Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus - Help!


  • This topic is locked This topic is locked
19 replies to this topic

#1 RavenJMK

RavenJMK

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 26 August 2012 - 11:50 AM

I think I've had the google redirect virus for the last three months. When I click on a google link, I get redirected to various ad sites. This was happening 10 out of 30 times, but seems to be dramatically increasing in frequency lately. I use Firefox and I've tried several virus and malware scans, as well as TDSS killer, which did not work. Please help me get rid of this. I can't stand it! :angry: My scan logs are attached. Thank you for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 27 August 2012 - 01:23 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 RavenJMK

RavenJMK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 27 August 2012 - 07:11 PM

I'm still getting redirected. Maybe not as often, but still redirected. Here is the log.








ComboFix 12-08-25.04 - Kopac 08/27/2012 19:03:47.1.3 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1537 [GMT -4:00]
Running from: c:\users\Kopac\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CouponAlert_2pEI
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 23:12 . 2012-08-27 23:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-24 20:26 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{139B9EA6-7668-434F-9D12-C6420515F4D6}\mpengine.dll
2012-08-20 01:59 . 2012-08-20 02:00 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-20 00:56 . 2012-08-20 00:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-20 00:56 . 2012-08-20 00:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-20 00:52 . 2012-08-20 00:52 -------- d-----w- c:\programdata\McAfee
2012-08-20 00:15 . 2012-08-20 00:15 -------- d-----w- c:\program files\Enigma Software Group
2012-08-20 00:14 . 2012-08-20 00:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-19 06:41 . 2012-08-26 23:34 -------- d-----w- c:\users\Kopac\AppData\Local\NPE
2012-08-19 06:32 . 2012-08-19 06:43 -------- d-----w- c:\program files\Common Files\PC Tools
2012-08-19 06:31 . 2012-08-19 06:31 -------- d-----w- c:\programdata\PC Tools
2012-08-19 06:31 . 2012-08-19 06:31 -------- d-----w- c:\users\Kopac\AppData\Roaming\TestApp
2012-08-19 05:18 . 2012-08-19 05:18 -------- d-----w- c:\programdata\Sophos
2012-08-19 04:45 . 2012-08-19 04:45 -------- d-----w- c:\programdata\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 00:55 . 2011-06-27 16:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-20 16:54 . 2012-01-30 04:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-05-31 16:25 . 2011-06-23 21:04 237072 ------w- c:\windows\system32\MpSigStub.exe
2007-08-09 17:08 . 2008-05-26 00:36 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 17:10 . 2008-05-26 00:36 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2012-07-19 01:33 . 2011-06-27 06:04 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-05-26 00:30 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 20:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
c:\users\Kopac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Kopac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Disney Vacation Connection.lnk]
path=c:\users\Kopac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk
backup=c:\windows\pss\Disney Vacation Connection.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-11 17:58 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-24 23:07]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-24 23:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-27 19:13
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-27 19:15:32
ComboFix-quarantined-files.txt 2012-08-27 23:15
.
Pre-Run: 158,999,019,520 bytes free
Post-Run: 158,988,075,008 bytes free
.
- - End Of File - - 2E701AB8160093B8EB7667D9EB7ED7B8

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 27 August 2012 - 11:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 RavenJMK

RavenJMK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 28 August 2012 - 06:10 PM

Here is the TDSSkiller log.



19:06:44.0717 5312 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:06:45.0283 5312 ============================================================
19:06:45.0283 5312 Current date / time: 2012/08/28 19:06:45.0283
19:06:45.0283 5312 SystemInfo:
19:06:45.0283 5312
19:06:45.0283 5312 OS Version: 6.0.6001 ServicePack: 1.0
19:06:45.0283 5312 Product type: Workstation
19:06:45.0283 5312 ComputerName: KOPAC-PC
19:06:45.0284 5312 UserName: Kopac
19:06:45.0284 5312 Windows directory: C:\Windows
19:06:45.0284 5312 System windows directory: C:\Windows
19:06:45.0284 5312 Processor architecture: Intel x86
19:06:45.0284 5312 Number of processors: 3
19:06:45.0284 5312 Page size: 0x1000
19:06:45.0284 5312 Boot type: Normal boot
19:06:45.0284 5312 ============================================================
19:06:46.0048 5312 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:06:46.0058 5312 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:06:46.0076 5312 ============================================================
19:06:46.0076 5312 \Device\Harddisk0\DR0:
19:06:46.0088 5312 MBR partitions:
19:06:46.0088 5312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2418057F
19:06:46.0088 5312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x241805BE, BlocksNum 0x12AD103
19:06:46.0088 5312 \Device\Harddisk1\DR1:
19:06:46.0088 5312 MBR partitions:
19:06:46.0088 5312 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
19:06:46.0089 5312 ============================================================
19:06:46.0107 5312 C: <-> \Device\Harddisk0\DR0\Partition1
19:06:46.0131 5312 E: <-> \Device\Harddisk1\DR1\Partition1
19:06:46.0231 5312 D: <-> \Device\Harddisk0\DR0\Partition2
19:06:46.0231 5312 ============================================================
19:06:46.0231 5312 Initialize success
19:06:46.0231 5312 ============================================================
19:06:48.0103 4284 ============================================================
19:06:48.0103 4284 Scan started
19:06:48.0103 4284 Mode: Manual;
19:06:48.0103 4284 ============================================================
19:06:48.0913 4284 ================ Scan system memory ========================
19:06:48.0913 4284 System memory - ok
19:06:48.0916 4284 ================ Scan services =============================
19:06:49.0075 4284 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
19:06:49.0079 4284 ACPI - ok
19:06:49.0173 4284 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
19:06:49.0174 4284 AdobeActiveFileMonitor6.0 - ok
19:06:49.0205 4284 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:06:49.0211 4284 adp94xx - ok
19:06:49.0245 4284 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:06:49.0249 4284 adpahci - ok
19:06:49.0271 4284 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:06:49.0273 4284 adpu160m - ok
19:06:49.0292 4284 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:06:49.0295 4284 adpu320 - ok
19:06:49.0334 4284 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:06:49.0335 4284 AeLookupSvc - ok
19:06:49.0378 4284 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
19:06:49.0382 4284 AFD - ok
19:06:49.0423 4284 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:06:49.0425 4284 agp440 - ok
19:06:49.0456 4284 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:06:49.0458 4284 aic78xx - ok
19:06:49.0626 4284 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:06:49.0628 4284 ALG - ok
19:06:49.0645 4284 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:06:49.0647 4284 aliide - ok
19:06:49.0665 4284 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:06:49.0667 4284 amdagp - ok
19:06:49.0688 4284 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:06:49.0690 4284 amdide - ok
19:06:49.0716 4284 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:06:49.0718 4284 AmdK7 - ok
19:06:49.0741 4284 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:06:49.0742 4284 AmdK8 - ok
19:06:49.0784 4284 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:06:49.0786 4284 Appinfo - ok
19:06:49.0865 4284 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:06:49.0866 4284 Apple Mobile Device - ok
19:06:49.0928 4284 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:06:49.0929 4284 arc - ok
19:06:49.0963 4284 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:06:49.0965 4284 arcsas - ok
19:06:49.0989 4284 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:06:49.0991 4284 AsyncMac - ok
19:06:50.0005 4284 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
19:06:50.0006 4284 atapi - ok
19:06:50.0047 4284 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:06:50.0051 4284 AudioEndpointBuilder - ok
19:06:50.0059 4284 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:06:50.0062 4284 Audiosrv - ok
19:06:50.0081 4284 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:06:50.0083 4284 Beep - ok
19:06:50.0099 4284 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
19:06:50.0104 4284 BFE - ok
19:06:50.0290 4284 [ 080BE9BAD2B41B8D91A4BC96C092AA9E ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120823.005\BHDrvx86.sys
19:06:50.0305 4284 BHDrvx86 - ok
19:06:50.0376 4284 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
19:06:50.0388 4284 BITS - ok
19:06:50.0407 4284 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:06:50.0409 4284 blbdrive - ok
19:06:50.0498 4284 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:06:50.0504 4284 Bonjour Service - ok
19:06:50.0539 4284 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:06:50.0541 4284 bowser - ok
19:06:50.0570 4284 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:06:50.0571 4284 BrFiltLo - ok
19:06:50.0579 4284 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:06:50.0580 4284 BrFiltUp - ok
19:06:50.0605 4284 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:06:50.0606 4284 Browser - ok
19:06:50.0630 4284 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:06:50.0632 4284 Brserid - ok
19:06:50.0645 4284 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:06:50.0647 4284 BrSerWdm - ok
19:06:50.0657 4284 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:06:50.0658 4284 BrUsbMdm - ok
19:06:50.0673 4284 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:06:50.0674 4284 BrUsbSer - ok
19:06:50.0701 4284 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:06:50.0703 4284 BTHMODEM - ok
19:06:50.0791 4284 catchme - ok
19:06:50.0812 4284 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:06:50.0814 4284 cdfs - ok
19:06:50.0838 4284 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:06:50.0840 4284 cdrom - ok
19:06:50.0870 4284 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
19:06:50.0871 4284 CertPropSvc - ok
19:06:50.0889 4284 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:06:50.0890 4284 circlass - ok
19:06:50.0910 4284 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
19:06:50.0914 4284 CLFS - ok
19:06:50.0979 4284 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:06:50.0982 4284 clr_optimization_v2.0.50727_32 - ok
19:06:51.0039 4284 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:06:51.0041 4284 clr_optimization_v4.0.30319_32 - ok
19:06:51.0068 4284 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:06:51.0069 4284 cmdide - ok
19:06:51.0086 4284 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:06:51.0087 4284 Compbatt - ok
19:06:51.0098 4284 COMSysApp - ok
19:06:51.0118 4284 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:06:51.0119 4284 crcdisk - ok
19:06:51.0134 4284 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:06:51.0136 4284 Crusoe - ok
19:06:51.0170 4284 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:06:51.0173 4284 CryptSvc - ok
19:06:51.0230 4284 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:06:51.0239 4284 DcomLaunch - ok
19:06:51.0280 4284 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:06:51.0282 4284 DfsC - ok
19:06:51.0347 4284 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
19:06:51.0376 4284 DFSR - ok
19:06:51.0407 4284 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:06:51.0411 4284 Dhcp - ok
19:06:51.0448 4284 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
19:06:51.0449 4284 disk - ok
19:06:51.0483 4284 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:06:51.0484 4284 Dnscache - ok
19:06:51.0508 4284 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
19:06:51.0511 4284 dot3svc - ok
19:06:51.0525 4284 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:06:51.0527 4284 DPS - ok
19:06:51.0557 4284 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:06:51.0558 4284 drmkaud - ok
19:06:51.0590 4284 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:06:51.0598 4284 DXGKrnl - ok
19:06:51.0618 4284 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:06:51.0620 4284 E1G60 - ok
19:06:51.0642 4284 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:06:51.0643 4284 EapHost - ok
19:06:51.0668 4284 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:06:51.0670 4284 Ecache - ok
19:06:51.0735 4284 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:06:51.0740 4284 eeCtrl - ok
19:06:51.0785 4284 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:06:51.0788 4284 ehRecvr - ok
19:06:51.0803 4284 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:06:51.0805 4284 ehSched - ok
19:06:51.0820 4284 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:06:51.0820 4284 ehstart - ok
19:06:51.0848 4284 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:06:51.0852 4284 elxstor - ok
19:06:51.0882 4284 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:06:51.0891 4284 EMDMgmt - ok
19:06:51.0944 4284 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:06:51.0946 4284 EraserUtilRebootDrv - ok
19:06:51.0974 4284 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:06:51.0975 4284 ErrDev - ok
19:06:52.0027 4284 esgiguard - ok
19:06:52.0055 4284 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
19:06:52.0059 4284 EventSystem - ok
19:06:52.0078 4284 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
19:06:52.0082 4284 exfat - ok
19:06:52.0104 4284 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:06:52.0109 4284 fastfat - ok
19:06:52.0142 4284 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:06:52.0144 4284 fdc - ok
19:06:52.0178 4284 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:06:52.0181 4284 fdPHost - ok
19:06:52.0197 4284 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:06:52.0199 4284 FDResPub - ok
19:06:52.0227 4284 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:06:52.0230 4284 FileInfo - ok
19:06:52.0245 4284 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:06:52.0246 4284 Filetrace - ok
19:06:52.0300 4284 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:06:52.0313 4284 FLEXnet Licensing Service - ok
19:06:52.0344 4284 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:06:52.0347 4284 flpydisk - ok
19:06:52.0362 4284 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:06:52.0365 4284 FltMgr - ok
19:06:52.0424 4284 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:06:52.0425 4284 FontCache3.0.0.0 - ok
19:06:52.0438 4284 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:06:52.0440 4284 Fs_Rec - ok
19:06:52.0457 4284 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:06:52.0459 4284 gagp30kx - ok
19:06:52.0518 4284 [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
19:06:52.0521 4284 GameConsoleService - ok
19:06:52.0555 4284 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:06:52.0555 4284 GEARAspiWDM - ok
19:06:52.0598 4284 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
19:06:52.0607 4284 gpsvc - ok
19:06:52.0688 4284 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:06:52.0689 4284 gupdate - ok
19:06:52.0695 4284 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:06:52.0696 4284 gupdatem - ok
19:06:52.0718 4284 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:06:52.0719 4284 HDAudBus - ok
19:06:52.0728 4284 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:06:52.0729 4284 HidBth - ok
19:06:52.0740 4284 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:06:52.0741 4284 HidIr - ok
19:06:52.0765 4284 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
19:06:52.0767 4284 hidserv - ok
19:06:52.0778 4284 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
19:06:52.0779 4284 HidUsb - ok
19:06:52.0809 4284 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:06:52.0811 4284 hkmsvc - ok
19:06:52.0879 4284 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
19:06:52.0880 4284 HP Health Check Service - ok
19:06:52.0904 4284 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:06:52.0905 4284 HpCISSs - ok
19:06:52.0968 4284 [ 88749FBF8BEB18C90E7D6626C8C1910B ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys
19:06:52.0990 4284 HSF_DP - ok
19:06:53.0008 4284 [ FE440536BD98AF772130DC3A6FE1915F ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
19:06:53.0013 4284 HSXHWBS2 - ok
19:06:53.0054 4284 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:06:53.0060 4284 HTTP - ok
19:06:53.0087 4284 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:06:53.0089 4284 i2omp - ok
19:06:53.0119 4284 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:06:53.0120 4284 i8042prt - ok
19:06:53.0143 4284 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:06:53.0147 4284 iaStorV - ok
19:06:53.0208 4284 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:06:53.0220 4284 idsvc - ok
19:06:53.0300 4284 [ D0A4C9031B57295D6B1078E3CFA45DB4 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120828.001\IDSvix86.sys
19:06:53.0309 4284 IDSVix86 - ok
19:06:53.0341 4284 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:06:53.0343 4284 iirsp - ok
19:06:53.0385 4284 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
19:06:53.0394 4284 IKEEXT - ok
19:06:53.0466 4284 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:06:53.0497 4284 IntcAzAudAddService - ok
19:06:53.0521 4284 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:06:53.0522 4284 intelide - ok
19:06:53.0540 4284 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:06:53.0541 4284 intelppm - ok
19:06:53.0570 4284 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:06:53.0572 4284 IPBusEnum - ok
19:06:53.0586 4284 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:06:53.0588 4284 IpFilterDriver - ok
19:06:53.0626 4284 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:06:53.0629 4284 iphlpsvc - ok
19:06:53.0635 4284 IpInIp - ok
19:06:53.0650 4284 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:06:53.0651 4284 IPMIDRV - ok
19:06:53.0671 4284 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:06:53.0673 4284 IPNAT - ok
19:06:53.0708 4284 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:06:53.0720 4284 iPod Service - ok
19:06:53.0736 4284 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:06:53.0738 4284 IRENUM - ok
19:06:53.0757 4284 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:06:53.0759 4284 isapnp - ok
19:06:53.0793 4284 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:06:53.0795 4284 iScsiPrt - ok
19:06:53.0804 4284 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:06:53.0805 4284 iteatapi - ok
19:06:53.0819 4284 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:06:53.0820 4284 iteraid - ok
19:06:53.0837 4284 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:06:53.0838 4284 kbdclass - ok
19:06:53.0856 4284 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:06:53.0857 4284 kbdhid - ok
19:06:53.0890 4284 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
19:06:53.0892 4284 KeyIso - ok
19:06:53.0913 4284 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:06:53.0922 4284 KSecDD - ok
19:06:53.0960 4284 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:06:53.0969 4284 KtmRm - ok
19:06:54.0006 4284 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:06:54.0013 4284 LanmanServer - ok
19:06:54.0031 4284 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:06:54.0039 4284 LanmanWorkstation - ok
19:06:54.0093 4284 [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:06:54.0095 4284 LightScribeService - ok
19:06:54.0123 4284 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:06:54.0125 4284 lltdio - ok
19:06:54.0151 4284 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:06:54.0157 4284 lltdsvc - ok
19:06:54.0171 4284 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:06:54.0174 4284 lmhosts - ok
19:06:54.0192 4284 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:06:54.0194 4284 LSI_FC - ok
19:06:54.0206 4284 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:06:54.0208 4284 LSI_SAS - ok
19:06:54.0220 4284 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:06:54.0222 4284 LSI_SCSI - ok
19:06:54.0240 4284 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:06:54.0242 4284 luafv - ok
19:06:54.0255 4284 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:06:54.0257 4284 Mcx2Svc - ok
19:06:54.0279 4284 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:06:54.0281 4284 mdmxsdk - ok
19:06:54.0307 4284 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:06:54.0309 4284 megasas - ok
19:06:54.0336 4284 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:06:54.0342 4284 MegaSR - ok
19:06:54.0367 4284 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:06:54.0369 4284 MMCSS - ok
19:06:54.0375 4284 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:06:54.0376 4284 Modem - ok
19:06:54.0399 4284 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:06:54.0400 4284 monitor - ok
19:06:54.0410 4284 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:06:54.0412 4284 mouclass - ok
19:06:54.0426 4284 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\drivers\mouhid.sys
19:06:54.0427 4284 mouhid - ok
19:06:54.0451 4284 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:06:54.0453 4284 MountMgr - ok
19:06:54.0492 4284 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:06:54.0494 4284 MozillaMaintenance - ok
19:06:54.0516 4284 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:06:54.0517 4284 mpio - ok
19:06:54.0528 4284 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:06:54.0530 4284 mpsdrv - ok
19:06:54.0565 4284 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
19:06:54.0571 4284 MpsSvc - ok
19:06:54.0601 4284 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:06:54.0603 4284 Mraid35x - ok
19:06:54.0621 4284 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:06:54.0624 4284 MRxDAV - ok
19:06:54.0674 4284 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:06:54.0677 4284 mrxsmb - ok
19:06:54.0718 4284 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:06:54.0723 4284 mrxsmb10 - ok
19:06:54.0743 4284 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:06:54.0746 4284 mrxsmb20 - ok
19:06:54.0765 4284 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
19:06:54.0767 4284 msahci - ok
19:06:54.0796 4284 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:06:54.0799 4284 msdsm - ok
19:06:54.0842 4284 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:06:54.0848 4284 MSDTC - ok
19:06:54.0884 4284 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:06:54.0887 4284 Msfs - ok
19:06:54.0907 4284 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:06:54.0909 4284 msisadrv - ok
19:06:54.0935 4284 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:06:54.0939 4284 MSiSCSI - ok
19:06:54.0948 4284 msiserver - ok
19:06:54.0965 4284 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:06:54.0967 4284 MSKSSRV - ok
19:06:54.0983 4284 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:06:54.0985 4284 MSPCLOCK - ok
19:06:55.0009 4284 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:06:55.0011 4284 MSPQM - ok
19:06:55.0040 4284 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:06:55.0044 4284 MsRPC - ok
19:06:55.0065 4284 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:06:55.0066 4284 mssmbios - ok
19:06:55.0073 4284 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:06:55.0074 4284 MSTEE - ok
19:06:55.0088 4284 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
19:06:55.0090 4284 Mup - ok
19:06:55.0159 4284 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
19:06:55.0162 4284 N360 - ok
19:06:55.0190 4284 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
19:06:55.0199 4284 napagent - ok
19:06:55.0236 4284 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:06:55.0240 4284 NativeWifiP - ok
19:06:55.0296 4284 [ FA0B7D801E71CE79B915BAE5A90DE224 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120828.002\NAVENG.SYS
19:06:55.0299 4284 NAVENG - ok
19:06:55.0374 4284 [ 80BB71A7D14CF14B54514A201BF5B985 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120828.002\NAVEX15.SYS
19:06:55.0404 4284 NAVEX15 - ok
19:06:55.0447 4284 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:06:55.0455 4284 NDIS - ok
19:06:55.0468 4284 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:06:55.0470 4284 NdisTapi - ok
19:06:55.0482 4284 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:06:55.0484 4284 Ndisuio - ok
19:06:55.0513 4284 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:06:55.0515 4284 NdisWan - ok
19:06:55.0528 4284 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:06:55.0530 4284 NDProxy - ok
19:06:55.0541 4284 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:06:55.0543 4284 NetBIOS - ok
19:06:55.0563 4284 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:06:55.0566 4284 netbt - ok
19:06:55.0581 4284 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
19:06:55.0583 4284 Netlogon - ok
19:06:55.0609 4284 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:06:55.0615 4284 Netman - ok
19:06:55.0629 4284 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:06:55.0633 4284 netprofm - ok
19:06:55.0661 4284 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:06:55.0663 4284 NetTcpPortSharing - ok
19:06:55.0684 4284 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:06:55.0687 4284 nfrd960 - ok
19:06:55.0704 4284 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:06:55.0710 4284 NlaSvc - ok
19:06:55.0718 4284 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:06:55.0721 4284 Npfs - ok
19:06:55.0747 4284 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:06:55.0751 4284 nsi - ok
19:06:55.0763 4284 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:06:55.0765 4284 nsiproxy - ok
19:06:55.0805 4284 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:06:55.0828 4284 Ntfs - ok
19:06:55.0850 4284 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:06:55.0852 4284 ntrigdigi - ok
19:06:55.0872 4284 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:06:55.0875 4284 Null - ok
19:06:55.0928 4284 [ D668632606D1CEBF0B6EC64C1DF7ED6F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:06:55.0943 4284 NVENETFD - ok
19:06:56.0162 4284 [ FBBA09782F2FAC5A57619DF378BA9372 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:06:56.0505 4284 nvlddmkm - ok
19:06:56.0535 4284 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:06:56.0536 4284 nvraid - ok
19:06:56.0565 4284 [ 6F5BB0B40D251351A913B61BA9D64B3F ] nvrd32 C:\Windows\system32\drivers\nvrd32.sys
19:06:56.0568 4284 nvrd32 - ok
19:06:56.0579 4284 [ C44EE36DD84FA95EB81D79C374756003 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys
19:06:56.0580 4284 nvsmu - ok
19:06:56.0594 4284 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:06:56.0596 4284 nvstor - ok
19:06:56.0618 4284 [ 1A649B87A7B7C1220A2B16B121F2198E ] nvstor32 C:\Windows\system32\drivers\nvstor32.sys
19:06:56.0620 4284 nvstor32 - ok
19:06:56.0659 4284 [ CF7769F13B3ECC5E2BF1B3D1C5831AE8 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:06:56.0662 4284 nvsvc - ok
19:06:56.0688 4284 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:06:56.0689 4284 nv_agp - ok
19:06:56.0695 4284 NwlnkFlt - ok
19:06:56.0701 4284 NwlnkFwd - ok
19:06:56.0764 4284 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:06:56.0770 4284 odserv - ok
19:06:56.0797 4284 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:06:56.0799 4284 ohci1394 - ok
19:06:56.0827 4284 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:06:56.0829 4284 ose - ok
19:06:56.0869 4284 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:06:56.0886 4284 p2pimsvc - ok
19:06:56.0904 4284 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
19:06:56.0917 4284 p2psvc - ok
19:06:56.0950 4284 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:06:56.0952 4284 Parport - ok
19:06:56.0975 4284 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:06:56.0977 4284 partmgr - ok
19:06:56.0997 4284 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:06:56.0998 4284 Parvdm - ok
19:06:57.0016 4284 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:06:57.0021 4284 PcaSvc - ok
19:06:57.0043 4284 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
19:06:57.0046 4284 pci - ok
19:06:57.0067 4284 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
19:06:57.0069 4284 pciide - ok
19:06:57.0102 4284 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:06:57.0106 4284 pcmcia - ok
19:06:57.0155 4284 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:06:57.0173 4284 PEAUTH - ok
19:06:57.0257 4284 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:06:57.0290 4284 pla - ok
19:06:57.0319 4284 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:06:57.0328 4284 PlugPlay - ok
19:06:57.0361 4284 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:06:57.0373 4284 PNRPAutoReg - ok
19:06:57.0389 4284 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:06:57.0400 4284 PNRPsvc - ok
19:06:57.0436 4284 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:06:57.0444 4284 PolicyAgent - ok
19:06:57.0482 4284 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:06:57.0484 4284 PptpMiniport - ok
19:06:57.0493 4284 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:06:57.0495 4284 Processor - ok
19:06:57.0520 4284 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
19:06:57.0525 4284 ProfSvc - ok
19:06:57.0539 4284 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:06:57.0542 4284 ProtectedStorage - ok
19:06:57.0579 4284 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
19:06:57.0581 4284 Ps2 - ok
19:06:57.0603 4284 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:06:57.0605 4284 PSched - ok
19:06:57.0632 4284 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:06:57.0635 4284 PxHelp20 - ok
19:06:57.0699 4284 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:06:57.0720 4284 ql2300 - ok
19:06:57.0733 4284 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:06:57.0737 4284 ql40xx - ok
19:06:57.0766 4284 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:06:57.0773 4284 QWAVE - ok
19:06:57.0787 4284 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:06:57.0789 4284 QWAVEdrv - ok
19:06:57.0801 4284 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:06:57.0803 4284 RasAcd - ok
19:06:57.0820 4284 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:06:57.0825 4284 RasAuto - ok
19:06:57.0838 4284 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:06:57.0841 4284 Rasl2tp - ok
19:06:57.0862 4284 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
19:06:57.0870 4284 RasMan - ok
19:06:57.0889 4284 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:06:57.0891 4284 RasPppoe - ok
19:06:57.0914 4284 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:06:57.0917 4284 RasSstp - ok
19:06:57.0933 4284 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:06:57.0939 4284 rdbss - ok
19:06:57.0947 4284 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:06:57.0949 4284 RDPCDD - ok
19:06:57.0975 4284 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:06:57.0981 4284 rdpdr - ok
19:06:57.0990 4284 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:06:57.0992 4284 RDPENCDD - ok
19:06:58.0013 4284 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:06:58.0017 4284 RDPWD - ok
19:06:58.0057 4284 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:06:58.0061 4284 RemoteAccess - ok
19:06:58.0088 4284 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:06:58.0094 4284 RemoteRegistry - ok
19:06:58.0106 4284 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:06:58.0110 4284 RpcLocator - ok
19:06:58.0148 4284 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
19:06:58.0164 4284 RpcSs - ok
19:06:58.0186 4284 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:06:58.0187 4284 rspndr - ok
19:06:58.0197 4284 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
19:06:58.0200 4284 SamSs - ok
19:06:58.0215 4284 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:06:58.0216 4284 sbp2port - ok
19:06:58.0243 4284 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:06:58.0246 4284 SCardSvr - ok
19:06:58.0299 4284 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
19:06:58.0313 4284 Schedule - ok
19:06:58.0327 4284 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
19:06:58.0329 4284 SCPolicySvc - ok
19:06:58.0346 4284 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:06:58.0350 4284 SDRSVC - ok
19:06:58.0379 4284 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:06:58.0381 4284 secdrv - ok
19:06:58.0409 4284 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:06:58.0412 4284 seclogon - ok
19:06:58.0427 4284 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
19:06:58.0429 4284 SENS - ok
19:06:58.0445 4284 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:06:58.0447 4284 Serenum - ok
19:06:58.0457 4284 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:06:58.0460 4284 Serial - ok
19:06:58.0476 4284 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:06:58.0478 4284 sermouse - ok
19:06:58.0501 4284 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:06:58.0504 4284 SessionEnv - ok
19:06:58.0525 4284 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:06:58.0527 4284 sffdisk - ok
19:06:58.0538 4284 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:06:58.0540 4284 sffp_mmc - ok
19:06:58.0550 4284 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:06:58.0551 4284 sffp_sd - ok
19:06:58.0564 4284 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:06:58.0565 4284 sfloppy - ok
19:06:58.0593 4284 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:06:58.0597 4284 SharedAccess - ok
19:06:58.0639 4284 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:06:58.0643 4284 ShellHWDetection - ok
19:06:58.0659 4284 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:06:58.0661 4284 sisagp - ok
19:06:58.0691 4284 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:06:58.0692 4284 SiSRaid2 - ok
19:06:58.0703 4284 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:06:58.0704 4284 SiSRaid4 - ok
19:06:58.0777 4284 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
19:06:58.0816 4284 slsvc - ok
19:06:58.0844 4284 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:06:58.0849 4284 SLUINotify - ok
19:06:58.0864 4284 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:06:58.0866 4284 Smb - ok
19:06:58.0900 4284 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:06:58.0905 4284 SNMPTRAP - ok
19:06:58.0931 4284 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:06:58.0934 4284 spldr - ok
19:06:58.0971 4284 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
19:06:58.0978 4284 Spooler - ok
19:06:59.0056 4284 [ 83726CF02ECED69138948083E06B6EAC ] SRTSP C:\Windows\System32\Drivers\N360\0502020.003\SRTSP.SYS
19:06:59.0067 4284 SRTSP - ok
19:06:59.0084 4284 [ 4E7EAB2E5615D39CF1F1DF9C71E5E225 ] SRTSPX C:\Windows\system32\drivers\N360\0502020.003\SRTSPX.SYS
19:06:59.0086 4284 SRTSPX - ok
19:06:59.0134 4284 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:06:59.0140 4284 srv - ok
19:06:59.0175 4284 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:06:59.0179 4284 srv2 - ok
19:06:59.0194 4284 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:06:59.0197 4284 srvnet - ok
19:06:59.0228 4284 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:06:59.0235 4284 SSDPSRV - ok
19:06:59.0264 4284 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:06:59.0270 4284 SstpSvc - ok
19:06:59.0310 4284 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
19:06:59.0323 4284 stisvc - ok
19:06:59.0345 4284 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:06:59.0347 4284 swenum - ok
19:06:59.0383 4284 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
19:06:59.0393 4284 swprv - ok
19:06:59.0456 4284 [ EDAFA57C298461A5EA448F4B546AFB4B ] Symantec RemoteAssist C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
19:06:59.0463 4284 Symantec RemoteAssist - ok
19:06:59.0477 4284 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:06:59.0479 4284 Symc8xx - ok
19:06:59.0519 4284 [ 9BBEB8C6258E72D62E7560E6667AAD39 ] SymDS C:\Windows\system32\drivers\N360\0502020.003\SYMDS.SYS
19:06:59.0525 4284 SymDS - ok
19:06:59.0554 4284 [ D5C02629C02A820A7E71BCA3D44294A3 ] SymEFA C:\Windows\system32\drivers\N360\0502020.003\SYMEFA.SYS
19:06:59.0564 4284 SymEFA - ok
19:06:59.0585 4284 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
19:06:59.0589 4284 SymEvent - ok
19:06:59.0603 4284 [ A73399804D5D4A8B20BA60FCF70C9F1F ] SymIRON C:\Windows\system32\drivers\N360\0502020.003\Ironx86.SYS
19:06:59.0606 4284 SymIRON - ok
19:06:59.0622 4284 [ D42A7229E333AF725F1445F785E4658D ] SYMTDIv C:\Windows\System32\Drivers\N360\0502020.003\SYMTDIV.SYS
19:06:59.0627 4284 SYMTDIv - ok
19:06:59.0653 4284 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:06:59.0654 4284 Sym_hi - ok
19:06:59.0671 4284 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:06:59.0673 4284 Sym_u3 - ok
19:06:59.0711 4284 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
19:06:59.0720 4284 SysMain - ok
19:06:59.0735 4284 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:06:59.0738 4284 TabletInputService - ok
19:06:59.0755 4284 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:06:59.0761 4284 TapiSrv - ok
19:06:59.0769 4284 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:06:59.0772 4284 TBS - ok
19:06:59.0825 4284 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:06:59.0838 4284 Tcpip - ok
19:06:59.0857 4284 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:06:59.0866 4284 Tcpip6 - ok
19:06:59.0887 4284 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:06:59.0889 4284 tcpipreg - ok
19:06:59.0902 4284 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:06:59.0904 4284 TDPIPE - ok
19:06:59.0917 4284 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:06:59.0919 4284 TDTCP - ok
19:06:59.0934 4284 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:06:59.0937 4284 tdx - ok
19:06:59.0952 4284 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:06:59.0955 4284 TermDD - ok
19:06:59.0992 4284 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
19:07:00.0004 4284 TermService - ok
19:07:00.0023 4284 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
19:07:00.0030 4284 Themes - ok
19:07:00.0049 4284 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:07:00.0051 4284 THREADORDER - ok
19:07:00.0071 4284 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:07:00.0077 4284 TrkWks - ok
19:07:00.0112 4284 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:07:00.0113 4284 TrustedInstaller - ok
19:07:00.0125 4284 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:00.0127 4284 tssecsrv - ok
19:07:00.0142 4284 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:07:00.0144 4284 tunmp - ok
19:07:00.0154 4284 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:07:00.0155 4284 tunnel - ok
19:07:00.0176 4284 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:07:00.0177 4284 uagp35 - ok
19:07:00.0194 4284 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:07:00.0197 4284 udfs - ok
19:07:00.0225 4284 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:07:00.0229 4284 UI0Detect - ok
19:07:00.0241 4284 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:07:00.0242 4284 uliagpkx - ok
19:07:00.0260 4284 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:07:00.0264 4284 uliahci - ok
19:07:00.0280 4284 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:07:00.0282 4284 UlSata - ok
19:07:00.0302 4284 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:07:00.0304 4284 ulsata2 - ok
19:07:00.0321 4284 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:07:00.0323 4284 umbus - ok
19:07:00.0340 4284 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:07:00.0346 4284 upnphost - ok
19:07:00.0391 4284 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:07:00.0392 4284 USBAAPL - ok
19:07:00.0420 4284 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:00.0422 4284 usbccgp - ok
19:07:00.0456 4284 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:07:00.0457 4284 usbcir - ok
19:07:00.0546 4284 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:07:00.0547 4284 usbehci - ok
19:07:00.0562 4284 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:07:00.0566 4284 usbhub - ok
19:07:00.0596 4284 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:07:00.0598 4284 usbohci - ok
19:07:00.0613 4284 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:07:00.0614 4284 usbprint - ok
19:07:00.0643 4284 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:07:00.0644 4284 usbscan - ok
19:07:00.0656 4284 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:00.0658 4284 USBSTOR - ok
19:07:00.0679 4284 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:07:00.0681 4284 usbuhci - ok
19:07:00.0704 4284 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
19:07:00.0707 4284 UxSms - ok
19:07:00.0727 4284 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
19:07:00.0734 4284 vds - ok
19:07:00.0744 4284 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:00.0745 4284 vga - ok
19:07:00.0761 4284 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:07:00.0762 4284 VgaSave - ok
19:07:00.0779 4284 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:07:00.0781 4284 viaagp - ok
19:07:00.0797 4284 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:07:00.0799 4284 ViaC7 - ok
19:07:00.0820 4284 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:07:00.0822 4284 viaide - ok
19:07:00.0842 4284 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:07:00.0844 4284 volmgr - ok
19:07:00.0861 4284 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:07:00.0868 4284 volmgrx - ok
19:07:00.0878 4284 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:07:00.0882 4284 volsnap - ok
19:07:00.0907 4284 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:07:00.0911 4284 vsmraid - ok
19:07:00.0960 4284 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
19:07:00.0982 4284 VSS - ok
19:07:01.0006 4284 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
19:07:01.0013 4284 W32Time - ok
19:07:01.0037 4284 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:07:01.0039 4284 WacomPen - ok
19:07:01.0062 4284 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:07:01.0064 4284 Wanarp - ok
19:07:01.0070 4284 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:07:01.0071 4284 Wanarpv6 - ok
19:07:01.0097 4284 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:07:01.0105 4284 wcncsvc - ok
19:07:01.0126 4284 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:07:01.0129 4284 WcsPlugInService - ok
19:07:01.0141 4284 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:07:01.0143 4284 Wd - ok
19:07:01.0164 4284 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:07:01.0169 4284 Wdf01000 - ok
19:07:01.0182 4284 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:07:01.0185 4284 WdiServiceHost - ok
19:07:01.0190 4284 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:07:01.0193 4284 WdiSystemHost - ok
19:07:01.0205 4284 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
19:07:01.0210 4284 WebClient - ok
19:07:01.0247 4284 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:07:01.0251 4284 Wecsvc - ok
19:07:01.0268 4284 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:07:01.0271 4284 wercplsupport - ok
19:07:01.0296 4284 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
19:07:01.0299 4284 WerSvc - ok
19:07:01.0334 4284 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:07:01.0343 4284 winachsf - ok
19:07:01.0387 4284 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:07:01.0391 4284 WinDefend - ok
19:07:01.0402 4284 WinHttpAutoProxySvc - ok
19:07:01.0456 4284 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:07:01.0458 4284 Winmgmt - ok
19:07:01.0517 4284 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:07:01.0534 4284 WinRM - ok
19:07:01.0588 4284 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:07:01.0599 4284 Wlansvc - ok
19:07:01.0621 4284 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:07:01.0623 4284 WmiAcpi - ok
19:07:01.0655 4284 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:07:01.0658 4284 wmiApSrv - ok
19:07:01.0720 4284 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:07:01.0732 4284 WMPNetworkSvc - ok
19:07:01.0755 4284 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:07:01.0760 4284 WPCSvc - ok
19:07:01.0774 4284 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:07:01.0778 4284 WPDBusEnum - ok
19:07:01.0813 4284 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:07:01.0815 4284 WpdUsb - ok
19:07:01.0919 4284 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:07:01.0934 4284 WPFFontCache_v0400 - ok
19:07:01.0966 4284 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:07:01.0968 4284 ws2ifsl - ok
19:07:01.0998 4284 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
19:07:02.0004 4284 wscsvc - ok
19:07:02.0012 4284 WSearch - ok
19:07:02.0108 4284 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
19:07:02.0149 4284 wuauserv - ok
19:07:02.0177 4284 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:02.0179 4284 WUDFRd - ok
19:07:02.0197 4284 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:07:02.0203 4284 wudfsvc - ok
19:07:02.0235 4284 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
19:07:02.0236 4284 XAudio - ok
19:07:02.0261 4284 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
19:07:02.0268 4284 XAudioService - ok
19:07:02.0279 4284 ================ Scan global ===============================
19:07:02.0297 4284 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:07:02.0344 4284 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:07:02.0366 4284 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:07:02.0401 4284 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
19:07:02.0410 4284 [Global] - ok
19:07:02.0411 4284 ================ Scan MBR ==================================
19:07:02.0421 4284 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
19:07:02.0838 4284 \Device\Harddisk0\DR0 - ok
19:07:02.0842 4284 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
19:07:02.0846 4284 \Device\Harddisk1\DR1 - ok
19:07:02.0847 4284 ================ Scan VBR ==================================
19:07:02.0850 4284 [ 157E3D159AD7FCF4752413E39591D102 ] \Device\Harddisk0\DR0\Partition1
19:07:02.0851 4284 \Device\Harddisk0\DR0\Partition1 - ok
19:07:02.0856 4284 [ F06F811F7BA0F01B1A5C68D3CEACEA21 ] \Device\Harddisk0\DR0\Partition2
19:07:02.0858 4284 \Device\Harddisk0\DR0\Partition2 - ok
19:07:02.0863 4284 [ BD587CFB09EDFE46C4305F9B18DA2745 ] \Device\Harddisk1\DR1\Partition1
19:07:02.0864 4284 \Device\Harddisk1\DR1\Partition1 - ok
19:07:02.0865 4284 ============================================================
19:07:02.0865 4284 Scan finished
19:07:02.0865 4284 ============================================================
19:07:02.0880 3660 Detected object count: 0
19:07:02.0880 3660 Actual detected object count: 0

#6 RavenJMK

RavenJMK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 28 August 2012 - 06:13 PM

Here is the aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-28 19:11:24
-----------------------------
19:11:24.907 OS Version: Windows 6.0.6001 Service Pack 1
19:11:24.908 Number of processors: 3 586 0x202
19:11:24.909 ComputerName: KOPAC-PC UserName: Kopac
19:11:27.434 Initialize success
19:11:43.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
19:11:43.056 Disk 0 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 6
19:11:43.061 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000059
19:11:43.066 Disk 1 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 6
19:11:43.076 Disk 0 MBR read successfully
19:11:43.084 Disk 0 MBR scan
19:11:43.090 Disk 0 unknown MBR code
19:11:43.096 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 295680 MB offset 63
19:11:43.134 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9562 MB offset 605554110
19:11:43.143 Disk 0 scanning sectors +625137345
19:11:43.199 Disk 0 scanning C:\Windows\system32\drivers
19:11:47.865 Service scanning
19:12:05.026 Modules scanning
19:12:13.888 Disk 0 trace - called modules:
19:12:14.263 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
19:12:14.273 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86149ac8]
19:12:14.282 3 CLASSPNP.SYS[80736745] -> nt!IofCallDriver -> [0x846b0428]
19:12:14.292 5 acpi.sys[806136a0] -> nt!IofCallDriver -> \Device\00000058[0x846b0030]
19:12:14.302 Scan finished successfully
19:12:34.008 Disk 0 MBR has been saved successfully to "C:\Users\Kopac\Desktop\MBR.dat"
19:12:34.015 The log file has been saved successfully to "C:\Users\Kopac\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 28 August 2012 - 07:44 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:


ClearJavaCache::

Folder::
c:\program files\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 RavenJMK

RavenJMK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 28 August 2012 - 10:46 PM

Here is the Combofix log. Computer speed is okay, but the issue still persists. I'm still getting redirected when I click on google links. I'm starting to see more redirections toward business advertising sites now.


ComboFix 12-08-25.04 - Kopac 08/28/2012 23:31:07.2.3 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1338 [GMT -4:00]
Running from: c:\users\Kopac\Desktop\ComboFix.exe
Command switches used :: c:\users\Kopac\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 03:39 . 2012-08-29 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-28 21:19 . 2012-08-28 21:19 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11D650A5-FB89-40E1-AADA-5016684672FF}\offreg.dll
2012-08-28 20:57 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11D650A5-FB89-40E1-AADA-5016684672FF}\mpengine.dll
2012-08-20 01:59 . 2012-08-20 02:00 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-20 00:56 . 2012-08-20 00:55 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-20 00:56 . 2012-08-20 00:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-20 00:52 . 2012-08-20 00:52 -------- d-----w- c:\programdata\McAfee
2012-08-20 00:15 . 2012-08-20 00:15 -------- d-----w- c:\program files\Enigma Software Group
2012-08-20 00:14 . 2012-08-20 00:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-19 06:41 . 2012-08-26 23:34 -------- d-----w- c:\users\Kopac\AppData\Local\NPE
2012-08-19 06:32 . 2012-08-19 06:43 -------- d-----w- c:\program files\Common Files\PC Tools
2012-08-19 06:31 . 2012-08-19 06:31 -------- d-----w- c:\programdata\PC Tools
2012-08-19 06:31 . 2012-08-19 06:31 -------- d-----w- c:\users\Kopac\AppData\Roaming\TestApp
2012-08-19 05:18 . 2012-08-19 05:18 -------- d-----w- c:\programdata\Sophos
2012-08-19 04:45 . 2012-08-19 04:45 -------- d-----w- c:\programdata\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 00:55 . 2011-06-27 16:54 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-20 16:54 . 2012-01-30 04:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-05-31 16:25 . 2011-06-23 21:04 237072 ------w- c:\windows\system32\MpSigStub.exe
2007-08-09 17:08 . 2008-05-26 00:36 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 17:10 . 2008-05-26 00:36 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll
2012-07-19 01:33 . 2011-06-27 06:04 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-04-01 02:47 . 2008-05-26 00:30 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
.
c:\users\Kopac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Kopac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Disney Vacation Connection.lnk]
path=c:\users\Kopac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk
backup=c:\windows\pss\Disney Vacation Connection.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-11 17:58 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94859502
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 94859502
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-24 23:07]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-24 23:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-28 23:39
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-28 23:41:18
ComboFix-quarantined-files.txt 2012-08-29 03:41
ComboFix2.txt 2012-08-27 23:15
.
Pre-Run: 161,755,197,440 bytes free
Post-Run: 161,735,028,736 bytes free
.
- - End Of File - - 40FD1662B2DD24E4E18CF3EF29E4C469

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 28 August 2012 - 10:58 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 RavenJMK

RavenJMK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 29 August 2012 - 12:04 AM

OTL logfile created on: 8/29/2012 12:54:19 AM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Kopac\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 44.74% Memory free
5.96 Gb Paging File | 4.47 Gb Available in Paging File | 75.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.75 Gb Total Space | 150.67 Gb Free Space | 52.18% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 0.89 Gb Free Space | 9.53% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 297.81 Gb Free Space | 99.91% Space Free | Partition Type: NTFS

Computer Name: KOPAC-PC | User Name: Kopac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kopac\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton 360\Engine\5.2.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8837c17e16a1ebba04a1f625977bc907\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (catchme) -- C:\Users\Kopac\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\Kopac\AppData\Local\Temp\aswMBR.sys File not found
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120828.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120828.018\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120828.018\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120823.005\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{112C8BEB-139B-4E60-81F5-6252AD887ACF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{9881B95A-B992-4A1E-9502-AFE980852AED}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes\{112C8BEB-139B-4E60-81F5-6252AD887ACF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C615679D-7DAA-4140-828F-60E981E9E487&apn_sauid=F438B96F-F3E3-481E-8088-37F65EE570B1
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes\{9881B95A-B992-4A1E-9502-AFE980852AED}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Kopac\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Kopac\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/08/18 19:19:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_10_1 [2012/08/28 16:43:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 21:33:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/26 19:31:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Kopac\AppData\Roaming\Move Networks [2009/07/17 00:00:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/18 21:33:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/26 19:31:19 | 000,000,000 | ---D | M]

[2009/02/22 21:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Extensions
[2012/08/12 08:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions
[2011/06/24 12:50:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/18 21:27:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\toolbar@ask.com
[2009/12/14 02:47:54 | 000,004,546 | ---- | M] () -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\searchplugins\aim-search.xml
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\searchplugins\askcom.xml
[2011/07/15 21:12:04 | 000,002,469 | ---- | M] () -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\searchplugins\safesearch.xml
[2012/04/26 23:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/08/18 19:19:06 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
[2008/01/20 22:23:50 | 000,004,804 | ---- | M] () (No name found) -- C:\USERS\KOPAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\673LGV0Z.DEFAULT\EXTENSIONS\BCZYXSBRQV@BCZYXSBRQV.ORG.XPI
[2012/07/18 21:33:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/03/31 22:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2012/06/20 12:54:54 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:54:56 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2008/01/17 13:17:00 | 002,609,152 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npRACtrl.dll
[2007/08/09 13:08:00 | 000,008,784 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
[2007/08/09 13:10:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\unicows.dll
[2012/02/26 18:22:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/26 18:22:55 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/28 23:39:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99548072-20AC-4D5B-90FF-3CEB80C05D01}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 19:23:49 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/29 00:53:14 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Kopac\Desktop\OTL.exe
[2012/08/28 23:41:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/28 23:29:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/28 19:10:22 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kopac\Desktop\aswMBR.exe
[2012/08/28 19:06:11 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kopac\Desktop\tdsskiller.exe
[2012/08/27 19:01:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/27 19:01:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/27 19:01:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/27 18:57:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/27 18:57:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/27 18:55:46 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\Kopac\Desktop\ComboFix.exe
[2012/08/26 19:13:35 | 000,000,000 | ---D | C] -- C:\Users\Kopac\Documents\Avery Templates
[2012/08/19 20:56:54 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/19 20:56:54 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/19 20:56:06 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/19 20:56:06 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/19 20:56:06 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/08/19 20:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/19 20:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/19 20:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/08/19 02:41:19 | 000,000,000 | ---D | C] -- C:\Users\Kopac\AppData\Local\NPE
[2012/08/19 02:40:32 | 002,841,104 | ---- | C] (Symantec Corporation) -- C:\Users\Kopac\Desktop\NPE.exe
[2012/08/19 02:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/08/19 02:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/08/19 02:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/19 02:31:15 | 000,000,000 | ---D | C] -- C:\Users\Kopac\AppData\Roaming\TestApp
[2012/08/19 01:18:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/08/19 00:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2008/07/15 15:18:45 | 000,308,600 | ---- | C] (Symantec Corporation) -- C:\ProgramData\NortonProtectionMemo.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/29 00:53:19 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Kopac\Desktop\OTL.exe
[2012/08/29 00:43:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 00:43:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/28 23:39:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/28 20:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/28 19:12:34 | 000,000,512 | ---- | M] () -- C:\Users\Kopac\Desktop\MBR.dat
[2012/08/28 19:11:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kopac\Desktop\aswMBR.exe
[2012/08/28 19:06:36 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kopac\Desktop\tdsskiller.exe
[2012/08/28 16:49:16 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/28 16:49:16 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/28 16:43:04 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/28 16:43:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/28 16:42:54 | 3085,352,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/27 20:50:31 | 000,002,627 | ---- | M] () -- C:\Users\Kopac\Desktop\Microsoft Office Word 2007.lnk
[2012/08/27 18:56:44 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\Kopac\Desktop\ComboFix.exe
[2012/08/27 18:50:56 | 000,881,581 | ---- | M] () -- C:\Users\Kopac\Desktop\SecurityCheck.exe
[2012/08/26 19:31:20 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/08/25 21:13:32 | 000,000,000 | ---- | M] () -- C:\Users\Kopac\defogger_reenable
[2012/08/25 21:12:39 | 000,050,477 | ---- | M] () -- C:\Users\Kopac\Desktop\Defogger.exe
[2012/08/25 18:00:00 | 000,023,552 | ---- | M] () -- C:\Users\Kopac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/21 01:46:32 | 000,332,948 | ---- | M] () -- C:\Users\Kopac\Baseball%20Card.pdf
[2012/08/19 20:55:29 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/08/19 20:55:24 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/19 20:55:24 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/08/19 20:55:24 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/19 20:55:24 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/19 20:55:24 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/19 02:41:06 | 002,841,104 | ---- | M] (Symantec Corporation) -- C:\Users\Kopac\Desktop\NPE.exe
[2012/08/19 02:34:15 | 002,132,121 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/08/18 18:57:06 | 000,000,104 | ---- | M] () -- C:\Users\Kopac\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/16 00:14:27 | 000,000,090 | ---- | M] () -- C:\Users\Kopac\Desktop\Beth Newingham's Third Grade.URL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/28 19:12:34 | 000,000,512 | ---- | C] () -- C:\Users\Kopac\Desktop\MBR.dat
[2012/08/27 19:01:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/27 19:01:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/27 19:01:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/27 19:01:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/27 19:01:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/27 18:50:39 | 000,881,581 | ---- | C] () -- C:\Users\Kopac\Desktop\SecurityCheck.exe
[2012/08/26 19:31:19 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2012/08/26 19:31:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012/08/25 21:13:32 | 000,000,000 | ---- | C] () -- C:\Users\Kopac\defogger_reenable
[2012/08/25 21:12:39 | 000,050,477 | ---- | C] () -- C:\Users\Kopac\Desktop\Defogger.exe
[2012/08/21 01:46:32 | 000,332,948 | ---- | C] () -- C:\Users\Kopac\Baseball%20Card.pdf
[2012/08/19 02:33:03 | 002,132,121 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/08/18 18:57:06 | 000,000,104 | ---- | C] () -- C:\Users\Kopac\Desktop\Recycle Bin - Shortcut.lnk
[2012/08/16 00:14:27 | 000,000,090 | ---- | C] () -- C:\Users\Kopac\Desktop\Beth Newingham's Third Grade.URL
[2010/09/11 21:20:28 | 000,000,995 | ---- | C] () -- C:\Users\Kopac\.powerschool_gradebook.properties
[2010/09/11 20:14:30 | 000,000,012 | ---- | C] () -- C:\Users\Kopac\.gradebook_userdict.tlx
[2009/09/21 10:46:47 | 000,000,124 | ---- | C] () -- C:\Users\Kopac\webct_upload_applet.properties
[2008/08/13 15:40:36 | 000,030,981 | ---- | C] () -- C:\Users\Kopac\meant2be.jpg
[2008/08/13 11:11:25 | 000,003,054 | ---- | C] () -- C:\Users\Kopac\AppData\Roaming\wklnhst.dat
[2008/05/26 18:35:33 | 000,023,552 | ---- | C] () -- C:\Users\Kopac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 29 August 2012 - 07:54 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    IE - HKLM\..\SearchScopes\{112C8BEB-139B-4E60-81F5-6252AD887ACF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
    IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes\{112C8BEB-139B-4E60-81F5-6252AD887ACF}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C615679D-7DAA-4140-828F-60E981E9E487&apn_sauid=F438B96F-F3E3-481E-8088-37F65EE570B1
    IE - HKU\S-1-5-21-2619356201-3634081902-1367565454-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=5
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    [2012/04/18 21:27:29 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\toolbar@ask.com
    [2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\searchplugins\askcom.xml
    [2008/01/20 22:23:50 | 000,004,804 | ---- | M] () (No name found) -- C:\USERS\KOPAC\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\673LGV0Z.DEFAULT\EXTENSIONS\BCZYXSBRQV@BCZYXSBRQV.ORG.XPI
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 RavenJMK

RavenJMK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 29 August 2012 - 11:18 PM

Well, I haven't had any redirects in the last hour! :dance:
Here is the log.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{112C8BEB-139B-4E60-81F5-6252AD887ACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{112C8BEB-139B-4E60-81F5-6252AD887ACF}\ not found.
HKEY_USERS\S-1-5-21-2619356201-3634081902-1367565454-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2619356201-3634081902-1367565454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{112C8BEB-139B-4E60-81F5-6252AD887ACF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{112C8BEB-139B-4E60-81F5-6252AD887ACF}\ not found.
Registry key HKEY_USERS\S-1-5-21-2619356201-3634081902-1367565454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2619356201-3634081902-1367565454-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\searchplugins\askcom.xml moved successfully.
C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\673lgv0z.default\extensions\bczyxsbrqv@bczyxsbrqv.org.xpi moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kopac\Desktop\cmd.bat deleted successfully.
C:\Users\Kopac\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kopac
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kopac
->Flash cache emptied: 56996 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 08292012_190025

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 29 August 2012 - 11:44 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8.1.2
Ask Toolbar
Ask Toolbar Updater
Java™ SE Runtime Environment 6 Update 1
Viewpoint Media Player
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 RavenJMK

RavenJMK
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 31 August 2012 - 07:51 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.31.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Kopac :: KOPAC-PC [administrator]

8/31/2012 8:37:16 AM
mbam-log-2012-08-31 (08-37-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199069
Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:48:22 AM, on 8/31/2012
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Kopac\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.2.3\IPS\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.2.3\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.2.3\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8698 bytes

Still no redirects! :)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 31 August 2012 - 08:03 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users