Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect - No Luck Removing Need Help


  • This topic is locked This topic is locked
29 replies to this topic

#1 hop16

hop16

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 25 November 2012 - 07:44 PM

Wife's PC is infected with the Google redirect. I have tried the following based on advice from other forums and the issue still prevails

tdsskiller.exe
FixTDSS.exe
ComboFix.exe
Malwarebytes mbar.exe (saw this one here figured I'd give it a whirl - said no issues found)

Primarily using Firefox 16.0.2 and the redirect does not always happen but when it does it frequently goes to

http://answersdev.nixxie.com
http://beesq.net
http://8.26.70.252 or other IP

DDS:

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2412 [GMT -8:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan enterprise\ScriptCl.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227983072093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{A1224363-78F3-4DAF-843D-28E8B17DB480} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{D839B607-66EA-470E-87CA-16F1409582EC} : DHCPNameServer = 68.87.69.150 68.87.85.102 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nicole\application data\mozilla\firefox\profiles\rxb85v3t.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-6-23 150568]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-7-28 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2010-7-28 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2010-7-28 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2010-7-28 168776]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-25 35144]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-8-13 816672]
.
=============== Created Last 30 ================
.
2012-11-26 00:16:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-26 00:16:34 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-25 23:16:19 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-11-25 23:16:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-11-25 22:25:30 -------- d-sha-r- C:\cmdcons
2012-11-25 22:24:51 -------- d-----w- C:\ComboFix
2012-11-25 21:19:08 -------- d-----w- C:\XPSP3
2012-11-25 21:18:29 -------- d-----w- C:\XPCD
2012-11-24 04:18:54 208896 ----a-w- c:\windows\MBR.exe
2012-11-24 04:18:51 98816 ----a-w- c:\windows\sed.exe
2012-11-24 04:18:51 256000 ----a-w- c:\windows\PEV.exe
.
==================== Find3M ====================
.
2012-11-26 00:16:21 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 01:55:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 01:55:16 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 16:26:05.67 ===============

Thanks in advance.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 27 November 2012 - 07:47 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 30 November 2012 - 09:21 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 30 November 2012 - 11:48 PM

Hi Gringo, thanks for your help. I checked early in the week and did not see a reply at that time
and have not had opportunity to check until now. I will begin the processes you have outlined tomorrow (sat)and post the results.
~hop

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 30 November 2012 - 11:57 PM

no problem and see you then



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 01 December 2012 - 03:35 PM

Gringo...here is the results of the checkup - will run and post adw next

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee VirusScan Enterprise
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0)
Mozilla Thunderbird 16.0.2 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise Mcshield.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise SHSTAT.EXE
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#7 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 01 December 2012 - 03:41 PM

Here is ADW

# AdwCleaner v2.010 - Logfile created 12/01/2012 at 12:37:04
# Updated 29/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Nicole - GMATWO
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Nicole\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Documents and Settings\GmaJean\Application Data\Mozilla\Firefox\Profiles\pejp2ens.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Documents and Settings\Nicole\Application Data\Mozilla\Firefox\Profiles\rxb85v3t.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [995 octets] - [01/12/2012 12:37:04]

########## EOF - C:\AdwCleaner[S1].txt - [1054 octets] ##########

#8 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 01 December 2012 - 03:50 PM

Here is RogueKiller

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Nicole [Admin rights]
Mode : Remove -- Date : 12/01/2012 12:47:25

Bad processes : 0

Registry Entries : 4
[RUN][NOTFOUND] HKUS\S-1-5-19_Classes[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\Nicole\Local Settings\Application Data\Unity\Microsoft Help\fmzqwf.dll",DllRegisterServerW) -> DELETED
[RUN][NOTFOUND] HKUS\S-1-5-20_Classes[...]\Run : Microsoft Help (rundll32.exe "C:\Documents and Settings\Nicole\Local Settings\Application Data\Unity\Microsoft Help\fmzqwf.dll",DllRegisterServerW) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: WDC WD5000AAKS-00A7B0 +++++
--- User ---
[MBR] 184fca5ab0451e9af632fcbe0d97ceb8
[BSP] 45fe90d2966aa5c2d84bfc9d5bc6c90e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12012012_02d1247.txt >>
RKreport[1]_S_12012012_02d1244.txt ; RKreport[2]_D_12012012_02d1247.txt

#9 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 01 December 2012 - 03:56 PM

Gringo just did a quick test

Opened tab in Firefox searched for coke in google bar
Clicked the coke.com link and was redirected to http://www.homeimprovementcare.com
Repeated the process
clicked the wikipedia.com link for coke and was redirected to http://infomash.org

~Hop

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 01 December 2012 - 06:00 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 01 December 2012 - 06:35 PM

Gringo...here is the combofix log:

After running combofix I opened Firefox and in the search box top right of browser with google as default engine typed baseball
on the google results page I clicked on a link for wikipedia baseball and it took me to http://8.26.70.252 with a page full of links with click2.efacts.com. I hit the back button and tried several more links on the page and noticed that I get a warning across the top that says firefox prevented this page from automatically redirecting to another site...has a button at the far right labeled Allow? However, I was able to get to the sites that I was attempting to go to.

ComboFix 12-12-01.02 - Nicole 12/01/2012 15:14:33.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2793 [GMT -8:00]
Running from: c:\documents and settings\Nicole\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-11-26 00:17 . 2012-11-26 00:17 -------- d-----w- c:\program files\Common Files\Java
2012-11-26 00:16 . 2012-11-26 00:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-26 00:16 . 2012-11-26 00:16 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-26 00:16 . 2012-11-26 00:16 -------- d-----w- c:\program files\Java
2012-11-25 23:16 . 2012-11-25 23:16 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-11-25 23:16 . 2012-11-25 23:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-11-25 21:19 . 2012-11-25 21:44 -------- d-----w- C:\XPSP3
2012-11-25 21:18 . 2012-11-25 21:19 -------- d-----w- C:\XPCD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-26 00:16 . 2010-04-25 03:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-22 08:37 . 2002-08-29 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 01:55 . 2012-05-14 17:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 01:55 . 2011-10-28 00:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2002-08-29 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-11-26 00:40 . 2012-11-26 00:40 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-29 140640]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-29 1634112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Diablo III\\Diablo III.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1267\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=
.
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [6/23/2008 2:21 PM 150568]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [11/25/2012 3:16 PM 35144]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 01:55]
.
2012-12-01 c:\windows\Tasks\User_Feed_Synchronization-{96E2A570-5E01-4DEC-B94C-F687CE74935C}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nicole\Application Data\Mozilla\Firefox\Profiles\rxb85v3t.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-25 16:40; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-01 15:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2728)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-01 15:22:48
ComboFix-quarantined-files.txt 2012-12-01 23:22
ComboFix2.txt 2012-11-25 22:32
ComboFix3.txt 2012-11-24 04:28
.
Pre-Run: 440,672,174,080 bytes free
Post-Run: 440,696,418,304 bytes free
.
- - End Of File - - F1DB50DD8FDAA10B85373C3A4E51105A

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 01 December 2012 - 09:51 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 03 December 2012 - 12:41 AM

Gringo here is TDSKILLER - no threats found


21:36:31.0031 2492 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:36:31.0453 2492 ============================================================
21:36:31.0453 2492 Current date / time: 2012/12/02 21:36:31.0453
21:36:31.0453 2492 SystemInfo:
21:36:31.0453 2492
21:36:31.0453 2492 OS Version: 5.1.2600 ServicePack: 3.0
21:36:31.0453 2492 Product type: Workstation
21:36:31.0453 2492 ComputerName: GMATWO
21:36:31.0453 2492 UserName: Nicole
21:36:31.0453 2492 Windows directory: C:\WINDOWS
21:36:31.0453 2492 System windows directory: C:\WINDOWS
21:36:31.0453 2492 Processor architecture: Intel x86
21:36:31.0453 2492 Number of processors: 2
21:36:31.0453 2492 Page size: 0x1000
21:36:31.0453 2492 Boot type: Normal boot
21:36:31.0453 2492 ============================================================
21:36:32.0703 2492 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
21:36:32.0703 2492 ============================================================
21:36:32.0703 2492 \Device\Harddisk0\DR0:
21:36:32.0703 2492 MBR partitions:
21:36:32.0703 2492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:36:32.0703 2492 ============================================================
21:36:32.0734 2492 C: <-> \Device\Harddisk0\DR0\Partition1
21:36:32.0734 2492 ============================================================
21:36:32.0734 2492 Initialize success
21:36:32.0734 2492 ============================================================
21:36:55.0125 2688 ============================================================
21:36:55.0125 2688 Scan started
21:36:55.0125 2688 Mode: Manual;
21:36:55.0125 2688 ============================================================
21:36:55.0250 2688 ================ Scan system memory ========================
21:36:55.0250 2688 System memory - ok
21:36:55.0250 2688 ================ Scan services =============================
21:36:55.0328 2688 Abiosdsk - ok
21:36:55.0328 2688 abp480n5 - ok
21:36:55.0359 2688 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:36:55.0359 2688 ACPI - ok
21:36:55.0375 2688 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
21:36:55.0390 2688 ACPIEC - ok
21:36:55.0406 2688 [ F277C43C2E0672EED28CCA0D13CE175F ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:36:55.0484 2688 ADIHdAudAddService - ok
21:36:55.0546 2688 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:55.0546 2688 AdobeFlashPlayerUpdateSvc - ok
21:36:55.0546 2688 adpu160m - ok
21:36:55.0562 2688 [ FFF87A9B1AB36EE4B7BEC98A4CB01B79 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
21:36:55.0609 2688 AEAudio - ok
21:36:55.0625 2688 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
21:36:55.0625 2688 aec - ok
21:36:55.0656 2688 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
21:36:55.0703 2688 AFD - ok
21:36:55.0703 2688 Aha154x - ok
21:36:55.0718 2688 aic78u2 - ok
21:36:55.0718 2688 aic78xx - ok
21:36:55.0734 2688 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
21:36:55.0734 2688 Alerter - ok
21:36:55.0750 2688 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
21:36:55.0750 2688 ALG - ok
21:36:55.0750 2688 AliIde - ok
21:36:55.0765 2688 amsint - ok
21:36:55.0781 2688 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
21:36:55.0781 2688 AppMgmt - ok
21:36:55.0796 2688 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:36:55.0796 2688 Arp1394 - ok
21:36:55.0796 2688 asc - ok
21:36:55.0796 2688 asc3350p - ok
21:36:55.0796 2688 asc3550 - ok
21:36:55.0859 2688 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
21:36:55.0906 2688 aspnet_state - ok
21:36:55.0921 2688 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:36:55.0921 2688 AsyncMac - ok
21:36:55.0937 2688 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
21:36:55.0937 2688 atapi - ok
21:36:55.0937 2688 Atdisk - ok
21:36:55.0968 2688 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:36:55.0968 2688 Atmarpc - ok
21:36:56.0000 2688 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
21:36:56.0000 2688 AudioSrv - ok
21:36:56.0031 2688 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
21:36:56.0031 2688 audstub - ok
21:36:56.0062 2688 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
21:36:56.0062 2688 Beep - ok
21:36:56.0093 2688 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
21:36:56.0109 2688 BITS - ok
21:36:56.0140 2688 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
21:36:56.0171 2688 Browser - ok
21:36:56.0234 2688 catchme - ok
21:36:56.0250 2688 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
21:36:56.0250 2688 cbidf2k - ok
21:36:56.0250 2688 cd20xrnt - ok
21:36:56.0265 2688 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
21:36:56.0265 2688 Cdaudio - ok
21:36:56.0265 2688 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
21:36:56.0281 2688 Cdfs - ok
21:36:56.0296 2688 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:36:56.0296 2688 Cdrom - ok
21:36:56.0312 2688 Changer - ok
21:36:56.0328 2688 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
21:36:56.0328 2688 CiSvc - ok
21:36:56.0343 2688 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
21:36:56.0343 2688 ClipSrv - ok
21:36:56.0375 2688 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:56.0421 2688 clr_optimization_v2.0.50727_32 - ok
21:36:56.0421 2688 CmdIde - ok
21:36:56.0421 2688 COMSysApp - ok
21:36:56.0421 2688 Cpqarray - ok
21:36:56.0437 2688 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
21:36:56.0437 2688 CryptSvc - ok
21:36:56.0453 2688 dac2w2k - ok
21:36:56.0453 2688 dac960nt - ok
21:36:56.0484 2688 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
21:36:56.0484 2688 DcomLaunch - ok
21:36:56.0515 2688 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
21:36:56.0515 2688 Dhcp - ok
21:36:56.0515 2688 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
21:36:56.0515 2688 Disk - ok
21:36:56.0515 2688 dmadmin - ok
21:36:56.0546 2688 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
21:36:56.0578 2688 dmboot - ok
21:36:56.0593 2688 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
21:36:56.0593 2688 dmio - ok
21:36:56.0593 2688 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
21:36:56.0609 2688 dmload - ok
21:36:56.0609 2688 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
21:36:56.0609 2688 dmserver - ok
21:36:56.0609 2688 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
21:36:56.0625 2688 DMusic - ok
21:36:56.0625 2688 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
21:36:56.0656 2688 Dnscache - ok
21:36:56.0687 2688 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
21:36:56.0687 2688 Dot3svc - ok
21:36:56.0687 2688 dpti2o - ok
21:36:56.0703 2688 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
21:36:56.0703 2688 drmkaud - ok
21:36:56.0718 2688 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
21:36:56.0734 2688 EapHost - ok
21:36:56.0734 2688 EntDrv51 - ok
21:36:56.0734 2688 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
21:36:56.0750 2688 ERSvc - ok
21:36:56.0765 2688 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
21:36:56.0781 2688 Eventlog - ok
21:36:56.0781 2688 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
21:36:56.0781 2688 EventSystem - ok
21:36:56.0796 2688 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
21:36:56.0812 2688 Fastfat - ok
21:36:56.0828 2688 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:36:56.0859 2688 FastUserSwitchingCompatibility - ok
21:36:56.0875 2688 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
21:36:56.0875 2688 Fdc - ok
21:36:56.0890 2688 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
21:36:56.0890 2688 Fips - ok
21:36:56.0906 2688 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
21:36:56.0906 2688 Flpydisk - ok
21:36:56.0921 2688 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
21:36:56.0921 2688 FltMgr - ok
21:36:56.0968 2688 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:36:56.0968 2688 FontCache3.0.0.0 - ok
21:36:56.0968 2688 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:36:56.0984 2688 Fs_Rec - ok
21:36:56.0984 2688 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:36:56.0984 2688 Ftdisk - ok
21:36:57.0031 2688 [ 7BEC703F31E1D441DB16886C9AA4CBA9 ] getPlus® Helper C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
21:36:57.0796 2688 getPlus® Helper - ok
21:36:57.0796 2688 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:36:57.0796 2688 Gpc - ok
21:36:57.0843 2688 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:36:57.0890 2688 gusvc - ok
21:36:57.0921 2688 [ CBC3DEF409549672B915FB9403D63F74 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:36:57.0921 2688 HDAudBus - ok
21:36:57.0953 2688 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:36:57.0953 2688 helpsvc - ok
21:36:57.0968 2688 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
21:36:57.0968 2688 HidServ - ok
21:36:57.0968 2688 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:36:57.0984 2688 hidusb - ok
21:36:58.0000 2688 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
21:36:58.0000 2688 hkmsvc - ok
21:36:58.0000 2688 hpn - ok
21:36:58.0031 2688 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
21:36:58.0031 2688 HPZid412 - ok
21:36:58.0046 2688 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
21:36:58.0078 2688 HPZipr12 - ok
21:36:58.0093 2688 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
21:36:58.0125 2688 HPZius12 - ok
21:36:58.0156 2688 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
21:36:58.0156 2688 HTTP - ok
21:36:58.0171 2688 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
21:36:58.0187 2688 HTTPFilter - ok
21:36:58.0187 2688 i2omgmt - ok
21:36:58.0187 2688 i2omp - ok
21:36:58.0187 2688 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:36:58.0203 2688 i8042prt - ok
21:36:58.0281 2688 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:36:58.0343 2688 idsvc - ok
21:36:58.0343 2688 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
21:36:58.0359 2688 Imapi - ok
21:36:58.0375 2688 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
21:36:58.0390 2688 ImapiService - ok
21:36:58.0390 2688 ini910u - ok
21:36:58.0390 2688 IntelIde - ok
21:36:58.0421 2688 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:36:58.0421 2688 intelppm - ok
21:36:58.0437 2688 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
21:36:58.0437 2688 ip6fw - ok
21:36:58.0453 2688 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:36:58.0453 2688 IpFilterDriver - ok
21:36:58.0468 2688 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:36:58.0468 2688 IpInIp - ok
21:36:58.0484 2688 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:36:58.0484 2688 IpNat - ok
21:36:58.0500 2688 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:36:58.0500 2688 IPSec - ok
21:36:58.0515 2688 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
21:36:58.0515 2688 IRENUM - ok
21:36:58.0531 2688 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:36:58.0531 2688 isapnp - ok
21:36:58.0593 2688 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
21:36:58.0640 2688 JavaQuickStarterService - ok
21:36:58.0656 2688 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:36:58.0656 2688 Kbdclass - ok
21:36:58.0671 2688 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:36:58.0687 2688 kbdhid - ok
21:36:58.0703 2688 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
21:36:58.0703 2688 kmixer - ok
21:36:58.0718 2688 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
21:36:58.0718 2688 KSecDD - ok
21:36:58.0734 2688 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
21:36:58.0765 2688 lanmanserver - ok
21:36:58.0796 2688 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:36:58.0796 2688 lanmanworkstation - ok
21:36:58.0796 2688 lbrtfdc - ok
21:36:58.0812 2688 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
21:36:58.0812 2688 LmHosts - ok
21:36:58.0828 2688 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
21:36:58.0906 2688 mbamchameleon - ok
21:36:58.0937 2688 [ 1BC1A6B644D4CC1964CD851E92B604F4 ] McAfeeFramework C:\Program Files\McAfee\Common Framework\FrameworkService.exe
21:36:58.0984 2688 McAfeeFramework - ok
21:36:59.0000 2688 [ 12BEF73E0281AC793865BE1A331C67FC ] McShield C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
21:36:59.0015 2688 McShield - ok
21:36:59.0015 2688 [ DD61B815E2CBA6CCA6B7ED607F466652 ] McTaskManager C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
21:36:59.0062 2688 McTaskManager - ok
21:36:59.0078 2688 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
21:36:59.0078 2688 Messenger - ok
21:36:59.0109 2688 [ 1F334EB2A13816DF45671EBB98896DA7 ] mfeapfk C:\WINDOWS\system32\drivers\mfeapfk.sys
21:36:59.0109 2688 mfeapfk - ok
21:36:59.0125 2688 [ 8A1DEDBBDAD33587F6FAD780CE4B34B5 ] mfeavfk C:\WINDOWS\system32\drivers\mfeavfk.sys
21:36:59.0125 2688 mfeavfk - ok
21:36:59.0140 2688 [ D800E31A019A6979698EEF0507BAA746 ] mfebopk C:\WINDOWS\system32\drivers\mfebopk.sys
21:36:59.0156 2688 mfebopk - ok
21:36:59.0171 2688 [ 0AE14FAB8E25C258C6EBF3827C649273 ] mfehidk C:\WINDOWS\system32\drivers\mfehidk.sys
21:36:59.0187 2688 mfehidk - ok
21:36:59.0187 2688 [ A47F0F63E92730DE15D41624AB998C5C ] mfetdik C:\WINDOWS\system32\drivers\mfetdik.sys
21:36:59.0187 2688 mfetdik - ok
21:36:59.0203 2688 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
21:36:59.0203 2688 mnmdd - ok
21:36:59.0218 2688 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
21:36:59.0218 2688 mnmsrvc - ok
21:36:59.0234 2688 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
21:36:59.0234 2688 Modem - ok
21:36:59.0250 2688 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:36:59.0250 2688 Mouclass - ok
21:36:59.0265 2688 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:36:59.0281 2688 mouhid - ok
21:36:59.0281 2688 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
21:36:59.0281 2688 MountMgr - ok
21:36:59.0343 2688 [ 313265CF4F5F02ED927774DA1DB3FE00 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:36:59.0390 2688 MozillaMaintenance - ok
21:36:59.0390 2688 mraid35x - ok
21:36:59.0390 2688 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:36:59.0390 2688 MRxDAV - ok
21:36:59.0421 2688 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:36:59.0500 2688 MRxSmb - ok
21:36:59.0515 2688 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
21:36:59.0515 2688 MSDTC - ok
21:36:59.0531 2688 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
21:36:59.0531 2688 Msfs - ok
21:36:59.0531 2688 MSIServer - ok
21:36:59.0531 2688 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:36:59.0546 2688 MSKSSRV - ok
21:36:59.0546 2688 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:36:59.0546 2688 MSPCLOCK - ok
21:36:59.0562 2688 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
21:36:59.0562 2688 MSPQM - ok
21:36:59.0578 2688 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:36:59.0578 2688 mssmbios - ok
21:36:59.0609 2688 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:36:59.0609 2688 MTsensor - ok
21:36:59.0625 2688 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
21:36:59.0656 2688 Mup - ok
21:36:59.0671 2688 [ A95FED4C2FB11C79E7DDBE2EFF1919B5 ] mv61xx C:\WINDOWS\system32\DRIVERS\mv61xx.sys
21:36:59.0750 2688 mv61xx - ok
21:36:59.0781 2688 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
21:36:59.0781 2688 napagent - ok
21:36:59.0796 2688 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
21:36:59.0796 2688 NDIS - ok
21:36:59.0812 2688 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:36:59.0859 2688 NdisTapi - ok
21:36:59.0859 2688 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:36:59.0875 2688 Ndisuio - ok
21:36:59.0875 2688 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:36:59.0890 2688 NdisWan - ok
21:36:59.0890 2688 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
21:36:59.0921 2688 NDProxy - ok
21:36:59.0937 2688 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
21:36:59.0937 2688 NetBIOS - ok
21:36:59.0937 2688 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
21:36:59.0953 2688 NetBT - ok
21:36:59.0968 2688 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
21:36:59.0968 2688 NetDDE - ok
21:36:59.0968 2688 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
21:36:59.0984 2688 NetDDEdsdm - ok
21:37:00.0000 2688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
21:37:00.0000 2688 Netlogon - ok
21:37:00.0015 2688 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
21:37:00.0031 2688 Netman - ok
21:37:00.0078 2688 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:37:00.0093 2688 NetTcpPortSharing - ok
21:37:00.0109 2688 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:37:00.0109 2688 NIC1394 - ok
21:37:00.0125 2688 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
21:37:00.0125 2688 Nla - ok
21:37:00.0125 2688 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
21:37:00.0125 2688 Npfs - ok
21:37:00.0140 2688 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
21:37:00.0156 2688 Ntfs - ok
21:37:00.0156 2688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
21:37:00.0156 2688 NtLmSsp - ok
21:37:00.0187 2688 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
21:37:00.0187 2688 NtmsSvc - ok
21:37:00.0203 2688 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
21:37:00.0203 2688 Null - ok
21:37:00.0453 2688 [ 062C16F3364C7706713282163586988E ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:37:00.0750 2688 nv - ok
21:37:00.0781 2688 [ B2F5AC506C9B1103827B62BA18A2C514 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
21:37:00.0828 2688 NVSvc - ok
21:37:00.0843 2688 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:37:00.0859 2688 NwlnkFlt - ok
21:37:00.0859 2688 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:37:00.0859 2688 NwlnkFwd - ok
21:37:00.0890 2688 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:37:00.0890 2688 ohci1394 - ok
21:37:00.0921 2688 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:37:00.0968 2688 ose - ok
21:37:01.0093 2688 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:37:01.0125 2688 osppsvc - ok
21:37:01.0125 2688 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
21:37:01.0140 2688 Parport - ok
21:37:01.0140 2688 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
21:37:01.0140 2688 PartMgr - ok
21:37:01.0171 2688 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
21:37:01.0171 2688 ParVdm - ok
21:37:01.0171 2688 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
21:37:01.0171 2688 PCI - ok
21:37:01.0171 2688 PCIDump - ok
21:37:01.0187 2688 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
21:37:01.0187 2688 PCIIde - ok
21:37:01.0203 2688 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
21:37:01.0203 2688 Pcmcia - ok
21:37:01.0203 2688 PDCOMP - ok
21:37:01.0203 2688 PDFRAME - ok
21:37:01.0218 2688 PDRELI - ok
21:37:01.0218 2688 PDRFRAME - ok
21:37:01.0218 2688 perc2 - ok
21:37:01.0218 2688 perc2hib - ok
21:37:01.0234 2688 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
21:37:01.0234 2688 PlugPlay - ok
21:37:01.0265 2688 [ D31F88C5F19EEFA366A415D6BC5F2ABC ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
21:37:01.0312 2688 Pml Driver HPZ12 - ok
21:37:01.0312 2688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
21:37:01.0328 2688 PolicyAgent - ok
21:37:01.0328 2688 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:37:01.0343 2688 PptpMiniport - ok
21:37:01.0343 2688 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
21:37:01.0343 2688 Processor - ok
21:37:01.0343 2688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:37:01.0343 2688 ProtectedStorage - ok
21:37:01.0359 2688 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
21:37:01.0359 2688 PSched - ok
21:37:01.0390 2688 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:37:01.0406 2688 Ptilink - ok
21:37:01.0406 2688 ql1080 - ok
21:37:01.0406 2688 Ql10wnt - ok
21:37:01.0406 2688 ql12160 - ok
21:37:01.0406 2688 ql1240 - ok
21:37:01.0406 2688 ql1280 - ok
21:37:01.0437 2688 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:37:01.0437 2688 RasAcd - ok
21:37:01.0468 2688 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
21:37:01.0468 2688 RasAuto - ok
21:37:01.0515 2688 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:37:01.0515 2688 Rasl2tp - ok
21:37:01.0546 2688 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
21:37:01.0562 2688 RasMan - ok
21:37:01.0562 2688 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:37:01.0562 2688 RasPppoe - ok
21:37:01.0562 2688 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
21:37:01.0562 2688 Raspti - ok
21:37:01.0578 2688 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:37:01.0593 2688 Rdbss - ok
21:37:01.0593 2688 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:37:01.0593 2688 RDPCDD - ok
21:37:01.0609 2688 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:37:01.0609 2688 rdpdr - ok
21:37:01.0640 2688 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
21:37:01.0734 2688 RDPWD - ok
21:37:01.0750 2688 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
21:37:01.0765 2688 RDSessMgr - ok
21:37:01.0781 2688 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
21:37:01.0781 2688 redbook - ok
21:37:01.0812 2688 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
21:37:01.0812 2688 RemoteAccess - ok
21:37:01.0843 2688 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
21:37:01.0843 2688 RemoteRegistry - ok
21:37:01.0875 2688 [ EBDA480BB9688A34B5DB4F30AD8C912F ] ROOTUSB C:\WINDOWS\system32\Drivers\ROOTUSB.sys
21:37:01.0921 2688 ROOTUSB - ok
21:37:01.0937 2688 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
21:37:01.0937 2688 RpcLocator - ok
21:37:01.0968 2688 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
21:37:01.0968 2688 RpcSs - ok
21:37:01.0968 2688 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
21:37:01.0984 2688 RSVP - ok
21:37:02.0015 2688 [ 678C8FDB9D6094D41F322B7159853C54 ] rt2870 C:\WINDOWS\system32\DRIVERS\rt2870.sys
21:37:02.0078 2688 rt2870 - ok
21:37:02.0078 2688 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
21:37:02.0078 2688 SamSs - ok
21:37:02.0093 2688 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
21:37:02.0093 2688 SCardSvr - ok
21:37:02.0125 2688 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
21:37:02.0125 2688 Schedule - ok
21:37:02.0140 2688 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:37:02.0140 2688 Secdrv - ok
21:37:02.0156 2688 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
21:37:02.0156 2688 seclogon - ok
21:37:02.0171 2688 [ B6A6B409FDA9D9EBD3AADB838D3D7173 ] SenFiltService C:\WINDOWS\system32\drivers\Senfilt.sys
21:37:02.0187 2688 SenFiltService - ok
21:37:02.0187 2688 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
21:37:02.0187 2688 SENS - ok
21:37:02.0187 2688 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
21:37:02.0187 2688 Serial - ok
21:37:02.0203 2688 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
21:37:02.0203 2688 Sfloppy - ok
21:37:02.0234 2688 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
21:37:02.0250 2688 SharedAccess - ok
21:37:02.0250 2688 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:37:02.0250 2688 ShellHWDetection - ok
21:37:02.0250 2688 Simbad - ok
21:37:02.0265 2688 Sparrow - ok
21:37:02.0265 2688 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
21:37:02.0265 2688 splitter - ok
21:37:02.0312 2688 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
21:37:02.0343 2688 Spooler - ok
21:37:02.0359 2688 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
21:37:02.0359 2688 sr - ok
21:37:02.0359 2688 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
21:37:02.0375 2688 srservice - ok
21:37:02.0390 2688 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
21:37:02.0421 2688 Srv - ok
21:37:02.0453 2688 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
21:37:02.0453 2688 SSDPSRV - ok
21:37:02.0484 2688 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
21:37:02.0500 2688 stisvc - ok
21:37:02.0500 2688 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
21:37:02.0500 2688 swenum - ok
21:37:02.0515 2688 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
21:37:02.0515 2688 swmidi - ok
21:37:02.0515 2688 SwPrv - ok
21:37:02.0515 2688 symc810 - ok
21:37:02.0515 2688 symc8xx - ok
21:37:02.0515 2688 sym_hi - ok
21:37:02.0531 2688 sym_u3 - ok
21:37:02.0531 2688 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
21:37:02.0531 2688 sysaudio - ok
21:37:02.0546 2688 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
21:37:02.0546 2688 SysmonLog - ok
21:37:02.0578 2688 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
21:37:02.0578 2688 TapiSrv - ok
21:37:02.0609 2688 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:37:02.0609 2688 Tcpip - ok
21:37:02.0625 2688 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
21:37:02.0625 2688 TDPIPE - ok
21:37:02.0625 2688 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
21:37:02.0640 2688 TDTCP - ok
21:37:02.0640 2688 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
21:37:02.0640 2688 TermDD - ok
21:37:02.0671 2688 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
21:37:02.0687 2688 TermService - ok
21:37:02.0687 2688 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
21:37:02.0687 2688 Themes - ok
21:37:02.0703 2688 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\System32\tlntsvr.exe
21:37:02.0718 2688 TlntSvr - ok
21:37:02.0718 2688 TosIde - ok
21:37:02.0718 2688 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
21:37:02.0734 2688 TrkWks - ok
21:37:02.0750 2688 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
21:37:02.0750 2688 Udfs - ok
21:37:02.0750 2688 ultra - ok
21:37:02.0781 2688 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
21:37:02.0781 2688 Update - ok
21:37:02.0796 2688 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
21:37:02.0796 2688 upnphost - ok
21:37:02.0812 2688 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
21:37:02.0812 2688 UPS - ok
21:37:02.0843 2688 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:37:02.0843 2688 usbccgp - ok
21:37:02.0859 2688 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:37:02.0875 2688 usbehci - ok
21:37:02.0906 2688 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:37:02.0906 2688 usbhub - ok
21:37:02.0937 2688 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:37:02.0937 2688 usbprint - ok
21:37:02.0968 2688 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:37:02.0968 2688 usbscan - ok
21:37:02.0984 2688 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:37:02.0984 2688 USBSTOR - ok
21:37:03.0015 2688 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:37:03.0015 2688 usbuhci - ok
21:37:03.0015 2688 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
21:37:03.0031 2688 VgaSave - ok
21:37:03.0031 2688 ViaIde - ok
21:37:03.0046 2688 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
21:37:03.0062 2688 VolSnap - ok
21:37:03.0078 2688 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
21:37:03.0093 2688 VSS - ok
21:37:03.0093 2688 vusbbus - ok
21:37:03.0109 2688 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
21:37:03.0109 2688 W32Time - ok
21:37:03.0156 2688 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:37:03.0156 2688 Wanarp - ok
21:37:03.0156 2688 WDICA - ok
21:37:03.0187 2688 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
21:37:03.0187 2688 wdmaud - ok
21:37:03.0203 2688 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
21:37:03.0203 2688 WebClient - ok
21:37:03.0234 2688 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
21:37:03.0250 2688 winmgmt - ok
21:37:03.0265 2688 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
21:37:03.0265 2688 WmdmPmSN - ok
21:37:03.0312 2688 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
21:37:03.0312 2688 Wmi - ok
21:37:03.0328 2688 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
21:37:03.0343 2688 WmiApSrv - ok
21:37:03.0390 2688 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
21:37:03.0406 2688 WMPNetworkSvc - ok
21:37:03.0453 2688 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:37:03.0453 2688 WpdUsb - ok
21:37:03.0468 2688 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:37:03.0468 2688 WS2IFSL - ok
21:37:03.0484 2688 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
21:37:03.0500 2688 wscsvc - ok
21:37:03.0500 2688 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
21:37:03.0500 2688 wuauserv - ok
21:37:03.0515 2688 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:37:03.0515 2688 WudfPf - ok
21:37:03.0546 2688 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:37:03.0546 2688 WudfRd - ok
21:37:03.0578 2688 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
21:37:03.0593 2688 WudfSvc - ok
21:37:03.0625 2688 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
21:37:03.0640 2688 WZCSVC - ok
21:37:03.0671 2688 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
21:37:03.0671 2688 xmlprov - ok
21:37:03.0671 2688 yksvc - ok
21:37:03.0703 2688 [ F364E873C0F30E874AA4B1C919016AF6 ] yukonwxp C:\WINDOWS\system32\DRIVERS\yk51x86.sys
21:37:03.0703 2688 yukonwxp - ok
21:37:03.0703 2688 ================ Scan global ===============================
21:37:03.0734 2688 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
21:37:03.0765 2688 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:37:03.0796 2688 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
21:37:03.0812 2688 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
21:37:03.0812 2688 [Global] - ok
21:37:03.0812 2688 ================ Scan MBR ==================================
21:37:03.0828 2688 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:37:03.0968 2688 \Device\Harddisk0\DR0 - ok
21:37:03.0968 2688 ================ Scan VBR ==================================
21:37:03.0968 2688 [ FD6D47F75F59FB224645B1AD4F99BF30 ] \Device\Harddisk0\DR0\Partition1
21:37:03.0968 2688 \Device\Harddisk0\DR0\Partition1 - ok
21:37:03.0968 2688 ============================================================
21:37:03.0968 2688 Scan finished
21:37:03.0968 2688 ============================================================
21:37:03.0968 0444 Detected object count: 0
21:37:03.0968 0444 Actual detected object count: 0

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:27 AM

Posted 03 December 2012 - 12:47 AM

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 hop16

hop16
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 03 December 2012 - 01:01 AM

ASWMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-02 21:41:58
-----------------------------
21:41:58.375 OS Version: Windows 5.1.2600 Service Pack 3
21:41:58.375 Number of processors: 2 586 0x1706
21:41:58.375 ComputerName: GMATWO UserName: Nicole
21:41:59.296 Initialize success
21:46:00.062 AVAST engine defs: 12120200
21:46:18.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:46:18.031 Disk 0 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476940MB BusType: 3
21:46:18.046 Disk 0 MBR read successfully
21:46:18.046 Disk 0 MBR scan
21:46:18.078 Disk 0 Windows XP default MBR code
21:46:18.078 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
21:46:18.093 Disk 0 scanning sectors +976768065
21:46:18.156 Disk 0 scanning C:\WINDOWS\system32\drivers
21:46:26.468 Service scanning
21:46:37.875 Modules scanning
21:46:40.453 Disk 0 trace - called modules:
21:46:40.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:46:40.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae63030]
21:46:40.468 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8ae88a90]
21:46:40.468 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ae91940]
21:46:41.609 AVAST engine scan C:\WINDOWS
21:47:07.312 AVAST engine scan C:\WINDOWS\system32
21:49:40.125 AVAST engine scan C:\WINDOWS\system32\drivers
21:50:01.390 AVAST engine scan C:\Documents and Settings\Nicole
21:56:39.656 AVAST engine scan C:\Documents and Settings\All Users
21:57:31.296 Scan finished successfully
21:58:49.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Nicole\Desktop\MBR.dat"
21:58:49.531 The log file has been saved successfully to "C:\Documents and Settings\Nicole\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users