.0785 7644 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:11:15.0835 7644 FLEXnet Licensing Service - ok
12:11:16.0085 7644 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:11:16.0115 7644 flpydisk - ok
12:11:16.0185 7644 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:11:16.0195 7644 FltMgr - ok
12:11:16.0235 7644 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
12:11:16.0245 7644 FlyUsb - ok
12:11:16.0545 7644 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:11:16.0555 7644 FontCache - ok
12:11:16.0745 7644 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:11:16.0745 7644 FontCache3.0.0.0 - ok
12:11:16.0785 7644 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:11:16.0785 7644 FsDepends - ok
12:11:16.0835 7644 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:11:16.0835 7644 Fs_Rec - ok
12:11:16.0915 7644 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:11:16.0915 7644 fvevol - ok
12:11:16.0935 7644 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:11:16.0935 7644 gagp30kx - ok
12:11:17.0325 7644 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:11:17.0325 7644 GEARAspiWDM - ok
12:11:18.0235 7644 getPlusHelper - ok
12:11:18.0465 7644 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:11:18.0475 7644 gpsvc - ok
12:11:20.0645 7644 gupdate1ca1bb4ce9c1840 (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:11:20.0765 7644 gupdate1ca1bb4ce9c1840 - ok
12:11:21.0085 7644 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:11:21.0095 7644 gupdatem - ok
12:11:22.0155 7644 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:11:22.0435 7644 gusvc - ok
12:11:22.0805 7644 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:11:22.0855 7644 hcw85cir - ok
12:11:23.0615 7644 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:11:23.0655 7644 HDAudBus - ok
12:11:24.0245 7644 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:11:24.0295 7644 HidBatt - ok
12:11:25.0245 7644 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:11:25.0315 7644 HidBth - ok
12:11:25.0955 7644 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:11:25.0995 7644 HidIr - ok
12:11:26.0555 7644 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:11:26.0555 7644 hidserv - ok
12:11:26.0795 7644 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:11:26.0795 7644 HidUsb - ok
12:11:27.0306 7644 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:11:27.0346 7644 hkmsvc - ok
12:11:28.0306 7644 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:11:28.0316 7644 HomeGroupListener - ok
12:11:28.0466 7644 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:11:28.0466 7644 HomeGroupProvider - ok
12:11:29.0796 7644 HP Health Check Service (aa9ef0b395097f24d289f64445b2fd2e) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
12:11:30.0086 7644 HP Health Check Service - ok
12:11:31.0616 7644 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:11:31.0616 7644 hpqcxs08 - ok
12:11:33.0116 7644 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:11:33.0116 7644 hpqddsvc - ok
12:11:34.0046 7644 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:11:34.0106 7644 HpSAMD - ok
12:11:34.0996 7644 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:11:35.0056 7644 HPSLPSVC - ok
12:11:37.0246 7644 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:11:37.0366 7644 HTTP - ok
12:11:37.0596 7644 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:11:37.0596 7644 hwpolicy - ok
12:11:37.0916 7644 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:11:37.0946 7644 i8042prt - ok
12:11:38.0016 7644 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
12:11:38.0016 7644 iaStor - ok
12:11:38.0136 7644 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:11:38.0136 7644 IAStorDataMgrSvc - ok
12:11:38.0226 7644 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:11:38.0226 7644 iaStorV - ok
12:11:38.0696 7644 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:11:38.0726 7644 IDriverT - ok
12:11:39.0276 7644 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:11:39.0326 7644 idsvc - ok
12:11:40.0496 7644 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120715.001\IDSvia64.sys
12:11:40.0496 7644 IDSVia64 - ok
12:11:41.0716 7644 igfx (89b99e3e988dfa20abb58ff1930add21) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:11:41.0856 7644 igfx - ok
12:11:42.0426 7644 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:11:42.0446 7644 iirsp - ok
12:11:42.0516 7644 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:11:42.0526 7644 IKEEXT - ok
12:11:42.0756 7644 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
12:11:42.0776 7644 IntcAzAudAddService - ok
12:11:43.0146 7644 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:11:43.0146 7644 intelide - ok
12:11:43.0296 7644 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:11:43.0296 7644 intelppm - ok
12:11:43.0446 7644 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
12:11:43.0456 7644 IntuitUpdateService - ok
12:11:43.0586 7644 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:11:43.0586 7644 IntuitUpdateServiceV4 - ok
12:11:43.0646 7644 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:11:43.0646 7644 IPBusEnum - ok
12:11:43.0696 7644 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:11:43.0696 7644 IpFilterDriver - ok
12:11:43.0756 7644 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:11:43.0766 7644 iphlpsvc - ok
12:11:43.0836 7644 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:11:43.0836 7644 IPMIDRV - ok
12:11:43.0876 7644 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:11:43.0876 7644 IPNAT - ok
12:11:43.0997 7644 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:11:44.0017 7644 iPod Service - ok
12:11:44.0047 7644 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:11:44.0057 7644 IRENUM - ok
12:11:44.0097 7644 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:11:44.0097 7644 isapnp - ok
12:11:44.0147 7644 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:11:44.0157 7644 iScsiPrt - ok
12:11:44.0167 7644 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:11:44.0167 7644 kbdclass - ok
12:11:44.0477 7644 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:11:44.0507 7644 kbdhid - ok
12:11:44.0667 7644 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:11:44.0667 7644 KeyIso - ok
12:11:44.0737 7644 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
12:11:44.0747 7644 KSecDD - ok
12:11:44.0777 7644 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
12:11:44.0777 7644 KSecPkg - ok
12:11:44.0797 7644 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:11:44.0797 7644 ksthunk - ok
12:11:44.0867 7644 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:11:44.0867 7644 KtmRm - ok
12:11:44.0927 7644 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:11:44.0937 7644 LanmanServer - ok
12:11:44.0977 7644 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:11:44.0987 7644 LanmanWorkstation - ok
12:11:45.0127 7644 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:11:45.0127 7644 LightScribeService - ok
12:11:45.0177 7644 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:11:45.0177 7644 lltdio - ok
12:11:45.0227 7644 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:11:45.0237 7644 lltdsvc - ok
12:11:45.0247 7644 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:11:45.0247 7644 lmhosts - ok
12:11:45.0297 7644 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:11:45.0297 7644 LSI_FC - ok
12:11:45.0337 7644 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:11:45.0347 7644 LSI_SAS - ok
12:11:45.0367 7644 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:11:45.0367 7644 LSI_SAS2 - ok
12:11:45.0387 7644 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:11:45.0387 7644 LSI_SCSI - ok
12:11:45.0417 7644 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:11:45.0427 7644 luafv - ok
12:11:45.0547 7644 mbamchameleon (4a0489f1cce69bb7371f8ea66efe78ec) C:\Windows\system32\drivers\mbamchameleon.sys
12:11:45.0547 7644 mbamchameleon - ok
12:11:45.0607 7644 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:11:45.0617 7644 Mcx2Svc - ok
12:11:45.0627 7644 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:11:45.0627 7644 megasas - ok
12:11:45.0657 7644 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:11:45.0687 7644 MegaSR - ok
12:11:45.0867 7644 Microsoft SharePoint Workspace Audit Service - ok
12:11:45.0927 7644 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:11:45.0937 7644 MMCSS - ok
12:11:45.0987 7644 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:11:45.0987 7644 Modem - ok
12:11:45.0997 7644 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:11:46.0007 7644 monitor - ok
12:11:46.0037 7644 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:11:46.0037 7644 mouclass - ok
12:11:46.0057 7644 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:11:46.0057 7644 mouhid - ok
12:11:46.0097 7644 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:11:46.0097 7644 mountmgr - ok
12:11:46.0157 7644 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:11:46.0157 7644 MozillaMaintenance - ok
12:11:46.0197 7644 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:11:46.0197 7644 mpio - ok
12:11:46.0217 7644 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:11:46.0227 7644 mpsdrv - ok
12:11:46.0297 7644 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:11:46.0307 7644 MpsSvc - ok
12:11:46.0347 7644 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:11:46.0357 7644 MRxDAV - ok
12:11:46.0407 7644 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:11:46.0407 7644 mrxsmb - ok
12:11:46.0467 7644 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:11:46.0467 7644 mrxsmb10 - ok
12:11:46.0487 7644 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:11:46.0487 7644 mrxsmb20 - ok
12:11:46.0527 7644 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:11:46.0527 7644 msahci - ok
12:11:46.0597 7644 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:11:46.0627 7644 msdsm - ok
12:11:46.0677 7644 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:11:46.0677 7644 MSDTC - ok
12:11:46.0737 7644 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:11:46.0737 7644 Msfs - ok
12:11:46.0737 7644 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:11:46.0747 7644 mshidkmdf - ok
12:11:46.0757 7644 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:11:46.0757 7644 msisadrv - ok
12:11:47.0257 7644 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:11:47.0267 7644 MSiSCSI - ok
12:11:47.0267 7644 msiserver - ok
12:11:47.0437 7644 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:11:47.0437 7644 MSKSSRV - ok
12:11:47.0527 7644 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:11:47.0527 7644 MSPCLOCK - ok
12:11:47.0547 7644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:11:47.0547 7644 MSPQM - ok
12:11:47.0707 7644 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:11:47.0707 7644 MsRPC - ok
12:11:47.0767 7644 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:11:47.0767 7644 mssmbios - ok
12:11:47.0817 7644 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:11:47.0817 7644 MSTEE - ok
12:11:47.0827 7644 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:11:47.0827 7644 MTConfig - ok
12:11:47.0847 7644 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:11:47.0847 7644 Mup - ok
12:11:47.0907 7644 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:11:47.0917 7644 napagent - ok
12:11:47.0957 7644 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:11:47.0957 7644 NativeWifiP - ok
12:11:48.0847 7644 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120716.018\ENG64.SYS
12:11:48.0847 7644 NAVENG - ok
12:11:49.0017 7644 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120716.018\EX64.SYS
12:11:49.0027 7644 NAVEX15 - ok
12:11:49.0757 7644 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:11:49.0767 7644 NDIS - ok
12:11:49.0997 7644 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:11:50.0007 7644 NdisCap - ok
12:11:50.0037 7644 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:11:50.0037 7644 NdisTapi - ok
12:11:50.0077 7644 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:11:50.0077 7644 Ndisuio - ok
12:11:50.0137 7644 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:11:50.0137 7644 NdisWan - ok
12:11:50.0177 7644 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:11:50.0177 7644 NDProxy - ok
12:11:50.0277 7644 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
12:11:50.0287 7644 Net Driver HPZ12 - ok
12:11:50.0327 7644 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:11:50.0327 7644 NetBIOS - ok
12:11:50.0377 7644 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:11:50.0377 7644 NetBT - ok
12:11:50.0417 7644 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:11:50.0417 7644 Netlogon - ok
12:11:50.0487 7644 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:11:50.0487 7644 Netman - ok
12:11:50.0567 7644 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:11:50.0567 7644 netprofm - ok
12:11:51.0347 7644 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:11:51.0357 7644 NetTcpPortSharing - ok
12:11:51.0387 7644 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:11:51.0387 7644 nfrd960 - ok
12:11:51.0517 7644 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
12:11:51.0517 7644 NIS - ok
12:11:51.0597 7644 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:11:51.0597 7644 NlaSvc - ok
12:11:51.0617 7644 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:11:51.0617 7644 Npfs - ok
12:11:51.0657 7644 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:11:51.0657 7644 nsi - ok
12:11:51.0667 7644 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:11:51.0667 7644 nsiproxy - ok
12:11:52.0097 7644 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:11:52.0107 7644 Ntfs - ok
12:11:52.0417 7644 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:11:52.0417 7644 Null - ok
12:11:52.0477 7644 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:11:52.0477 7644 nvraid - ok
12:11:52.0517 7644 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:11:52.0527 7644 nvstor - ok
12:11:52.0547 7644 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:11:52.0547 7644 nv_agp - ok
12:11:52.0597 7644 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:11:52.0597 7644 ohci1394 - ok
12:11:53.0267 7644 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:11:53.0297 7644 ose - ok
12:11:56.0027 7644 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:11:56.0127 7644 osppsvc - ok
12:11:56.0297 7644 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:11:56.0297 7644 p2pimsvc - ok
12:11:56.0357 7644 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:11:56.0367 7644 p2psvc - ok
12:11:57.0047 7644 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:11:57.0077 7644 Parport - ok
12:11:57.0117 7644 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:11:57.0117 7644 partmgr - ok
12:11:57.0157 7644 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:11:57.0157 7644 PcaSvc - ok
12:11:57.0207 7644 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:11:57.0207 7644 pci - ok
12:11:57.0247 7644 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:11:57.0247 7644 pciide - ok
12:11:57.0297 7644 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:11:57.0297 7644 pcmcia - ok
12:11:57.0317 7644 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:11:57.0317 7644 pcw - ok
12:11:57.0347 7644 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:11:57.0367 7644 PEAUTH - ok
12:11:57.0467 7644 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:11:57.0467 7644 PerfHost - ok
12:11:57.0567 7644 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:11:57.0947 7644 pla - ok
12:11:58.0067 7644 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:11:58.0067 7644 PlugPlay - ok
12:11:58.0127 7644 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
12:11:58.0127 7644 Pml Driver HPZ12 - ok
12:11:58.0157 7644 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:11:58.0167 7644 PNRPAutoReg - ok
12:11:58.0187 7644 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:11:58.0187 7644 PNRPsvc - ok
12:11:58.0307 7644 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
12:11:58.0307 7644 Point64 - ok
12:11:58.0427 7644 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:11:58.0437 7644 PolicyAgent - ok
12:11:58.0477 7644 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:11:58.0487 7644 Power - ok
12:11:58.0527 7644 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:11:58.0527 7644 PptpMiniport - ok
12:11:58.0567 7644 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:11:58.0567 7644 Processor - ok
12:11:58.0617 7644 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:11:58.0627 7644 ProfSvc - ok
12:11:58.0667 7644 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:11:58.0667 7644 ProtectedStorage - ok
12:11:58.0707 7644 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
12:11:58.0707 7644 Ps2 - ok
12:11:58.0757 7644 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:11:58.0767 7644 Psched - ok
12:11:58.0807 7644 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
12:11:58.0807 7644 PxHlpa64 - ok
12:11:58.0897 7644 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:11:58.0977 7644 ql2300 - ok
12:11:59.0147 7644 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:11:59.0157 7644 ql40xx - ok
12:11:59.0207 7644 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:11:59.0217 7644 QWAVE - ok
12:11:59.0227 7644 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:11:59.0237 7644 QWAVEdrv - ok
12:11:59.0257 7644 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:11:59.0257 7644 RasAcd - ok
12:11:59.0297 7644 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:11:59.0307 7644 RasAgileVpn - ok
12:11:59.0317 7644 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:11:59.0317 7644 RasAuto - ok
12:11:59.0367 7644 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:11:59.0367 7644 Rasl2tp - ok
12:11:59.0437 7644 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:11:59.0447 7644 RasMan - ok
12:11:59.0467 7644 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:11:59.0467 7644 RasPppoe - ok
12:11:59.0477 7644 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:11:59.0477 7644 RasSstp - ok
12:11:59.0527 7644 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:11:59.0527 7644 rdbss - ok
12:11:59.0547 7644 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:11:59.0557 7644 rdpbus - ok
12:11:59.0567 7644 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:11:59.0577 7644 RDPCDD - ok
12:11:59.0607 7644 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:11:59.0607 7644 RDPENCDD - ok
12:11:59.0617 7644 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:11:59.0617 7644 RDPREFMP - ok
12:11:59.0667 7644 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:11:59.0697 7644 RDPWD - ok
12:11:59.0767 7644 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:11:59.0767 7644 rdyboost - ok
12:11:59.0817 7644 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:11:59.0817 7644 RemoteAccess - ok
12:11:59.0837 7644 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:11:59.0837 7644 RemoteRegistry - ok
12:11:59.0958 7644 Roxio UPnP Renderer 9 (8f164a783ceed480b8cb1e4054e22e82) C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
12:11:59.0958 7644 Roxio UPnP Renderer 9 - ok
12:12:00.0028 7644 Roxio Upnp Server 9 (6cbf7f7c696927e45fd6439a76072aee) C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
12:12:00.0028 7644 Roxio Upnp Server 9 - ok
12:12:00.0118 7644 RoxMediaDB9 (f112231f8311ffac952b708c2f1200bf) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
12:12:00.0168 7644 RoxMediaDB9 - ok
12:12:00.0398 7644 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:12:00.0398 7644 RpcEptMapper - ok
12:12:00.0508 7644 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:12:00.0518 7644 RpcLocator - ok
12:12:00.0568 7644 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:12:00.0578 7644 RpcSs - ok
12:12:00.0678 7644 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:12:00.0678 7644 rspndr - ok
12:12:00.0748 7644 RTL8169 (170a66dfaaa22358e08d6f4b38c8f3df) C:\Windows\system32\DRIVERS\Rtlh64.sys
12:12:00.0748 7644 RTL8169 - ok
12:12:00.0778 7644 RxFilter (2dddd6e3fadee0d89365bfb90b1beeb9) C:\Windows\system32\DRIVERS\RxFilter.sys
12:12:00.0778 7644 RxFilter - ok
12:12:00.0818 7644 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:12:00.0818 7644 SamSs - ok
12:12:00.0968 7644 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:12:00.0968 7644 SASDIFSV - ok
12:12:01.0008 7644 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:12:01.0008 7644 SASKUTIL - ok
12:12:01.0058 7644 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:12:01.0058 7644 sbp2port - ok
12:12:01.0118 7644 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:12:01.0118 7644 SCardSvr - ok
12:12:01.0158 7644 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:12:01.0158 7644 scfilter - ok
12:12:01.0248 7644 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:12:01.0258 7644 Schedule - ok
12:12:01.0338 7644 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:12:01.0338 7644 SCPolicySvc - ok
12:12:01.0418 7644 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:12:01.0418 7644 SDRSVC - ok
12:12:01.0438 7644 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:12:01.0438 7644 secdrv - ok
12:12:01.0468 7644 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:12:01.0468 7644 seclogon - ok
12:12:01.0478 7644 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:12:01.0488 7644 SENS - ok
12:12:01.0518 7644 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:12:01.0518 7644 SensrSvc - ok
12:12:01.0528 7644 Ser2pl - ok
12:12:01.0558 7644 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:12:01.0568 7644 Serenum - ok
12:12:01.0598 7644 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:12:01.0598 7644 Serial - ok
12:12:01.0648 7644 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:12:01.0648 7644 sermouse - ok
12:12:01.0698 7644 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:12:01.0698 7644 SessionEnv - ok
12:12:01.0728 7644 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:12:01.0738 7644 sffdisk - ok
12:12:01.0748 7644 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:12:01.0748 7644 sffp_mmc - ok
12:12:01.0768 7644 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:12:01.0768 7644 sffp_sd - ok
12:12:01.0778 7644 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:12:01.0778 7644 sfloppy - ok
12:12:01.0838 7644 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:12:01.0848 7644 SharedAccess - ok
12:12:01.0908 7644 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:12:01.0908 7644 ShellHWDetection - ok
12:12:02.0128 7644 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:12:02.0158 7644 SiSRaid2 - ok
12:12:02.0168 7644 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:12:02.0168 7644 SiSRaid4 - ok
12:12:02.0198 7644 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:12:02.0208 7644 Smb - ok
12:12:02.0248 7644 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:12:02.0248 7644 SNMPTRAP - ok
12:12:02.0258 7644 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:12:02.0258 7644 spldr - ok
12:12:02.0318 7644 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:12:02.0318 7644 Spooler - ok
12:12:03.0098 7644 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:12:03.0168 7644 sppsvc - ok
12:12:03.0598 7644 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:12:03.0608 7644 sppuinotify - ok
12:12:03.0848 7644 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
12:12:03.0878 7644 SRTSP - ok
12:12:03.0908 7644 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
12:12:03.0908 7644 SRTSPX - ok
12:12:03.0998 7644 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:12:03.0998 7644 srv - ok
12:12:04.0028 7644 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:12:04.0038 7644 srv2 - ok
12:12:04.0118 7644 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:12:04.0128 7644 srvnet - ok
12:12:04.0198 7644 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:12:04.0198 7644 SSDPSRV - ok
12:12:04.0208 7644 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:12:04.0208 7644 SstpSvc - ok
12:12:04.0298 7644 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:12:04.0338 7644 stexstor - ok
12:12:04.0358 7644 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
12:12:04.0358 7644 StillCam - ok
12:12:04.0418 7644 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:12:04.0428 7644 stisvc - ok
12:12:04.0528 7644 stllssvr (4173a9cd59f15a64f54b3242c3232731) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
12:12:04.0528 7644 stllssvr - ok
12:12:04.0558 7644 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:12:04.0558 7644 swenum - ok
12:12:04.0598 7644 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:12:04.0648 7644 swprv - ok
12:12:04.0788 7644 Symantec RemoteAssist (267c914667c94e5f47d342311c1c577f) C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe
12:12:04.0798 7644 Symantec RemoteAssist - ok
12:12:04.0908 7644 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
12:12:04.0918 7644 SymDS - ok
12:12:04.0969 7644 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
12:12:04.0999 7644 SymEFA - ok
12:12:05.0139 7644 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:12:05.0139 7644 SymEvent - ok
12:12:05.0179 7644 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
12:12:05.0179 7644 SymIRON - ok
12:12:05.0209 7644 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
12:12:05.0229 7644 SymNetS - ok
12:12:05.0329 7644 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:12:05.0349 7644 SysMain - ok
12:12:05.0569 7644 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:12:05.0569 7644 TabletInputService - ok
12:12:05.0619 7644 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:12:05.0629 7644 TapiSrv - ok
12:12:05.0659 7644 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:12:05.0669 7644 TBS - ok
12:12:05.0909 7644 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:12:05.0929 7644 Tcpip - ok
12:12:06.0500 7644 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:12:06.0510 7644 TCPIP6 - ok
12:12:06.0770 7644 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:12:06.0770 7644 tcpipreg - ok
12:12:06.0810 7644 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:12:06.0820 7644 TDPIPE - ok
12:12:06.0860 7644 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:12:06.0860 7644 TDTCP - ok
12:12:06.0910 7644 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:12:06.0910 7644 tdx - ok
12:12:06.0950 7644 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:12:06.0960 7644 TermDD - ok
12:12:07.0110 7644 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:12:07.0120 7644 TermService - ok
12:12:07.0140 7644 TfFsMon - ok
12:12:07.0140 7644 TfNetMon - ok
12:12:07.0160 7644 TfSysMon - ok
12:12:07.0210 7644 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:12:07.0210 7644 Themes - ok
12:12:07.0250 7644 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:12:07.0250 7644 THREADORDER - ok
12:12:07.0310 7644 TotRec8 (f2df165148b58b89713851aa0769e8d8) C:\Windows\system32\drivers\TotRec8.sys
12:12:07.0310 7644 TotRec8 - ok
12:12:07.0350 7644 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:12:07.0360 7644 TrkWks - ok
12:12:07.0460 7644 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:12:07.0460 7644 TrustedInstaller - ok
12:12:07.0500 7644 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:12:07.0500 7644 tssecsrv - ok
12:12:07.0570 7644 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:12:07.0570 7644 TsUsbFlt - ok
12:12:07.0650 7644 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:12:07.0650 7644 tunnel - ok
12:12:07.0710 7644 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:12:07.0750 7644 uagp35 - ok
12:12:07.0800 7644 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:12:07.0800 7644 udfs - ok
12:12:08.0160 7644 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:12:08.0170 7644 UI0Detect - ok
12:12:08.0200 7644 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:12:08.0210 7644 uliagpkx - ok
12:12:08.0250 7644 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:12:08.0250 7644 umbus - ok
12:12:08.0280 7644 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:12:08.0280 7644 UmPass - ok
12:12:08.0330 7644 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:12:08.0330 7644 upnphost - ok
12:12:08.0470 7644 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
12:12:08.0470 7644 USBAAPL64 - ok
12:12:08.0480 7644 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:12:08.0490 7644 usbccgp - ok
12:12:08.0550 7644 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:12:08.0550 7644 usbcir - ok
12:12:08.0570 7644 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:12:08.0570 7644 usbehci - ok
12:12:08.0610 7644 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:12:08.0620 7644 usbhub - ok
12:12:08.0900 7644 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:12:08.0930 7644 usbohci - ok
12:12:08.0940 7644 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:12:08.0940 7644 usbprint - ok
12:12:08.0960 7644 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:12:08.0960 7644 USBSTOR - ok
12:12:08.0970 7644 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:12:08.0970 7644 usbuhci - ok
12:12:08.0980 7644 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:12:08.0980 7644 UxSms - ok
12:12:09.0020 7644 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:12:09.0020 7644 VaultSvc - ok
12:12:09.0050 7644 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:12:09.0050 7644 vdrvroot - ok
12:12:09.0120 7644 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:12:09.0120 7644 vds - ok
12:12:09.0150 7644 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:12:09.0150 7644 vga - ok
12:12:09.0170 7644 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:12:09.0170 7644 VgaSave - ok
12:12:09.0200 7644 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:12:09.0200 7644 vhdmp - ok
12:12:09.0230 7644 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:12:09.0240 7644 viaide - ok
12:12:09.0260 7644 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:12:09.0260 7644 volmgr - ok
12:12:09.0310 7644 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:12:09.0310 7644 volmgrx - ok
12:12:09.0480 7644 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:12:09.0480 7644 volsnap - ok
12:12:09.0510 7644 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:12:09.0510 7644 vsmraid - ok
12:12:09.0610 7644 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:12:09.0630 7644 VSS - ok
12:12:09.0870 7644 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:12:09.0870 7644 vwifibus - ok
12:12:09.0900 7644 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:12:09.0910 7644 vwififlt - ok
12:12:09.0930 7644 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:12:09.0930 7644 vwifimp - ok
12:12:09.0990 7644 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:12:09.0990 7644 W32Time - ok
12:12:10.0010 7644 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:12:10.0020 7644 WacomPen - ok
12:12:10.0080 7644 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:12:10.0080 7644 WANARP - ok
12:12:10.0080 7644 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:12:10.0080 7644 Wanarpv6 - ok
12:12:10.0210 7644 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:12:10.0240 7644 WatAdminSvc - ok
12:12:10.0800 7644 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:12:10.0830 7644 wbengine - ok
12:12:11.0250 7644 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:12:11.0250 7644 WbioSrvc - ok
12:12:11.0310 7644 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:12:11.0310 7644 wcncsvc - ok
12:12:11.0350 7644 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:12:11.0350 7644 WcsPlugInService - ok
12:12:11.0430 7644 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:12:11.0430 7644 Wd - ok
12:12:11.0480 7644 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:12:11.0490 7644 Wdf01000 - ok
12:12:11.0680 7644 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:12:11.0680 7644 WdiServiceHost - ok
12:12:11.0680 7644 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:12:11.0690 7644 WdiSystemHost - ok
12:12:11.0750 7644 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:12:11.0750 7644 WebClient - ok
12:12:11.0780 7644 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:12:11.0780 7644 Wecsvc - ok
12:12:11.0800 7644 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:12:11.0800 7644 wercplsupport - ok
12:12:11.0830 7644 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:12:11.0840 7644 WerSvc - ok
12:12:11.0860 7644 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:12:11.0870 7644 WfpLwf - ok
12:12:11.0890 7644 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:12:11.0890 7644 WIMMount - ok
12:12:11.0960 7644 WinDefend - ok
12:12:11.0970 7644 WinHttpAutoProxySvc - ok
12:12:12.0140 7644 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:12:12.0150 7644 Winmgmt - ok
12:12:12.0440 7644 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:12:12.0470 7644 WinRM - ok
12:12:12.0880 7644 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:12:12.0890 7644 Wlansvc - ok
12:12:13.0310 7644 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:12:13.0340 7644 wlidsvc - ok
12:12:13.0610 7644 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:12:13.0620 7644 WmiAcpi - ok
12:12:13.0720 7644 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:12:13.0730 7644 wmiApSrv - ok
12:12:13.0870 7644 WMPNetworkSvc - ok
12:12:13.0930 7644 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:12:13.0930 7644 WPCSvc - ok
12:12:13.0980 7644 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:12:13.0980 7644 WPDBusEnum - ok
12:12:14.0060 7644 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:12:14.0070 7644 ws2ifsl - ok
12:12:14.0160 7644 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:12:14.0160 7644 wscsvc - ok
12:12:14.0180 7644 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
12:12:14.0180 7644 WSDPrintDevice - ok
12:12:14.0180 7644 WSearch - ok
12:12:14.0490 7644 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:12:14.0520 7644 wuauserv - ok
12:12:15.0000 7644 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:12:15.0000 7644 WudfPf - ok
12:12:15.0070 7644 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:12:15.0070 7644 WUDFRd - ok
12:12:15.0120 7644 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:12:15.0120 7644 wudfsvc - ok
12:12:15.0230 7644 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:12:15.0230 7644 WwanSvc - ok
12:12:15.0260 7644 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
12:12:16.0290 7644 \Device\Harddisk0\DR0 - ok
12:12:16.0300 7644 Boot (0x1200) (155842037988dacff40dfbef6ed63153) \Device\Harddisk0\DR0\Partition0
12:12:16.0300 7644 \Device\Harddisk0\DR0\Partition0 - ok
12:12:16.0340 7644 Boot (0x1200) (38e94d5f6fc25610a506cfe8f5d8dcb6) \Device\Harddisk0\DR0\Partition1
12:12:16.0340 7644 \Device\Harddisk0\DR0\Partition1 - ok
12:12:16.0340 7644 ============================================================
12:12:16.0340 7644 Scan finished
12:12:16.0340 7644 ============================================================
12:12:16.0360 5428 Detected object count: 0
12:12:16.0360 5428 Actual detected object count: 0


aswMBR.exe log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 12:14:05
-----------------------------
12:14:05.650 OS Version: Windows x64 6.1.7601 Service Pack 1
12:14:05.650 Number of processors: 4 586 0x170A
12:14:05.650 ComputerName: HOME-PC UserName: Admin
12:14:08.440 Initialize success
12:15:02.086 AVAST engine defs: 12071700
12:15:13.007 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:15:13.007 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 8
12:15:13.087 Disk 0 MBR read successfully
12:15:13.087 Disk 0 MBR scan
12:15:13.097 Disk 0 unknown MBR code
12:15:13.107 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 939857 MB offset 63
12:15:13.917 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14009 MB offset 1924827975
12:15:14.147 Disk 0 scanning C:\Windows\system32\drivers
12:16:02.771 Service scanning
12:16:33.523 Modules scanning
12:16:33.523 Disk 0 trace - called modules:
12:16:33.553 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:16:33.563 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80098d6790]
12:16:33.563 3 CLASSPNP.SYS[fffff88001d4d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007431050]
12:16:35.983 AVAST engine scan C:\Windows
12:16:55.899 AVAST engine scan C:\Windows\system32
12:29:30.953 AVAST engine scan C:\Windows\system32\drivers
12:31:07.024 AVAST engine scan C:\Users\Admin
12:43:19.754 AVAST engine scan C:\ProgramData
13:07:59.043 Scan finished successfully
15:11:13.718 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
15:11:13.718 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

Edited by Pliney, 17 July 2012 - 03:43 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 17 July 2012 - 09:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Pliney

Pliney
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 18 July 2012 - 06:53 AM

Hi -
You asked me to run TDSSKiller and aswMBR.exe already. The logs can be found in post #5 of this thread. As noted in that post, I ran aswMBR.exe as a "QuickScan" since that was the default scan, and there were no instructions to change any settings. I notice that aswMBR.exe did not scan ALL user profiles on the machine, only the "Admin" profile, which was my current logon. Should I re-run aswMBR.exe, scanning the entire c: drive?

Thanks.

Edited by Pliney, 18 July 2012 - 06:55 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 18 July 2012 - 01:47 PM

Hello

very sorry this is what i thought I had put in

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Pliney

Pliney
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 18 July 2012 - 08:08 PM

Here is the OTL.txt log:

OTL logfile created on: 7/18/2012 8:41:34 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Admin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.52 Gb Available Physical Memory | 69.10% Memory free
15.98 Gb Paging File | 12.40 Gb Available in Paging File | 77.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.83 Gb Total Space | 625.44 Gb Free Space | 68.14% Space Free | Partition Type: NTFS
Drive D: | 13.68 Gb Total Space | 1.93 Gb Free Space | 14.07% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\BeerSmith2\BeerSmith2.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Symantec RemoteAssist) -- C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)


========== Driver Services (SafeList) ==========
DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys (Symantec Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys (Symantec Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TotRec8) -- C:\Windows\SysNative\drivers\TotRec8.sys (High Criteria inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (FlyUsb) -- C:\Windows\SysNative\drivers\FlyUsb.sys (LeapFrog)
DRV:64bit: - (DRVEDDM) -- C:\Windows\SysNative\drivers\DRVEDDM.SYS (Roxio)
DRV:64bit: - (DLACDBHE) -- C:\Windows\SysNative\drivers\DLACDBHE.SYS (Roxio)
DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions)
DRV:64bit: - (DLADResE) -- C:\Windows\SysNative\DLA\DLADResE.SYS (Roxio)
DRV:64bit: - (DLABMFSE) -- C:\Windows\SysNative\DLA\DLABMFSE.SYS (Roxio)
DRV:64bit: - (DLAUDF_E) -- C:\Windows\SysNative\DLA\DLAUDF_E.SYS (Roxio)
DRV:64bit: - (DLAUDFAE) -- C:\Windows\SysNative\DLA\DLAUDFAE.SYS (Roxio)
DRV:64bit: - (DLAOPIOE) -- C:\Windows\SysNative\DLA\DLAOPIOE.SYS (Roxio)
DRV:64bit: - (DLABOIOE) -- C:\Windows\SysNative\DLA\DLABOIOE.SYS (Roxio)
DRV:64bit: - (DLAIFS_E) -- C:\Windows\SysNative\DLA\DLAIFS_E.SYS (Roxio)
DRV:64bit: - (DLAPoolE) -- C:\Windows\SysNative\DLA\DLAPoolE.SYS (Roxio)
DRV:64bit: - (DRVECDB) -- C:\Windows\SysNative\drivers\DRVECDB.SYS (Sonic Solutions)
DRV:64bit: - (DLARTL_E) -- C:\Windows\SysNative\drivers\DLARTL_E.SYS (Roxio)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120711.002\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120717.003\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120718.002\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120718.002\eng64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{7FBFB352-70AB-4A70-8332-47369F2E0785}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7FBFB352-70AB-4A70-8332-47369F2E0785}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes,DefaultScope = {FB0A2B3E-3981-44DE-802C-0264508826EC}
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes\{7FBFB352-70AB-4A70-8332-47369F2E0785}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes\{FB0A2B3E-3981-44DE-802C-0264508826EC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADRA_enUS472
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes\{FF9101B3-0253-44C5-AA62-FACD0C8D8F25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes,DefaultScope = {C515FC84-3413-482B-81A3-C8682D450F41}
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes\{7FBFB352-70AB-4A70-8332-47369F2E0785}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes\{C515FC84-3413-482B-81A3-C8682D450F41}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_enUS472
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes\{FF9101B3-0253-44C5-AA62-FACD0C8D8F25}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://isearch.babylon.com/?babsrc=HP_ss&mntrId=161edd48000000000000062100e8a523"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.5
FF - prefs.js..keyword.URL: "http://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=161edd48000000000000062100e8a523&q="
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\VeetleTV\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\VeetleTV\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\VeetleTV\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_10_1 [2012/07/18 07:32:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 08:13:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:36:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/13 17:29:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/13 17:29:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/02 17:36:34 | 000,000,000 | ---D | M]

[2009/11/08 18:04:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/03/14 21:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions
[2011/09/26 12:59:10 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2009/11/08 18:04:21 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/11/08 18:04:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/28 19:43:44 | 000,000,000 | ---D | M] (Microsoft Default Manager) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\DefaultManager@Microsoft
[2012/03/14 21:05:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\ffxtlbr@babylon.com
[2012/06/25 22:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 18:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/01 19:12:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/14 21:05:53 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/07/17 09:48:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (CompTool0234 Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll (Conduit Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (CompTool0234 Toolbar) - {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..\Toolbar\WebBrowser: (CompTool0234 Toolbar) - {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\Toolbar\WebBrowser: (CompTool0234 Toolbar) - {37153479-1976-43C3-A1EE-557513977B64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000..\Run: [VistaStartMenu] C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O4 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001..\Run: [DOSBox] C:\Users\Larry\AppData\Local\File Renamer Basic\DOSBox\wvxrj.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001..\Run: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001..\Run: [VistaStartMenu] C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O4 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002..\Run: [VistaStartMenu] C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://myconnection-va.wellpoint.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0C063AA-2AE8-45CA-945B-6ACD5DE2BDE5}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/18 20:40:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/17 12:13:10 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/07/17 12:10:03 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/07/17 09:48:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/17 09:29:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/16 14:55:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/16 14:55:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/16 14:55:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/16 14:54:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/16 14:54:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/16 14:52:37 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/07/14 11:54:04 | 009,822,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/07/14 11:36:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/14 11:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/14 11:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/14 11:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/13 20:32:11 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2012/07/13 12:01:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/13 11:58:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ad-Aware Antivirus
[2012/07/13 10:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/13 08:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/13 08:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/07/13 08:00:54 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/07/13 08:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/07/12 15:13:24 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012/07/12 15:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2012/07/12 15:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/12 15:13:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/12 15:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2012/07/12 03:08:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:08:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:08:19 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:08:19 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:08:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:08:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:08:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:08:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:08:16 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:08:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:08:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:08:16 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/12 03:08:15 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 07:49:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 07:49:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 07:49:52 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 07:49:47 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 07:49:47 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/06/25 22:40:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/25 22:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/21 07:20:36 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 07:20:36 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 07:20:36 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 07:20:06 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 07:20:05 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 07:20:05 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 07:19:24 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 07:19:24 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/18 20:40:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\OTL.exe
[2012/07/18 20:39:25 | 000,000,000 | ---- | M] () -- C:\Users\Admin\Desktop\OTL.exe.bsr1qno.partial
[2012/07/18 20:36:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 19:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/18 16:36:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 16:25:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/18 10:57:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/07/18 09:26:44 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/18 09:26:44 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/18 09:26:44 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/18 08:59:00 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 08:59:00 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/18 07:32:21 | 2139,795,455 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/17 18:35:04 | 1185,961,323 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/17 15:11:13 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR-orig.dat
[2012/07/17 12:13:25 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe
[2012/07/17 12:10:03 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe
[2012/07/17 09:48:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/16 14:52:43 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\Admin\Desktop\ComboFix.exe
[2012/07/16 14:45:50 | 000,881,475 | ---- | M] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2012/07/14 11:54:09 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/14 11:54:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/14 11:54:04 | 009,822,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/07/14 11:36:32 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/13 21:02:09 | 000,283,425 | ---- | M] () -- C:\Users\Admin\AppData\Local\census.cache
[2012/07/13 21:01:10 | 000,182,181 | ---- | M] () -- C:\Users\Admin\AppData\Local\ars.cache
[2012/07/13 20:30:33 | 000,000,036 | ---- | M] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2012/07/13 15:25:29 | 000,036,168 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/07/12 03:43:40 | 000,497,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 08:21:03 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Admin - Full System Scan.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/18 20:39:25 | 000,000,000 | ---- | C] () -- C:\Users\Admin\Desktop\OTL.exe.bsr1qno.partial
[2012/07/17 18:35:04 | 1185,961,323 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/07/17 15:11:13 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR-orig.dat
[2012/07/16 14:55:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/16 14:55:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/16 14:55:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/16 14:55:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/16 14:55:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/16 14:45:44 | 000,881,475 | ---- | C] () -- C:\Users\Admin\Desktop\SecurityCheck.exe
[2012/07/14 11:36:32 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/14 11:35:33 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 21:02:09 | 000,283,425 | ---- | C] () -- C:\Users\Admin\AppData\Local\census.cache
[2012/07/13 21:01:10 | 000,182,181 | ---- | C] () -- C:\Users\Admin\AppData\Local\ars.cache
[2012/07/13 20:30:33 | 000,000,036 | ---- | C] () -- C:\Users\Admin\AppData\Local\housecall.guid.cache
[2012/07/13 15:25:29 | 000,036,168 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2012/06/25 22:40:54 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/14 08:02:01 | 000,121,691 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2012/03/27 19:11:38 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2010/10/04 21:46:37 | 002,950,389 | ---- | C] () -- C:\Users\Admin\AppData\Local\tmpELISE-3-2010-06 009.JPG
[2010/01/08 22:41:33 | 000,007,600 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

========== Alternate Data Streams ==========

@Alternate Data Stream - 1865 bytes -> C:\Users\Public\Documents\WMass.eml:OECustomProperty

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 19 July 2012 - 02:14 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll File not found
    O3 - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 1865 bytes -> C:\Users\Public\Documents\WMass.eml:OECustomProperty  
    IE:64bit: - HKLM\..\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..\URLSearchHook: {37153479-1976-43c3-a1ee-557513977b64} - C:\Program Files (x86)\Coupons.com\prxtbCou1.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis
    IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis
    IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-1119723117-4265395415-3397327506-1002\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis
    FF - prefs.js..browser.startup.homepage: "http://isearch.babylon.com/?babsrc=HP_ss&mntrId=161edd48000000000000062100e8a523"
    FF - prefs.js..keyword.URL: "http://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=161edd48000000000000062100e8a523&q="
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    [2012/03/14 21:05:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\ffxtlbr@babylon.com
    [2012/03/14 21:05:53 | 000,002,298 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    :Files
    C:\Program Files (x86)\BabylonToolbar
    C:\Program Files (x86)\Coupons.com
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Pliney

Pliney
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 19 July 2012 - 05:02 PM

I ran OTL.exe w/ the custom script. It finished successfully. However, I am still having the Google redirect problem.
In fact, the first Google search I attempted created a new tab that resulted in an attack detected by Norton Internet Security (see attached jpg). The redirect went to bicircle.net and then valumb.info.

Below is the log from OTL.exe for the custom script you provided:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91\ not found.
Registry value HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}
C:\Windows\Downloaded Program Files\setup.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\Users\Public\Documents\WMass.eml:OECustomProperty deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ deleted successfully.
C:\Program Files (x86)\Coupons.com\prxtbCou1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37153479-1976-43c3-a1ee-557513977b64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43c3-a1ee-557513977b64}\ not found.
File C:\Program Files (x86)\Coupons.com\prxtbCou1.dll not found.
Registry key HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}\ not found.
Registry key HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C80D49E-3699-45DC-A1B7-C2BFF1322162}\ not found.
Registry key HKEY_USERS\S-1-5-21-1119723117-4265395415-3397327506-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Prefs.js: "http://isearch.babylon.com/?babsrc=HP_ss&mntrId=161edd48000000000000062100e8a523" removed from browser.startup.homepage
Prefs.js: "http://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=161edd48000000000000062100e8a523&q=" removed from keyword.URL
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p4mczb8k.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
========== FILES ==========
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files (x86)\BabylonToolbar folder moved successfully.
C:\Program Files (x86)\Coupons.com folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin\Desktop\cmd.bat deleted successfully.
C:\Users\Admin\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Admin
->Java cache emptied: 9202482 bytes

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 14300071 bytes

User: Jen
->Java cache emptied: 23732275 bytes

User: Larry
->Java cache emptied: 23875212 bytes

User: Public

Total Java Files Cleaned = 68.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 51690 bytes

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 2676 bytes

User: Jen
->Flash cache emptied: 249502 bytes

User: Larry
->Flash cache emptied: 409618 bytes

User: Public

Total Flash Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07192012_174845

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 19 July 2012 - 05:48 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Pliney

Pliney
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 19 July 2012 - 07:00 PM

Here is the log from router.bat:


Windows IP Configuration

Host Name . . . . . . . . . . . . : Home-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-21-00-E8-A5-23
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Physical Address. . . . . . . . . : 00-21-00-E8-A5-23
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 19, 2012 7:40:32 AM
Lease Expires . . . . . . . . . . : Friday, July 20, 2012 4:51:39 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-18-33-06-8A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:4006:802::1003
74.125.226.197
74.125.226.192
74.125.226.194
74.125.226.201
74.125.226.206
74.125.226.200
74.125.226.199
74.125.226.196
74.125.226.195
74.125.226.198
74.125.226.193

Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging google.com [74.125.226.192] with 32 bytes of data:
Reply from 74.125.226.192: bytes=32 time=41ms TTL=53
Reply from 74.125.226.192: bytes=32 time=44ms TTL=53

Ping statistics for 74.125.226.192:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 44ms, Average = 42ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=71ms TTL=50
Reply from 98.139.183.24: bytes=32 time=131ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 71ms, Maximum = 131ms, Average = 101ms
===========================================================================
Interface List
13...06 21 00 e8 a5 23 ......Microsoft Virtual WiFi Miniport Adapter
11...00 21 00 e8 a5 23 ......Atheros 802.11 a/b/g/n Dualband Wireless Network Module
10...00 26 18 33 06 8a ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.120 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.120 281
192.168.1.120 255.255.255.255 On-link 192.168.1.120 281
192.168.1.255 255.255.255.255 On-link 192.168.1.120 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.120 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.120 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 19 July 2012 - 08:11 PM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Pliney

Pliney
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 PM

Posted 19 July 2012 - 10:13 PM

I reset the router, reconfigured and set up ID/pwd, flushed dns cache and reran router.bat - below is the log. I am still getting redirects when clicking on Google search results. **ADDITIONAL INFO** --> I have noticed that the redirects only seem to happen under the user "Larry" on this PC -- not the other user accounts that exist on the machine.


Windows IP Configuration

Host Name . . . . . . . . . . . . : Home-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.ma.comcast.net.

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-21-00-E8-A5-23
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.ma.comcast.net.
Description . . . . . . . . . . . : Atheros 802.11 a/b/g/n Dualband Wireless Network Module
Physical Address. . . . . . . . . : 00-21-00-E8-A5-23
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.121(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 19, 2012 10:57:05 PM
Lease Expires . . . . . . . . . . : Friday, July 20, 2012 11:04:50 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 75.75.75.75
75.75.76.76
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-18-33-06-8A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 2607:f8b0:4006:800::1003
74.125.226.195
74.125.226.201
74.125.226.196
74.125.226.199
74.125.226.206
74.125.226.194
74.125.226.200
74.125.226.192
74.125.226.198
74.125.226.197
74.125.226.193

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 209.191.122.70
98.139.183.24
72.30.38.140


Pinging google.com [74.125.226.194] with 32 bytes of data:
Reply from 74.125.226.194: bytes=32 time=37ms TTL=53
Reply from 74.125.226.194: bytes=32 time=51ms TTL=53

Ping statistics for 74.125.226.194:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 37ms, Maximum = 51ms, Average = 44ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=95ms TTL=48
Reply from 209.191.122.70: bytes=32 time=114ms TTL=48

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 95ms, Maximum = 114ms, Average = 104ms
===========================================================================
Interface List
13...06 21 00 e8 a5 23 ......Microsoft Virtual WiFi Miniport Adapter
11...00 21 00 e8 a5 23 ......Atheros 802.11 a/b/g/n Dualband Wireless Network Module
10...00 26 18 33 06 8a ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.121 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.121 281
192.168.1.121 255.255.255.255 On-link 192.168.1.121 281
192.168.1.255 255.255.255.255 On-link 192.168.1.121 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.121 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.121 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users