Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webpage redirects and advertisement in bottom corner


  • This topic is locked This topic is locked
21 replies to this topic

#1 artinion

artinion

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 05 December 2012 - 09:51 AM

My web pages redirects usually when I use a link and rarely randomly while I am on the page. I also have those sponsored ads appearing in the bottom right corner of the page. Neither my Norton anti-virus or Malwarebytes Anti-Malware can detect what is wrong.



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by artinion at 8:37:28 on 2012-12-05
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.961 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.2.0.19\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.2.0.19\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.2.0.19\CoIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\artinion\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 208.67.222.222 208.67.220.220
TCP: Interfaces\{18D1E36D-8CA7-462E-8E09-D263D98D5D78} : DHCPNameServer = 192.168.1.1 208.67.222.222 208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\artinion\appdata\roaming\mozilla\firefox\profiles\1fss8ocu.default\
FF - prefs.js: browser.search.selectedEngine - InternetHelper1.5 Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2010\chem3d\npChem3DPlugin.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2010\chemdraw\NPCDP32.DLL
FF - plugin: c:\program files\common files\wolfram research\browser\8.0.1.2063897\npmathplugin.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\magic video converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\magic video converter\codec\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin8.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-23 04:25; 2d3VuWrG6JHBXbQdbr@3BmSnQL.com; c:\users\artinion\appdata\roaming\mozilla\firefox\profiles\1fss8ocu.default\extensions\2d3VuWrG6JHBXbQdbr@3BmSnQL.com.xpi
FF - ExtSQL: 2012-12-05 07:54; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2012-12-05 07:55; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\IPSFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-11-28 368616]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-11-28 342168]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-11-28 909728]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1402000.013\SymDS.sys [2012-12-5 368288]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1402000.013\SymEFA.sys [2012-12-5 927904]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-12-5 995488]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1402000.013\ccSetx86.sys [2012-12-5 134304]
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [2011-10-6 7168]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.2.0.19\definitions\ipsdefs\20120901.001\IDSvix86.sys [2012-12-5 386720]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2012-11-28 260760]
R1 pctNdisLW;PC Tools NDIS 6 LightWeight filter;c:\windows\system32\drivers\pctNdisLW.sys [2012-11-29 60128]
R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-7-27 202280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1402000.013\Ironx86.sys [2012-12-5 175264]
R1 SYMTDIV;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1402000.013\symtdiv.sys [2012-12-5 350368]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2012-6-7 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2012-6-7 49152]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-12-30 21992]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-19 21504]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.2.0.19\ccSvcHst.exe [2012-12-5 143928]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2012-11-28 163288]
R2 PDFSFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2012-5-10 68464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2012-6-7 247320]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2012-1-18 22176]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2009-3-19 391168]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2011-10-6 28160]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-9-22 51712]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2012-11-29 92608]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2012-11-29 128024]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2012-11-28 71752]
S3 pctplsm;pctplsm;c:\windows\system32\drivers\pctplsm.sys [2012-11-28 68272]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-11-28 403416]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-11-28 1162360]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2010-3-19 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2010-3-19 251904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== File Associations ===============
.
ShellExec: MestReNova LITE.exe: open="c:\program files\mestrelab research s.l\mestrenova lite\MestReNova.exe" "%1"
.
=============== Created Last 30 ================
.
2012-12-05 14:09:42 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-05 13:53:26 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-12-05 13:53:26 -------- d-----w- c:\program files\Symantec
2012-12-05 13:53:15 927904 ----a-r- c:\windows\system32\drivers\n360\1402000.013\SymEFA.sys
2012-12-05 13:53:15 586400 ----a-r- c:\windows\system32\drivers\n360\1402000.013\srtsp.sys
2012-12-05 13:53:15 368288 ----a-r- c:\windows\system32\drivers\n360\1402000.013\SymDS.sys
2012-12-05 13:53:15 350368 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symtdiv.sys
2012-12-05 13:53:15 338592 ----a-r- c:\windows\system32\drivers\n360\1402000.013\symnets.sys
2012-12-05 13:53:15 32888 ----a-r- c:\windows\system32\drivers\n360\1402000.013\srtspx.sys
2012-12-05 13:53:15 21400 ----a-r- c:\windows\system32\drivers\n360\1402000.013\SymELAM.sys
2012-12-05 13:53:15 175264 ----a-r- c:\windows\system32\drivers\n360\1402000.013\Ironx86.sys
2012-12-05 13:53:15 134304 ----a-r- c:\windows\system32\drivers\n360\1402000.013\ccSetx86.sys
2012-12-05 13:52:54 9103 ----a-r- c:\windows\system32\drivers\n360\1402000.013\SymVTcer.dat
2012-12-05 13:52:53 -------- d-----w- c:\windows\system32\drivers\n360\1402000.013
2012-12-05 13:52:52 -------- d-----w- c:\program files\Norton 360
2012-12-04 19:36:39 -------- d-----w- c:\program files\CCleaner
2012-12-04 03:52:23 -------- d-----w- c:\users\artinion\appdata\roaming\SUPERAntiSpyware.com
2012-12-04 03:52:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-04 03:52:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-04 03:42:24 1152 ----a-w- c:\windows\system32\windrv.sys
2012-12-01 03:44:28 -------- d-----w- c:\users\artinion\appdata\local\temp
2012-11-30 14:20:55 -------- d-----w- c:\users\artinion\appdata\roaming\PC Tools
2012-11-30 14:20:53 -------- d-----w- c:\users\artinion\appdata\roaming\Spam Monitor
2012-11-29 21:00:05 128024 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-11-29 20:59:59 60128 ----a-w- c:\windows\system32\drivers\pctNdisLW.sys
2012-11-29 20:59:56 92608 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-11-29 20:59:56 33512 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-11-28 20:56:54 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-11-28 20:56:54 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-11-28 20:56:52 260760 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-11-28 20:56:52 178584 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-11-28 20:56:43 19464 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-11-28 20:56:40 71752 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-11-28 20:56:40 68272 ----a-w- c:\windows\system32\drivers\pctplsm.sys
2012-11-28 20:45:49 368616 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-11-28 20:45:49 163288 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-11-28 01:41:07 -------- d-----w- c:\program files\Ventrilo
2012-11-28 01:36:10 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-11-27 19:11:54 -------- d-----w- c:\users\artinion\appdata\local\Torch
2012-11-27 19:09:52 -------- d-----w- c:\programdata\boost_interprocess
2012-11-17 12:59:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin8.dll
2012-11-17 12:59:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-11-17 12:59:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-11-17 12:59:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-11-17 12:59:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-11-17 12:59:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-11-17 12:59:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-11-17 12:59:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2012-11-14 05:22:02 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 05:21:48 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 13:04:05 -------- d-----w- c:\users\artinion\appdata\roaming\HighVoltz
.
==================== Find3M ====================
.
2012-11-16 14:13:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-16 14:13:37 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-01 21:35:14 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-10-25 09:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-11 02:15:04 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:15:00 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:14:50 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-11 02:14:50 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-11 02:14:46 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:14:44 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-11 02:14:42 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:14:28 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:14:22 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-11 02:14:22 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-11 02:14:16 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:14:16 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-10-02 19:29:42 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29:41 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29:41 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29:41 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29:22 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28:53 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 18:15:52 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-30 01:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-24 21:40:37 60 ----a-w- c:\windows\wpd99.drv
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 8:38:26.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 05 December 2012 - 08:32 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 artinion

artinion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 05 December 2012 - 10:50 PM

Thank you so much for your reply. The adwcleaner helped a little it removed a toolbar that i knew was link to my problem but I just could not get rid of and so far I believe my redirecting problem has been resolved but I still get the sponsor ads in the bottom right corner unfortunately. These are the logs you requested and once again thank you for your help.


Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
CCleaner
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
Google Chrome 23.0.1271.95
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 26 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



# AdwCleaner v2.011 - Logfile created 12/05/2012 at 21:18:37
# Updated 02/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : artinion - ARTINION-PC
# Boot Mode : Normal
# Running from : C:\Users\artinion\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\searchplugins\safesearch.xml
File Deleted : C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\artinion\AppData\Local\APN
Folder Deleted : C:\Users\artinion\AppData\Local\Conduit
Folder Deleted : C:\Users\artinion\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\artinion\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\artinion\Documents\DealRunner

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\prefs.js

C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\user.js ... Deleted !

Deleted : user_pref("CT3247201_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFNEW1SB&ctid=CT3247201&[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper1.5 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFNEW1SB&[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3247201");
Deleted : user_pref("browser.bdtoolbar.orig_keyword_url", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&app[...]
Deleted : user_pref("browser.search.selectedEngine", "InternetHelper1.5 Customized Web Search");

Profile name : default
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\u9haez0u.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://search.conduit.com/?[...]
Deleted [l.50] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=384&systemid=406&apn_dtid[...]
Deleted [l.1758] : homepage = "hxxp://www.searchnu.com/406",
Deleted [l.2058] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://search.conduit.com/?cti[...]

*************************

AdwCleaner[S1].txt - [4368 octets] - [05/12/2012 21:18:37]

########## EOF - C:\AdwCleaner[S1].txt - [4428 octets] ##########




RogueKiller V8.3.1 [Dec 5 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : artinion [Admin rights]
Mode : Scan -- Date : 12/05/2012 21:38:20

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RtHDVCpl.exe -- C:\WINDOWS\RtHDVCpl.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x834A665D -> HOOKED (Unknown @ 0x89B71BD0)
SSDT[14] : NtAlertThread @ 0x8341F295 -> HOOKED (Unknown @ 0x89B71CD8)
SSDT[18] : NtAllocateVirtualMemory @ 0x8345B54B -> HOOKED (Unknown @ 0x89A10750)
SSDT[21] : NtAlpcConnectPort @ 0x833FD88B -> HOOKED (Unknown @ 0x89989748)
SSDT[42] : NtAssignProcessToJobObject @ 0x833D0B47 -> HOOKED (Unknown @ 0x89B71478)
SSDT[67] : NtCreateMutant @ 0x83433862 -> HOOKED (Unknown @ 0x89B5ECE0)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x833D335E -> HOOKED (Unknown @ 0x89B71198)
SSDT[78] : NtCreateThread @ 0x834A4C74 -> HOOKED (Unknown @ 0x89B67AB8)
SSDT[116] : NtDebugActiveProcess @ 0x83477D78 -> HOOKED (Unknown @ 0x89B71558)
SSDT[129] : NtDuplicateObject @ 0x8340B581 -> HOOKED (Unknown @ 0x89B82970)
SSDT[147] : NtFreeVirtualMemory @ 0x83297F1D -> HOOKED (Unknown @ 0x89B5AF80)
SSDT[156] : NtImpersonateAnonymousToken @ 0x833CDF16 -> HOOKED (Unknown @ 0x89B5EDD0)
SSDT[158] : NtImpersonateThread @ 0x833E3553 -> HOOKED (Unknown @ 0x89B5EE90)
SSDT[165] : NtLoadDriver @ 0x8337EDEE -> HOOKED (Unknown @ 0x89989248)
SSDT[177] : NtMapViewOfSection @ 0x834238DA -> HOOKED (Unknown @ 0x89B5AEE0)
SSDT[184] : NtOpenEvent @ 0x8340CDFF -> HOOKED (Unknown @ 0x89B5EC00)
SSDT[194] : NtOpenProcess @ 0x83433FFE -> HOOKED (Unknown @ 0x87E34F78)
SSDT[195] : NtOpenProcessToken @ 0x83414A60 -> HOOKED (Unknown @ 0x89B58938)
SSDT[197] : NtOpenSection @ 0x834246AD -> HOOKED (Unknown @ 0x89B5EA40)
SSDT[201] : NtOpenThread @ 0x8342F54F -> HOOKED (Unknown @ 0x89B87AF0)
SSDT[210] : NtProtectVirtualMemory @ 0x8342D332 -> HOOKED (Unknown @ 0x89B71388)
SSDT[282] : NtResumeThread @ 0x8342EB9A -> HOOKED (Unknown @ 0x89B82A98)
SSDT[289] : NtSetContextThread @ 0x834A610B -> HOOKED (Unknown @ 0x89B88F40)
SSDT[305] : NtSetInformationProcess @ 0x83427908 -> HOOKED (Unknown @ 0x89B88FC0)
SSDT[317] : NtSetSystemInformation @ 0x833F9EEF -> HOOKED (Unknown @ 0x89B71638)
SSDT[330] : NtSuspendProcess @ 0x834A6597 -> HOOKED (Unknown @ 0x89B5EB20)
SSDT[331] : NtSuspendThread @ 0x833AD92D -> HOOKED (Unknown @ 0x89B88DC0)
SSDT[335] : NtTerminateThread @ 0x8342F584 -> HOOKED (Unknown @ 0x89B88E80)
SSDT[348] : NtUnmapViewOfSection @ 0x83423B9D -> HOOKED (Unknown @ 0x89B5AE20)
SSDT[358] : NtWriteVirtualMemory @ 0x8342096D -> HOOKED (Unknown @ 0x89A10638)
SSDT[382] : NtCreateThreadEx @ 0x8342F039 -> HOOKED (Unknown @ 0x89B71288)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x89CD8130)
S_SSDT[397] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x89B440C0)
S_SSDT[428] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x89BECA00)
S_SSDT[430] : NtUserGetKeyState -> HOOKED (Unknown @ 0x89B44180)
S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89CD8060)
S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A3197F0)
S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A30FA90)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A319968)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89CD8008)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A316618)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD400LJ SCSI Disk Device +++++
--- User ---
[MBR] d3258c03b613dc3ed3a82ce6c19873f2
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 372554 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 762991110 | Size: 8997 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12052012_02d2138.txt >>
RKreport[1]_S_12052012_02d2138.txt

#4 artinion

artinion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 05 December 2012 - 10:58 PM

Unfortunately I was wrong I do still have the redirecting problem, but still on the bright side my toolbar is fixed.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 05 December 2012 - 11:01 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo



Code:
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

AVG right now is very hard to shut down long enough to run our scans and is actively going after some of our tools - for this reason we are going to have to remove it until we are finished

I would like you to uninstall AVG and run their AVG removal tool - 32 bit



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 artinion

artinion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 05 December 2012 - 11:51 PM

I haven't seen the sponsored ad in the bottom corner yet but I still have the redirecting problem. Specifically when I was hitting the add reply to this post.


ComboFix 12-12-04.01 - artinion 12/05/2012 22:16:11.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1084 [GMT -6:00]
Running from: c:\users\artinion\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))
.
.
2012-12-05 13:53 . 2012-12-05 13:53 142496 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-12-05 13:53 . 2012-12-05 13:53 -------- d-----w- c:\program files\Symantec
2012-12-05 13:52 . 2012-12-05 17:32 -------- d-----w- c:\windows\system32\drivers\N360\1402000.013
2012-12-05 13:52 . 2012-12-05 13:52 -------- d-----w- c:\program files\Norton 360
2012-12-04 19:36 . 2012-12-04 19:36 -------- d-----w- c:\program files\CCleaner
2012-12-04 03:52 . 2012-12-04 03:52 -------- d-----w- c:\users\artinion\AppData\Roaming\SUPERAntiSpyware.com
2012-12-04 03:52 . 2012-12-04 03:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-04 03:52 . 2012-12-04 03:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-04 03:42 . 2012-12-04 03:42 1152 ----a-w- c:\windows\system32\windrv.sys
2012-12-01 03:44 . 2012-12-06 04:25 -------- d-----w- c:\users\artinion\AppData\Local\temp
2012-11-30 14:20 . 2012-11-30 14:20 -------- d-----w- c:\users\artinion\AppData\Roaming\PC Tools
2012-11-30 14:20 . 2012-11-30 14:20 -------- d-----w- c:\users\artinion\AppData\Roaming\Spam Monitor
2012-11-29 21:00 . 2012-11-29 21:00 128024 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2012-11-29 20:59 . 2012-11-29 20:59 60128 ----a-w- c:\windows\system32\drivers\pctNdisLW.sys
2012-11-29 20:59 . 2012-11-29 20:59 92608 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-11-29 20:59 . 2012-11-29 20:59 33512 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2012-11-28 20:56 . 2012-02-28 17:43 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-11-28 20:56 . 2012-02-28 17:43 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-11-28 20:56 . 2012-10-31 20:21 178584 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-11-28 20:56 . 2012-10-31 20:21 260760 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-11-28 20:56 . 2012-11-01 21:35 19464 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-11-28 20:56 . 2012-11-01 21:35 68272 ----a-w- c:\windows\system32\drivers\pctplsm.sys
2012-11-28 20:56 . 2012-11-01 21:35 71752 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-11-28 20:45 . 2012-10-22 22:38 368616 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-11-28 20:45 . 2012-10-22 22:38 163288 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-11-28 01:41 . 2012-11-28 01:41 -------- d-----w- c:\program files\Ventrilo
2012-11-28 01:36 . 2012-11-28 01:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-27 19:11 . 2012-11-27 20:07 -------- d-----w- c:\users\artinion\AppData\Local\Torch
2012-11-25 05:39 . 2012-11-25 05:39 -------- d-----w- c:\users\Administrator\AppData\Local\Mozilla
2012-11-25 05:37 . 2012-11-25 05:37 -------- d-----w- c:\users\Administrator\AppData\Local\Threat Expert
2012-11-25 04:30 . 2012-11-25 04:31 -------- d-----w- c:\users\Administrator\AppData\Local\Logitech
2012-11-25 04:25 . 2012-11-25 04:25 -------- d-----w- c:\users\Administrator\AppData\Roaming\Apple Computer
2012-11-17 12:59 . 2012-11-17 12:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin8.dll
2012-11-17 12:59 . 2012-11-17 12:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-11-17 12:59 . 2012-11-17 12:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-11-17 12:59 . 2012-11-17 12:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-11-17 12:59 . 2012-11-17 12:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-11-17 12:59 . 2012-11-17 12:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-11-17 12:59 . 2012-11-17 12:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-11-17 12:59 . 2012-11-17 12:59 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-11-14 05:22 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 05:21 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 13:04 . 2012-11-06 13:04 -------- d-----w- c:\users\artinion\AppData\Roaming\HighVoltz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 14:13 . 2012-03-31 13:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-16 14:13 . 2011-05-17 17:57 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-01 21:35 . 2012-07-27 14:33 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-11 02:15 . 2012-10-11 02:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:15 . 2012-10-11 02:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:14 . 2012-10-11 02:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-11 02:14 . 2012-01-06 06:19 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-11 02:14 . 2012-10-11 02:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:14 . 2012-01-06 06:19 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-11 02:14 . 2012-10-11 02:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:14 . 2012-10-11 02:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:14 . 2012-10-11 02:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-11 02:14 . 2012-01-06 06:19 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-11 02:14 . 2012-10-11 02:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:14 . 2012-05-23 17:57 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-02 19:29 . 2012-01-06 06:21 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2012-10-23 13:43 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:29 . 2012-01-06 06:21 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2012-01-06 06:21 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2012-01-06 06:21 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2012-01-06 06:21 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-30 01:54 . 2012-07-23 01:19 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 04:16 . 2012-10-30 13:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 13:28 . 2012-10-10 04:48 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-05 10:21 . 2012-12-05 10:20 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 15:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^artinion^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\artinion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 03:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 04:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 19:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 09:12 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-01 13:55 296096 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 14:13]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-09 19:30]
.
2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-09 19:30]
.
2012-12-06 c:\windows\Tasks\Norton Security Scan for artinion.job
- c:\progra~1\NORTON~3\Engine\301~1.8\Nss.exe [2011-01-26 08:30]
.
2012-12-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 4f9e9eb1-75e7-42c8-a0d7-6024628e8c73.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-12-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task cd92519c-35c1-4dd7-bf95-51c183717058.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-23 04:25; 2d3VuWrG6JHBXbQdbr@3BmSnQL.com; c:\users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\extensions\2d3VuWrG6JHBXbQdbr@3BmSnQL.com.xpi
FF - ExtSQL: 2012-12-05 07:54; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn
FF - ExtSQL: 2012-12-05 07:55; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-05 22:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-05 22:28:03
ComboFix-quarantined-files.txt 2012-12-06 04:28
.
Pre-Run: 31,636,897,792 bytes free
Post-Run: 31,596,253,184 bytes free
.
- - End Of File - - F83E06953C73DAD855CD08644F5FABFB

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 06 December 2012 - 06:10 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 artinion

artinion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 06 December 2012 - 09:14 PM

19:40:46.0503 5164 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:40:47.0497 5164 ============================================================
19:40:47.0497 5164 Current date / time: 2012/12/06 19:40:47.0497
19:40:47.0497 5164 SystemInfo:
19:40:47.0497 5164
19:40:47.0497 5164 OS Version: 6.0.6002 ServicePack: 2.0
19:40:47.0497 5164 Product type: Workstation
19:40:47.0497 5164 ComputerName: ARTINION-PC
19:40:47.0497 5164 UserName: artinion
19:40:47.0497 5164 Windows directory: C:\Windows
19:40:47.0497 5164 System windows directory: C:\Windows
19:40:47.0497 5164 Processor architecture: Intel x86
19:40:47.0497 5164 Number of processors: 2
19:40:47.0498 5164 Page size: 0x1000
19:40:47.0498 5164 Boot type: Normal boot
19:40:47.0498 5164 ============================================================
19:40:48.0262 5164 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:48.0305 5164 ============================================================
19:40:48.0305 5164 \Device\Harddisk0\DR0:
19:40:48.0305 5164 MBR partitions:
19:40:48.0305 5164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2D7A51C7
19:40:48.0305 5164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2D7A5206, BlocksNum 0x1192ABB
19:40:48.0306 5164 ============================================================
19:40:48.0364 5164 C: <-> \Device\Harddisk0\DR0\Partition1
19:40:48.0459 5164 D: <-> \Device\Harddisk0\DR0\Partition2
19:40:48.0567 5164 ============================================================
19:40:48.0567 5164 Initialize success
19:40:48.0567 5164 ============================================================
19:40:58.0107 4064 ============================================================
19:40:58.0108 4064 Scan started
19:40:58.0108 4064 Mode: Manual;
19:40:58.0108 4064 ============================================================
19:40:58.0592 4064 ================ Scan system memory ========================
19:40:58.0592 4064 System memory - ok
19:40:58.0593 4064 ================ Scan services =============================
19:40:58.0749 4064 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:40:58.0751 4064 !SASCORE - ok
19:40:59.0703 4064 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:40:59.0727 4064 ACPI - ok
19:40:59.0802 4064 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:40:59.0824 4064 AdobeARMservice - ok
19:40:59.0901 4064 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:40:59.0904 4064 AdobeFlashPlayerUpdateSvc - ok
19:40:59.0971 4064 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:40:59.0983 4064 adp94xx - ok
19:41:00.0005 4064 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:41:00.0014 4064 adpahci - ok
19:41:00.0047 4064 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:41:00.0050 4064 adpu160m - ok
19:41:00.0067 4064 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:41:00.0071 4064 adpu320 - ok
19:41:00.0105 4064 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:41:00.0136 4064 AeLookupSvc - ok
19:41:00.0185 4064 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:41:00.0208 4064 AFD - ok
19:41:00.0391 4064 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
19:41:00.0396 4064 AffinegyService - ok
19:41:00.0466 4064 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:41:00.0483 4064 agp440 - ok
19:41:00.0515 4064 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:41:00.0522 4064 aic78xx - ok
19:41:00.0574 4064 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:41:00.0576 4064 ALG - ok
19:41:00.0605 4064 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
19:41:00.0607 4064 aliide - ok
19:41:00.0641 4064 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:41:00.0643 4064 amdagp - ok
19:41:00.0664 4064 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
19:41:00.0666 4064 amdide - ok
19:41:00.0686 4064 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:41:00.0688 4064 AmdK7 - ok
19:41:00.0718 4064 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:41:00.0720 4064 AmdK8 - ok
19:41:00.0745 4064 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:41:00.0746 4064 Appinfo - ok
19:41:00.0837 4064 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:41:00.0840 4064 Apple Mobile Device - ok
19:41:00.0883 4064 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
19:41:00.0886 4064 arc - ok
19:41:00.0905 4064 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:41:00.0908 4064 arcsas - ok
19:41:01.0078 4064 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:41:01.0096 4064 aspnet_state - ok
19:41:01.0135 4064 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:01.0137 4064 AsyncMac - ok
19:41:01.0168 4064 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:41:01.0186 4064 atapi - ok
19:41:01.0228 4064 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:41:01.0234 4064 AudioEndpointBuilder - ok
19:41:01.0243 4064 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:41:01.0247 4064 Audiosrv - ok
19:41:01.0288 4064 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:41:01.0290 4064 Beep - ok
19:41:01.0361 4064 [ DEFCE42FE9EED1A0DC4A28FDDFF603C9 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
19:41:01.0362 4064 Belkin Local Backup Service - ok
19:41:01.0396 4064 [ E23AF2900A4E3CA7FF22F1C80A013305 ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
19:41:01.0397 4064 Belkin Network USB Helper - ok
19:41:01.0426 4064 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:41:01.0433 4064 BFE - ok
19:41:01.0490 4064 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
19:41:01.0512 4064 BITS - ok
19:41:01.0528 4064 blbdrive - ok
19:41:01.0594 4064 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:41:01.0601 4064 Bonjour Service - ok
19:41:01.0637 4064 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:41:01.0639 4064 bowser - ok
19:41:01.0670 4064 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:41:01.0671 4064 BrFiltLo - ok
19:41:01.0688 4064 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:41:01.0689 4064 BrFiltUp - ok
19:41:01.0722 4064 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:41:01.0724 4064 Browser - ok
19:41:01.0740 4064 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:41:01.0742 4064 Brserid - ok
19:41:01.0763 4064 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:41:01.0766 4064 BrSerWdm - ok
19:41:01.0782 4064 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:41:01.0783 4064 BrUsbMdm - ok
19:41:01.0800 4064 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:41:01.0802 4064 BrUsbSer - ok
19:41:01.0808 4064 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:41:01.0810 4064 BTHMODEM - ok
19:41:02.0004 4064 catchme - ok
19:41:02.0056 4064 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:41:02.0083 4064 cdfs - ok
19:41:02.0142 4064 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:41:02.0145 4064 cdrom - ok
19:41:02.0176 4064 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:41:02.0178 4064 CertPropSvc - ok
19:41:02.0209 4064 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
19:41:02.0237 4064 circlass - ok
19:41:02.0323 4064 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:41:02.0328 4064 CLFS - ok
19:41:02.0365 4064 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:41:02.0368 4064 clr_optimization_v2.0.50727_32 - ok
19:41:02.0419 4064 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:41:02.0421 4064 clr_optimization_v4.0.30319_32 - ok
19:41:02.0444 4064 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:41:02.0445 4064 cmdide - ok
19:41:02.0487 4064 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:41:02.0488 4064 Compbatt - ok
19:41:02.0532 4064 [ 9704B9C442E3EF2989746D08F80A3743 ] CompFilter C:\Windows\system32\DRIVERS\lvbusflt.sys
19:41:02.0557 4064 CompFilter - ok
19:41:02.0564 4064 COMSysApp - ok
19:41:02.0598 4064 [ C2EB4539A4F6AB6EDD01BDC191619975 ] cpuz135 C:\Windows\system32\drivers\cpuz135_x32.sys
19:41:02.0600 4064 cpuz135 - ok
19:41:02.0622 4064 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:41:02.0624 4064 crcdisk - ok
19:41:02.0644 4064 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:41:02.0646 4064 Crusoe - ok
19:41:02.0680 4064 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:41:02.0683 4064 CryptSvc - ok
19:41:02.0728 4064 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:41:02.0738 4064 DcomLaunch - ok
19:41:02.0801 4064 [ 1C420FBB33FDF3CE282B39E0C20B0E82 ] DefragFS C:\Windows\system32\drivers\DefragFS.sys
19:41:02.0804 4064 DefragFS - ok
19:41:02.0847 4064 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:41:02.0850 4064 DfsC - ok
19:41:02.0954 4064 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:41:02.0994 4064 DFSR - ok
19:41:03.0038 4064 [ 01E930A5A29506C51A8343C8B827DCB4 ] DhaHelper C:\Windows\system32\drivers\dhahelper.sys
19:41:03.0056 4064 DhaHelper - ok
19:41:03.0099 4064 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:41:03.0104 4064 Dhcp - ok
19:41:03.0137 4064 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:41:03.0157 4064 disk - ok
19:41:03.0195 4064 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:41:03.0198 4064 Dnscache - ok
19:41:03.0227 4064 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:41:03.0232 4064 dot3svc - ok
19:41:03.0270 4064 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:41:03.0274 4064 Dot4 - ok
19:41:03.0321 4064 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:41:03.0323 4064 Dot4Print - ok
19:41:03.0353 4064 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:41:03.0355 4064 dot4usb - ok
19:41:03.0388 4064 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:41:03.0392 4064 DPS - ok
19:41:03.0421 4064 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:41:03.0441 4064 drmkaud - ok
19:41:03.0482 4064 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:41:03.0493 4064 DXGKrnl - ok
19:41:03.0527 4064 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:41:03.0530 4064 E1G60 - ok
19:41:03.0558 4064 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:41:03.0561 4064 EapHost - ok
19:41:03.0604 4064 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:41:03.0607 4064 Ecache - ok
19:41:03.0674 4064 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:41:03.0680 4064 ehRecvr - ok
19:41:03.0716 4064 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:41:03.0720 4064 ehSched - ok
19:41:03.0749 4064 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:41:03.0751 4064 ehstart - ok
19:41:03.0838 4064 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:41:03.0848 4064 elxstor - ok
19:41:03.0916 4064 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:41:03.0930 4064 EMDMgmt - ok
19:41:03.0990 4064 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:41:03.0993 4064 EventSystem - ok
19:41:04.0074 4064 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:41:04.0084 4064 exfat - ok
19:41:04.0114 4064 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:41:04.0119 4064 fastfat - ok
19:41:04.0155 4064 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:41:04.0158 4064 fdc - ok
19:41:04.0185 4064 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:41:04.0187 4064 fdPHost - ok
19:41:04.0216 4064 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:41:04.0219 4064 FDResPub - ok
19:41:04.0252 4064 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:41:04.0256 4064 FileInfo - ok
19:41:04.0327 4064 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:41:04.0330 4064 Filetrace - ok
19:41:04.0443 4064 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:41:04.0459 4064 FLEXnet Licensing Service - ok
19:41:04.0498 4064 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:04.0502 4064 flpydisk - ok
19:41:04.0547 4064 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:41:04.0553 4064 FltMgr - ok
19:41:04.0608 4064 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:41:04.0633 4064 FontCache - ok
19:41:04.0711 4064 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:41:04.0732 4064 FontCache3.0.0.0 - ok
19:41:04.0776 4064 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:41:04.0779 4064 Fs_Rec - ok
19:41:04.0805 4064 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:41:04.0809 4064 gagp30kx - ok
19:41:04.0853 4064 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:41:04.0856 4064 GEARAspiWDM - ok
19:41:05.0032 4064 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:41:05.0059 4064 gpsvc - ok
19:41:05.0217 4064 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:05.0224 4064 gupdate - ok
19:41:05.0245 4064 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:05.0247 4064 gupdatem - ok
19:41:05.0377 4064 [ 06D43E140A1B20BEA7307B91ECE79A32 ] hcw18bda C:\Windows\system32\drivers\hcw18bda.sys
19:41:05.0400 4064 hcw18bda - ok
19:41:05.0432 4064 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:41:05.0438 4064 HdAudAddService - ok
19:41:05.0626 4064 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:41:05.0641 4064 HDAudBus - ok
19:41:05.0682 4064 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:41:05.0705 4064 HidBth - ok
19:41:05.0731 4064 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:41:05.0735 4064 HidIr - ok
19:41:05.0777 4064 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
19:41:05.0778 4064 hidserv - ok
19:41:05.0807 4064 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:41:05.0822 4064 HidUsb - ok
19:41:05.0864 4064 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:41:05.0868 4064 hkmsvc - ok
19:41:05.0890 4064 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:41:05.0892 4064 HpCISSs - ok
19:41:05.0993 4064 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:41:05.0998 4064 hpqcxs08 - ok
19:41:06.0037 4064 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:41:06.0040 4064 hpqddsvc - ok
19:41:06.0137 4064 [ 88749FBF8BEB18C90E7D6626C8C1910B ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys
19:41:06.0153 4064 HSF_DP - ok
19:41:06.0173 4064 [ FE440536BD98AF772130DC3A6FE1915F ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
19:41:06.0179 4064 HSXHWBS2 - ok
19:41:06.0248 4064 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:41:06.0258 4064 HTTP - ok
19:41:06.0286 4064 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:41:06.0288 4064 i2omp - ok
19:41:06.0320 4064 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:41:06.0323 4064 i8042prt - ok
19:41:06.0388 4064 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:41:06.0395 4064 iaStorV - ok
19:41:06.0456 4064 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:41:06.0458 4064 IDriverT - ok
19:41:06.0522 4064 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:41:06.0536 4064 idsvc - ok
19:41:06.0555 4064 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:41:06.0559 4064 iirsp - ok
19:41:06.0662 4064 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:41:06.0728 4064 IKEEXT - ok
19:41:07.0079 4064 [ 84ED2154239F9D013BBD3220755ADA8B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:41:07.0222 4064 IntcAzAudAddService - ok
19:41:07.0289 4064 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
19:41:07.0302 4064 intelide - ok
19:41:07.0328 4064 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:41:07.0342 4064 intelppm - ok
19:41:07.0444 4064 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:41:07.0462 4064 IPBusEnum - ok
19:41:07.0483 4064 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:41:07.0485 4064 IpFilterDriver - ok
19:41:07.0525 4064 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:41:07.0529 4064 iphlpsvc - ok
19:41:07.0536 4064 IpInIp - ok
19:41:07.0558 4064 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:41:07.0560 4064 IPMIDRV - ok
19:41:07.0592 4064 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:41:07.0595 4064 IPNAT - ok
19:41:07.0742 4064 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:41:07.0756 4064 iPod Service - ok
19:41:07.0789 4064 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:41:07.0791 4064 IRENUM - ok
19:41:07.0809 4064 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:41:07.0811 4064 isapnp - ok
19:41:07.0847 4064 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:41:07.0851 4064 iScsiPrt - ok
19:41:07.0870 4064 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:41:07.0872 4064 iteatapi - ok
19:41:07.0900 4064 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:41:07.0903 4064 iteraid - ok
19:41:07.0933 4064 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:41:07.0935 4064 kbdclass - ok
19:41:07.0957 4064 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:41:07.0959 4064 kbdhid - ok
19:41:07.0983 4064 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:41:07.0985 4064 KeyIso - ok
19:41:08.0101 4064 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:41:08.0126 4064 KSecDD - ok
19:41:08.0171 4064 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:41:08.0189 4064 KtmRm - ok
19:41:08.0225 4064 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
19:41:08.0230 4064 LanmanServer - ok
19:41:08.0269 4064 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:41:08.0278 4064 LanmanWorkstation - ok
19:41:08.0330 4064 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:41:08.0335 4064 LGBusEnum - ok
19:41:08.0371 4064 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:41:08.0372 4064 LGVirHid - ok
19:41:08.0403 4064 [ 03E12DBFACF1AEB86C553B0DB488FB81 ] libusb0 C:\Windows\system32\drivers\libusb0.sys
19:41:08.0405 4064 libusb0 - ok
19:41:08.0478 4064 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:41:08.0480 4064 LightScribeService - ok
19:41:08.0504 4064 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:41:08.0507 4064 lltdio - ok
19:41:08.0539 4064 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:41:08.0545 4064 lltdsvc - ok
19:41:08.0571 4064 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:41:08.0574 4064 lmhosts - ok
19:41:08.0607 4064 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:41:08.0610 4064 LSI_FC - ok
19:41:08.0645 4064 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:41:08.0647 4064 LSI_SAS - ok
19:41:08.0665 4064 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:41:08.0669 4064 LSI_SCSI - ok
19:41:08.0696 4064 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:41:08.0699 4064 luafv - ok
19:41:08.0752 4064 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
19:41:08.0775 4064 LVRS - ok
19:41:09.0433 4064 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
19:41:09.0554 4064 LVUVC - ok
19:41:09.0620 4064 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:41:09.0630 4064 Mcx2Svc - ok
19:41:09.0668 4064 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:41:09.0670 4064 mdmxsdk - ok
19:41:09.0703 4064 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
19:41:09.0719 4064 megasas - ok
19:41:09.0751 4064 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:41:09.0754 4064 MMCSS - ok
19:41:09.0784 4064 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:41:09.0786 4064 Modem - ok
19:41:09.0814 4064 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:41:09.0816 4064 monitor - ok
19:41:09.0902 4064 [ EC47036E1EDDAA81E879D801F66CCE67 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
19:41:09.0927 4064 MotioninJoyXFilter - ok
19:41:09.0960 4064 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:41:09.0962 4064 mouclass - ok
19:41:09.0996 4064 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:41:10.0001 4064 mouhid - ok
19:41:10.0077 4064 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:41:10.0105 4064 MountMgr - ok
19:41:10.0315 4064 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:41:10.0339 4064 MozillaMaintenance - ok
19:41:10.0371 4064 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
19:41:10.0373 4064 mpio - ok
19:41:10.0405 4064 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:41:10.0407 4064 mpsdrv - ok
19:41:10.0461 4064 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:41:10.0489 4064 MpsSvc - ok
19:41:10.0524 4064 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:41:10.0526 4064 Mraid35x - ok
19:41:10.0561 4064 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:41:10.0585 4064 MRxDAV - ok
19:41:10.0627 4064 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:41:10.0630 4064 mrxsmb - ok
19:41:10.0735 4064 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:41:10.0759 4064 mrxsmb10 - ok
19:41:10.0799 4064 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:41:10.0804 4064 mrxsmb20 - ok
19:41:10.0826 4064 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
19:41:10.0830 4064 msahci - ok
19:41:10.0878 4064 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:41:10.0898 4064 msdsm - ok
19:41:10.0938 4064 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:41:10.0942 4064 MSDTC - ok
19:41:10.0981 4064 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:41:11.0001 4064 Msfs - ok
19:41:11.0034 4064 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:41:11.0036 4064 msisadrv - ok
19:41:11.0075 4064 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:41:11.0092 4064 MSiSCSI - ok
19:41:11.0100 4064 msiserver - ok
19:41:11.0138 4064 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:41:11.0140 4064 MSKSSRV - ok
19:41:11.0158 4064 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:41:11.0160 4064 MSPCLOCK - ok
19:41:11.0185 4064 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:41:11.0187 4064 MSPQM - ok
19:41:11.0220 4064 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:41:11.0224 4064 MsRPC - ok
19:41:11.0246 4064 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:41:11.0248 4064 mssmbios - ok
19:41:11.0271 4064 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:41:11.0273 4064 MSTEE - ok
19:41:11.0311 4064 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:41:11.0315 4064 Mup - ok
19:41:11.0409 4064 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:41:11.0416 4064 napagent - ok
19:41:11.0460 4064 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:41:11.0463 4064 NativeWifiP - ok
19:41:11.0502 4064 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:41:11.0510 4064 NDIS - ok
19:41:11.0525 4064 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:41:11.0527 4064 NdisTapi - ok
19:41:11.0546 4064 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:41:11.0547 4064 Ndisuio - ok
19:41:11.0584 4064 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:41:11.0587 4064 NdisWan - ok
19:41:11.0619 4064 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:41:11.0623 4064 NDProxy - ok
19:41:11.0695 4064 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:41:11.0697 4064 Net Driver HPZ12 - ok
19:41:11.0710 4064 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:41:11.0711 4064 NetBIOS - ok
19:41:11.0765 4064 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:41:11.0772 4064 netbt - ok
19:41:11.0790 4064 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:41:11.0792 4064 Netlogon - ok
19:41:11.0829 4064 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:41:11.0836 4064 Netman - ok
19:41:11.0958 4064 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:41:11.0984 4064 netprofm - ok
19:41:12.0026 4064 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:41:12.0028 4064 NetTcpPortSharing - ok
19:41:12.0057 4064 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:41:12.0059 4064 nfrd960 - ok
19:41:12.0094 4064 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:41:12.0099 4064 NlaSvc - ok
19:41:12.0132 4064 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:41:12.0150 4064 Npfs - ok
19:41:12.0183 4064 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:41:12.0186 4064 nsi - ok
19:41:12.0223 4064 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:41:12.0238 4064 nsiproxy - ok
19:41:12.0328 4064 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:41:12.0356 4064 Ntfs - ok
19:41:12.0388 4064 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:41:12.0390 4064 ntrigdigi - ok
19:41:12.0417 4064 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:41:12.0419 4064 Null - ok
19:41:12.0636 4064 [ D958A2B5F6AD5C3B8CCDC4D7DA62466C ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:41:12.0653 4064 NVENETFD - ok
19:41:12.0693 4064 [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
19:41:12.0697 4064 NVHDA - ok
19:41:13.0962 4064 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:41:14.0174 4064 nvlddmkm - ok
19:41:14.0243 4064 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:41:14.0260 4064 nvraid - ok
19:41:14.0279 4064 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:41:14.0283 4064 nvstor - ok
19:41:14.0312 4064 [ 7EBA6C9A0A295B1559EFB9062E701218 ] nvstor32 C:\Windows\system32\drivers\nvstor32.sys
19:41:14.0313 4064 nvstor32 - ok
19:41:14.0387 4064 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:41:14.0393 4064 nvsvc - ok
19:41:14.0682 4064 [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:41:14.0711 4064 nvUpdatusService - ok
19:41:14.0746 4064 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:41:14.0779 4064 nv_agp - ok
19:41:14.0785 4064 NwlnkFlt - ok
19:41:14.0794 4064 NwlnkFwd - ok
19:41:14.0883 4064 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:41:14.0892 4064 odserv - ok
19:41:14.0926 4064 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:41:14.0928 4064 ohci1394 - ok
19:41:14.0959 4064 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:14.0962 4064 ose - ok
19:41:15.0007 4064 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:41:15.0018 4064 p2pimsvc - ok
19:41:15.0034 4064 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:41:15.0040 4064 p2psvc - ok
19:41:15.0129 4064 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:41:15.0145 4064 Parport - ok
19:41:15.0183 4064 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:41:15.0185 4064 partmgr - ok
19:41:15.0209 4064 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:41:15.0211 4064 Parvdm - ok
19:41:15.0245 4064 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:41:15.0261 4064 PcaSvc - ok
19:41:15.0294 4064 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:41:15.0298 4064 pci - ok
19:41:15.0309 4064 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
19:41:15.0311 4064 pciide - ok
19:41:15.0338 4064 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:41:15.0343 4064 pcmcia - ok
19:41:15.0386 4064 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
19:41:15.0401 4064 pcouffin - ok
19:41:15.0444 4064 [ A2273532D0B2162122DB1EC21312CEA5 ] PCTAppEvent C:\Windows\system32\drivers\PCTAppEvent.sys
19:41:15.0448 4064 PCTAppEvent - ok
19:41:15.0485 4064 [ 07D9D16537B6969F2BBE00485F10D5BA ] PCTCore C:\Windows\system32\drivers\PCTCore.sys
19:41:15.0491 4064 PCTCore - ok
19:41:15.0516 4064 [ 3C9FD593E95B98C642B4486CD122C2FB ] pctDS C:\Windows\system32\drivers\pctDS.sys
19:41:15.0525 4064 pctDS - ok
19:41:15.0637 4064 [ DB6B6E47165B9647B215CEEB4DB33B87 ] pctEFA C:\Windows\system32\drivers\pctEFA.sys
19:41:15.0657 4064 pctEFA - ok
19:41:15.0728 4064 [ 5023AE80272B38E6A13C6A27B86C5A34 ] PCTFW-PacketFilter C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
19:41:15.0734 4064 PCTFW-PacketFilter - ok
19:41:15.0808 4064 [ AE500FF14A222636CD10D346C37A52C4 ] pctgntdi C:\WINDOWS\System32\drivers\pctgntdi.sys
19:41:15.0814 4064 pctgntdi - ok
19:41:15.0854 4064 [ B23D633B0ED77E2341EC0BDF9FF85C8D ] pctNdisLW C:\Windows\system32\DRIVERS\pctNdisLW.sys
19:41:15.0857 4064 pctNdisLW - ok
19:41:16.0043 4064 [ 95CF7B984101DC96446889ACFD9E7CD6 ] pctplfw C:\WINDOWS\System32\drivers\pctplfw.sys
19:41:16.0067 4064 pctplfw - ok
19:41:16.0119 4064 [ 2E1A727C2B68ED6D4B0CAF6E7565AE50 ] pctplsg C:\WINDOWS\System32\drivers\pctplsg.sys
19:41:16.0139 4064 pctplsg - ok
19:41:16.0177 4064 [ 53CE0E9078360553FAB0BFFF1C1ECF4F ] pctplsm C:\WINDOWS\System32\drivers\pctplsm.sys
19:41:16.0180 4064 pctplsm - ok
19:41:16.0236 4064 [ 9A073A09F22C63247964B946F04CB8A4 ] PCTSD C:\Windows\system32\Drivers\PCTSD.sys
19:41:16.0255 4064 PCTSD - ok
19:41:16.0682 4064 [ 8C961BFBB8299457ABA0074B380AA1C0 ] PDAgent C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
19:41:16.0702 4064 PDAgent - ok
19:41:16.0879 4064 [ 4FEE2CC07B7E21260F989E165AE740E5 ] PDEngine C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
19:41:16.0903 4064 PDEngine - ok
19:41:16.0970 4064 [ 40C611622882C3FCAFEB845C1E12A10F ] PDFSFilter C:\Windows\system32\DRIVERS\PDFsFilter.sys
19:41:16.0986 4064 PDFSFilter - ok
19:41:17.0032 4064 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:41:17.0052 4064 PEAUTH - ok
19:41:17.0503 4064 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:41:17.0531 4064 pla - ok
19:41:17.0577 4064 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:41:17.0598 4064 PlugPlay - ok
19:41:17.0640 4064 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:41:17.0642 4064 Pml Driver HPZ12 - ok
19:41:17.0670 4064 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:41:17.0676 4064 PNRPAutoReg - ok
19:41:17.0711 4064 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:41:17.0717 4064 PNRPsvc - ok
19:41:17.0778 4064 [ 60A044879C4FA76314494F5FDDC43B93 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
19:41:17.0795 4064 Point32 - ok
19:41:17.0836 4064 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:41:17.0843 4064 PolicyAgent - ok
19:41:17.0877 4064 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:41:17.0900 4064 PptpMiniport - ok
19:41:17.0938 4064 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
19:41:17.0940 4064 Processor - ok
19:41:17.0967 4064 PROCEXP151 - ok
19:41:17.0989 4064 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:41:17.0994 4064 ProfSvc - ok
19:41:18.0011 4064 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:41:18.0013 4064 ProtectedStorage - ok
19:41:18.0066 4064 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
19:41:18.0081 4064 Ps2 - ok
19:41:18.0117 4064 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:41:18.0119 4064 PSched - ok
19:41:18.0130 4064 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
19:41:18.0132 4064 PxHelp20 - ok
19:41:18.0172 4064 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:41:18.0186 4064 ql2300 - ok
19:41:18.0208 4064 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:41:18.0211 4064 ql40xx - ok
19:41:18.0245 4064 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:41:18.0251 4064 QWAVE - ok
19:41:18.0284 4064 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:41:18.0286 4064 QWAVEdrv - ok
19:41:18.0319 4064 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:41:18.0321 4064 RasAcd - ok
19:41:18.0354 4064 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:41:18.0358 4064 RasAuto - ok
19:41:18.0389 4064 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:41:18.0407 4064 Rasl2tp - ok
19:41:18.0450 4064 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:41:18.0457 4064 RasMan - ok
19:41:18.0495 4064 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:41:18.0497 4064 RasPppoe - ok
19:41:18.0531 4064 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:41:18.0551 4064 RasSstp - ok
19:41:18.0605 4064 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:41:18.0610 4064 rdbss - ok
19:41:18.0651 4064 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:41:18.0670 4064 RDPCDD - ok
19:41:18.0715 4064 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:41:18.0720 4064 rdpdr - ok
19:41:18.0727 4064 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:41:18.0729 4064 RDPENCDD - ok
19:41:18.0765 4064 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:41:18.0770 4064 RDPWD - ok
19:41:18.0800 4064 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:41:18.0804 4064 RemoteAccess - ok
19:41:18.0842 4064 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:41:18.0846 4064 RemoteRegistry - ok
19:41:18.0930 4064 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:41:18.0947 4064 RpcLocator - ok
19:41:18.0989 4064 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:41:19.0001 4064 RpcSs - ok
19:41:19.0088 4064 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:41:19.0109 4064 rspndr - ok
19:41:19.0139 4064 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:41:19.0143 4064 SamSs - ok
19:41:19.0216 4064 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:41:19.0228 4064 SASDIFSV - ok
19:41:19.0262 4064 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:41:19.0266 4064 SASKUTIL - ok
19:41:19.0314 4064 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:41:19.0319 4064 sbp2port - ok
19:41:19.0360 4064 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:41:19.0364 4064 SCardSvr - ok
19:41:19.0500 4064 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:41:19.0527 4064 Schedule - ok
19:41:19.0553 4064 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:41:19.0554 4064 SCPolicySvc - ok
19:41:19.0760 4064 [ AE88672774DF12BEDF76768E52D23424 ] sdAuxService C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
19:41:19.0773 4064 sdAuxService - ok
19:41:19.0972 4064 [ 5FC31ADB3B47E00349B92E57117D2C07 ] sdCoreService C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
19:41:20.0009 4064 sdCoreService - ok
19:41:20.0035 4064 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:41:20.0039 4064 SDRSVC - ok
19:41:20.0049 4064 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:41:20.0051 4064 secdrv - ok
19:41:20.0082 4064 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:41:20.0084 4064 seclogon - ok
19:41:20.0095 4064 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
19:41:20.0098 4064 SENS - ok
19:41:20.0132 4064 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:41:20.0135 4064 Serenum - ok
19:41:20.0156 4064 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:41:20.0159 4064 Serial - ok
19:41:20.0185 4064 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:41:20.0187 4064 sermouse - ok
19:41:20.0236 4064 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:41:20.0240 4064 SessionEnv - ok
19:41:20.0262 4064 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:41:20.0264 4064 sffdisk - ok
19:41:20.0288 4064 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:41:20.0290 4064 sffp_mmc - ok
19:41:20.0312 4064 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:41:20.0314 4064 sffp_sd - ok
19:41:20.0324 4064 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:41:20.0326 4064 sfloppy - ok
19:41:20.0350 4064 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:41:20.0356 4064 SharedAccess - ok
19:41:20.0403 4064 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:41:20.0409 4064 ShellHWDetection - ok
19:41:20.0427 4064 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:41:20.0429 4064 sisagp - ok
19:41:20.0449 4064 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:41:20.0451 4064 SiSRaid2 - ok
19:41:20.0466 4064 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:41:20.0469 4064 SiSRaid4 - ok
19:41:20.0550 4064 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:41:20.0566 4064 SkypeUpdate - ok
19:41:20.0676 4064 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:41:20.0736 4064 slsvc - ok
19:41:20.0802 4064 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:41:20.0807 4064 SLUINotify - ok
19:41:20.0842 4064 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:41:20.0845 4064 Smb - ok
19:41:20.0885 4064 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:41:20.0889 4064 SNMPTRAP - ok
19:41:20.0923 4064 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:41:20.0941 4064 spldr - ok
19:41:20.0982 4064 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:41:20.0987 4064 Spooler - ok
19:41:21.0067 4064 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:41:21.0089 4064 srv - ok
19:41:21.0126 4064 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:41:21.0130 4064 srv2 - ok
19:41:21.0146 4064 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:41:21.0150 4064 srvnet - ok
19:41:21.0171 4064 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:41:21.0177 4064 SSDPSRV - ok
19:41:21.0205 4064 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:41:21.0210 4064 SstpSvc - ok
19:41:21.0230 4064 Steam Client Service - ok
19:41:21.0345 4064 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:41:21.0360 4064 Stereo Service - ok
19:41:21.0402 4064 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:41:21.0412 4064 stisvc - ok
19:41:21.0423 4064 stllssvr - ok
19:41:21.0444 4064 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:41:21.0446 4064 swenum - ok
19:41:21.0480 4064 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:41:21.0488 4064 swprv - ok
19:41:21.0527 4064 [ 86083B04DC2B90397F4B47ADD6EAA407 ] sxuptp C:\Windows\system32\DRIVERS\sxuptp.sys
19:41:21.0533 4064 sxuptp - ok
19:41:21.0569 4064 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:41:21.0572 4064 Symc8xx - ok
19:41:21.0596 4064 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:41:21.0598 4064 Sym_hi - ok
19:41:21.0617 4064 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:41:21.0619 4064 Sym_u3 - ok
19:41:21.0749 4064 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:41:21.0788 4064 SysMain - ok
19:41:21.0827 4064 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:41:21.0834 4064 TabletInputService - ok
19:41:21.0871 4064 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:41:21.0877 4064 TapiSrv - ok
19:41:21.0910 4064 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:41:21.0933 4064 TBS - ok
19:41:22.0024 4064 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:41:22.0047 4064 Tcpip - ok
19:41:22.0069 4064 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:41:22.0077 4064 Tcpip6 - ok
19:41:22.0158 4064 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:41:22.0182 4064 tcpipreg - ok
19:41:22.0219 4064 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:41:22.0221 4064 TDPIPE - ok
19:41:22.0234 4064 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:41:22.0237 4064 TDTCP - ok
19:41:22.0265 4064 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:41:22.0269 4064 tdx - ok
19:41:22.0281 4064 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:41:22.0284 4064 TermDD - ok
19:41:22.0321 4064 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:41:22.0331 4064 TermService - ok
19:41:22.0360 4064 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:41:22.0365 4064 Themes - ok
19:41:22.0383 4064 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:41:22.0386 4064 THREADORDER - ok
19:41:22.0457 4064 [ A1124EBC672AA3AE1B327096C1DCC346 ] TIEHDUSB C:\Windows\system32\drivers\tiehdusb.sys
19:41:22.0480 4064 TIEHDUSB - ok
19:41:22.0509 4064 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:41:22.0513 4064 TrkWks - ok
19:41:22.0591 4064 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:41:22.0612 4064 TrustedInstaller - ok
19:41:22.0650 4064 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:41:22.0654 4064 tssecsrv - ok
19:41:22.0688 4064 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:41:22.0691 4064 tunmp - ok
19:41:22.0732 4064 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:41:22.0735 4064 tunnel - ok
19:41:22.0769 4064 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:41:22.0783 4064 uagp35 - ok
19:41:22.0856 4064 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:41:22.0861 4064 udfs - ok
19:41:22.0927 4064 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:41:22.0931 4064 UI0Detect - ok
19:41:22.0953 4064 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:41:22.0955 4064 uliagpkx - ok
19:41:22.0979 4064 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:41:22.0985 4064 uliahci - ok
19:41:23.0004 4064 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:41:23.0007 4064 UlSata - ok
19:41:23.0027 4064 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:41:23.0031 4064 ulsata2 - ok
19:41:23.0064 4064 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:41:23.0079 4064 umbus - ok
19:41:23.0340 4064 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
19:41:23.0344 4064 UMVPFSrv - ok
19:41:23.0454 4064 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:41:23.0477 4064 upnphost - ok
19:41:23.0517 4064 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:41:23.0520 4064 USBAAPL - ok
19:41:23.0556 4064 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:41:23.0559 4064 usbaudio - ok
19:41:23.0595 4064 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:41:23.0598 4064 usbccgp - ok
19:41:23.0641 4064 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:41:23.0663 4064 usbcir - ok
19:41:23.0716 4064 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:41:23.0733 4064 usbehci - ok
19:41:23.0778 4064 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:41:23.0782 4064 usbhub - ok
19:41:23.0795 4064 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:41:23.0797 4064 usbohci - ok
19:41:23.0831 4064 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:41:23.0833 4064 usbprint - ok
19:41:23.0877 4064 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:41:23.0879 4064 usbscan - ok
19:41:23.0899 4064 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:41:23.0902 4064 USBSTOR - ok
19:41:23.0925 4064 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:41:23.0927 4064 usbuhci - ok
19:41:23.0953 4064 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:41:23.0957 4064 usbvideo - ok
19:41:23.0986 4064 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:41:24.0012 4064 UxSms - ok
19:41:24.0062 4064 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:41:24.0089 4064 vds - ok
19:41:24.0123 4064 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:41:24.0126 4064 vga - ok
19:41:24.0168 4064 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:41:24.0170 4064 VgaSave - ok
19:41:24.0193 4064 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:41:24.0195 4064 viaagp - ok
19:41:24.0212 4064 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:41:24.0214 4064 ViaC7 - ok
19:41:24.0240 4064 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
19:41:24.0242 4064 viaide - ok
19:41:24.0263 4064 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:41:24.0266 4064 volmgr - ok
19:41:24.0362 4064 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:41:24.0370 4064 volmgrx - ok
19:41:24.0476 4064 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:41:24.0479 4064 volsnap - ok
19:41:24.0547 4064 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:41:24.0571 4064 vsmraid - ok
19:41:24.0629 4064 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:41:24.0654 4064 VSS - ok
19:41:24.0700 4064 [ C466021D31FF6C0A6069D12299D80C0B ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
19:41:24.0713 4064 VSTHWBS2 - ok
19:41:24.0767 4064 [ EC36F1D542ED4252390D446BF6D4DFD0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:41:24.0779 4064 VST_DPV - ok
19:41:24.0874 4064 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:41:24.0908 4064 W32Time - ok
19:41:24.0956 4064 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:41:24.0986 4064 WacomPen - ok
19:41:25.0028 4064 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:41:25.0030 4064 Wanarp - ok
19:41:25.0036 4064 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:41:25.0037 4064 Wanarpv6 - ok
19:41:25.0064 4064 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:41:25.0072 4064 wcncsvc - ok
19:41:25.0105 4064 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:41:25.0108 4064 WcsPlugInService - ok
19:41:25.0134 4064 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
19:41:25.0136 4064 Wd - ok
19:41:25.0290 4064 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:41:25.0320 4064 Wdf01000 - ok
19:41:25.0367 4064 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:41:25.0371 4064 WdiServiceHost - ok
19:41:25.0376 4064 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:41:25.0379 4064 WdiSystemHost - ok
19:41:25.0411 4064 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:41:25.0417 4064 WebClient - ok
19:41:25.0472 4064 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:41:25.0480 4064 Wecsvc - ok
19:41:25.0521 4064 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:41:25.0525 4064 wercplsupport - ok
19:41:25.0557 4064 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:41:25.0562 4064 WerSvc - ok
19:41:25.0638 4064 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:41:25.0649 4064 winachsf - ok
19:41:25.0717 4064 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:41:25.0722 4064 WinDefend - ok
19:41:25.0741 4064 WinHttpAutoProxySvc - ok
19:41:25.0892 4064 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:41:25.0896 4064 Winmgmt - ok
19:41:25.0967 4064 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:41:25.0989 4064 WinRM - ok
19:41:26.0100 4064 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:41:26.0131 4064 Wlansvc - ok
19:41:26.0176 4064 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:41:26.0197 4064 WmiAcpi - ok
19:41:26.0247 4064 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:41:26.0276 4064 wmiApSrv - ok
19:41:26.0447 4064 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:41:26.0464 4064 WMPNetworkSvc - ok
19:41:26.0504 4064 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:41:26.0510 4064 WPCSvc - ok
19:41:26.0544 4064 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:41:26.0548 4064 WPDBusEnum - ok
19:41:26.0713 4064 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:41:26.0746 4064 WPFFontCache_v0400 - ok
19:41:26.0819 4064 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:41:26.0822 4064 ws2ifsl - ok
19:41:26.0877 4064 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
19:41:26.0903 4064 wscsvc - ok
19:41:26.0935 4064 WSearch - ok
19:41:27.0012 4064 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:41:27.0046 4064 wuauserv - ok
19:41:27.0079 4064 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:41:27.0103 4064 wudfsvc - ok
19:41:27.0156 4064 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
19:41:27.0190 4064 XAudio - ok
19:41:27.0235 4064 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
19:41:27.0243 4064 XAudioService - ok
19:41:27.0283 4064 [ EE9144207EE0211EB5656BA6808AC4A0 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
19:41:27.0286 4064 xusb21 - ok
19:41:27.0356 4064 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:41:27.0361 4064 YahooAUService - ok
19:41:27.0367 4064 ================ Scan global ===============================
19:41:27.0414 4064 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:41:27.0501 4064 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:41:27.0549 4064 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:41:27.0658 4064 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:41:27.0663 4064 [Global] - ok
19:41:27.0663 4064 ================ Scan MBR ==================================
19:41:27.0678 4064 [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk0\DR0
19:41:29.0620 4064 \Device\Harddisk0\DR0 - ok
19:41:29.0621 4064 ================ Scan VBR ==================================
19:41:29.0652 4064 [ F5305050F0BEAE021DA96C519F2FBB54 ] \Device\Harddisk0\DR0\Partition1
19:41:29.0695 4064 \Device\Harddisk0\DR0\Partition1 - ok
19:41:29.0738 4064 [ 1AEB769C6DD506FDA311528EAEEE73B7 ] \Device\Harddisk0\DR0\Partition2
19:41:29.0801 4064 \Device\Harddisk0\DR0\Partition2 - ok
19:41:29.0802 4064 ============================================================
19:41:29.0802 4064 Scan finished
19:41:29.0802 4064 ============================================================
19:41:29.0815 4428 Detected object count: 0
19:41:29.0815 4428 Actual detected object count: 0




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-06 19:42:55
-----------------------------
19:42:55.409 OS Version: Windows 6.0.6002 Service Pack 2
19:42:55.409 Number of processors: 2 586 0x4303
19:42:55.411 ComputerName: ARTINION-PC UserName: artinion
19:42:58.231 Initialize success
19:43:56.345 AVAST engine defs: 12120602
19:44:09.017 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
19:44:09.031 Disk 0 Vendor: SAMSUNG_ ZZ10 Size: 381554MB BusType: 6
19:44:09.055 Disk 0 MBR read successfully
19:44:09.063 Disk 0 MBR scan
19:44:09.075 Disk 0 unknown MBR code
19:44:09.084 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 372554 MB offset 63
19:44:09.124 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8997 MB offset 762991110
19:44:09.153 Disk 0 scanning sectors +781417665
19:44:09.302 Disk 0 scanning C:\Windows\system32\drivers
19:44:34.934 Service scanning
19:45:05.762 Modules scanning
19:45:10.247 Module: C:\Windows\system32\drivers\dhahelper.sys **SUSPICIOUS**
19:45:12.113 Disk 0 trace - called modules:
19:45:12.175 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll storport.sys nvstor32.sys
19:45:12.188 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87487170]
19:45:12.204 3 CLASSPNP.SYS[8bba98b3] -> nt!IofCallDriver -> [0x87487970]
19:45:12.222 5 PCTCore.sys[8b423efb] -> nt!IofCallDriver -> [0x85b8de00]
19:45:12.240 7 acpi.sys[8b20e6bc] -> nt!IofCallDriver -> \Device\0000005f[0x85b781c8]
19:45:13.206 AVAST engine scan C:\Windows
19:45:17.370 AVAST engine scan C:\Windows\system32
19:50:09.747 AVAST engine scan C:\Windows\system32\drivers
19:50:30.355 AVAST engine scan C:\Users\artinion
20:09:16.281 AVAST engine scan C:\ProgramData
20:12:41.218 Scan finished successfully
20:13:10.541 Disk 0 MBR has been saved successfully to "C:\Users\artinion\Desktop\MBR.dat"
20:13:10.561 The log file has been saved successfully to "C:\Users\artinion\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 06 December 2012 - 10:40 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 artinion

artinion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 06 December 2012 - 11:12 PM

OTL logfile created on: 12/6/2012 10:01:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\artinion\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 32.41% Memory free
6.19 Gb Paging File | 3.92 Gb Available in Paging File | 63.35% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.82 Gb Total Space | 22.34 Gb Free Space | 6.14% Space Free | Partition Type: NTFS
Drive D: | 8.79 Gb Total Space | 1.00 Gb Free Space | 11.43% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 17.69 Gb Free Space | 3.80% Space Free | Partition Type: NTFS

Computer Name: ARTINION-PC | User Name: artinion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\artinion\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
MOD - C:\Program Files\Norton 360\Engine\20.2.0.19\wincfi39.dll ()
MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()


========== Services (SafeList) ==========

SRV - (stllssvr) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sdCoreService) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\20.2.0.19\ccSvcHst.exe (Symantec Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (PDAgent) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (Raxco Software, Inc.)
SRV - (PDEngine) -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (Raxco Software, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
SRV - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (PROCEXP151) -- C:\Windows\system32\Drivers\PROCEXP151.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\artinion\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswMBR) -- C:\Users\artinion\AppData\Local\Temp\aswMBR.sys File not found
DRV - (SymEvent) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20121205.001\IDSvix86.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20121206.009\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilDrv11220) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20121206.009\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20121130.005\BHDrvx86.sys (Symantec Corporation)
DRV - (pctplfw) -- C:\WINDOWS\System32\drivers\pctplfw.sys (PC Tools)
DRV - (pctNdisLW) -- C:\WINDOWS\System32\drivers\pctNdisLW.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctplsm) -- C:\WINDOWS\System32\drivers\pctplsm.sys (PC Tools)
DRV - (pctplsg) -- C:\WINDOWS\System32\drivers\pctplsg.sys (PC Tools)
DRV - (PCTSD) -- C:\WINDOWS\System32\drivers\PCTSD.sys (PC Tools)
DRV - (pctgntdi) -- C:\WINDOWS\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTCore) -- C:\WINDOWS\System32\drivers\PCTCore.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\drivers\N360\1402000.013\srtsp.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\System32\drivers\N360\1402000.013\SymEFA.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\System32\drivers\N360\1402000.013\SymDS.sys (Symantec Corporation)
DRV - (ccSet_N360) -- C:\WINDOWS\System32\drivers\N360\1402000.013\ccSetx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\WINDOWS\System32\drivers\N360\1402000.013\symtdiv.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\System32\drivers\N360\1402000.013\Ironx86.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\System32\drivers\N360\1402000.013\srtspx.sys (Symantec Corporation)
DRV - (PDFSFilter) -- C:\WINDOWS\System32\drivers\PDFsFilter.sys (Raxco Software, Inc.)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (pctEFA) -- C:\WINDOWS\System32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\WINDOWS\System32\drivers\pctDS.sys (PC Tools)
DRV - (LVUVC) -- C:\WINDOWS\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\WINDOWS\System32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (DefragFS) -- C:\Windows\System32\drivers\DefragFs.sys (Raxco Software, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (DhaHelper) -- C:\WINDOWS\System32\drivers\dhahelper.sys (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>)
DRV - (cpuz135) -- C:\WINDOWS\System32\drivers\cpuz135_x32.sys (CPUID)
DRV - (MotioninJoyXFilter) -- C:\WINDOWS\System32\drivers\MijXfilt.sys (MotioninJoy)
DRV - (LGVirHid) -- C:\WINDOWS\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\WINDOWS\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (libusb0) -- C:\WINDOWS\System32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (sxuptp) -- C:\WINDOWS\System32\drivers\sxuptp.sys (silex technology, Inc.)
DRV - (hcw18bda) -- C:\WINDOWS\System32\drivers\hcw18bda.sys (Hauppauge Computer Works, Inc)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (VSTHWBS2) -- C:\WINDOWS\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (TIEHDUSB) -- C:\WINDOWS\System32\drivers\tiehdusb.sys (Texas Instruments Incorporated)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{084E0606-95BC-4A4F-A87D-D812F1E2C44F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{E1016ECE-A6D5-42F8-AAC8-FD42577B826C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{F0D2596B-3C8F-482F-96DD-C47C8D0BC3A9}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
IE - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\..\SearchScopes\{F0D2596B-3C8F-482F-96DD-C47C8D0BC3A9}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: 2d3VuWrG6JHBXbQdbr%403BmSnQL.com:11
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/28 17:12:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/29 12:32:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom15.xpi [2012/03/31 10:39:28 | 000,102,423 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/28 17:12:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/28 17:12:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/12/06 20:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2012/12/06 20:20:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 04:21:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/05 04:20:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/05 04:21:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/05 04:20:53 | 000,000,000 | ---D | M]

[2012/11/27 14:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\artinion\AppData\Roaming\Mozilla\Extensions
[2012/07/27 09:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/11/27 14:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\extensions
[2012/11/23 04:25:40 | 000,003,693 | ---- | M] () (No name found) -- C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\extensions\2d3VuWrG6JHBXbQdbr@3BmSnQL.com.xpi
[2012/09/05 13:35:51 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/11/03 21:01:50 | 000,001,100 | ---- | M] () -- C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\searchplugins\internethelper15-customized-web-search.xml
[2012/12/05 21:36:32 | 000,002,531 | ---- | M] () -- C:\Users\artinion\AppData\Roaming\Mozilla\Firefox\Profiles\1fss8ocu.default\searchplugins\safesearch.xml
[2012/12/05 04:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/05 04:20:52 | 000,000,000 | ---D | M] (SmartWhois Launcher) -- C:\Program Files\Mozilla Firefox\extensions\{45925a5c-e3de-447f-bed2-ded87acae111}
[2012/11/28 17:12:16 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/12/05 04:21:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/01 07:55:09 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/29 14:09:45 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 18:11:22 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=384&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=3552252053304101&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: InternetHelper1.5 = C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Norton Identity Protection = C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: FBPHOTOZOOM = C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/12/06 15:37:16 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.2.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.2.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18D1E36D-8CA7-462E-8E09-D263D98D5D78}: DhcpNameServer = 192.168.1.1 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/05/17 06:50:09 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/06 21:59:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\artinion\Desktop\OTL.exe
[2012/12/06 20:19:20 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/12/06 20:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2012/12/06 20:18:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2012/12/06 20:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2012/12/06 19:39:19 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\artinion\Desktop\tdsskiller.exe
[2012/12/06 15:39:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/06 15:39:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/06 15:23:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/12/05 22:11:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/05 22:11:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/05 22:11:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/05 22:10:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/05 22:09:27 | 005,009,321 | R--- | C] (Swearware) -- C:\Users\artinion\Desktop\ComboFix.exe
[2012/12/05 21:36:27 | 000,000,000 | ---D | C] -- C:\Users\artinion\Desktop\RK_Quarantine
[2012/12/05 08:31:20 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\artinion\Desktop\dds.com
[2012/12/05 04:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/04 13:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/04 13:36:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/04 13:34:48 | 000,000,000 | ---D | C] -- C:\Users\artinion\Desktop\backups
[2012/12/04 12:55:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\artinion\Desktop\aswMBR.exe
[2012/12/03 21:52:23 | 000,000,000 | ---D | C] -- C:\Users\artinion\AppData\Roaming\SUPERAntiSpyware.com
[2012/12/03 21:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/12/03 21:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/12/03 21:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/12/03 21:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyNoMore
[2012/11/30 21:44:28 | 000,000,000 | ---D | C] -- C:\Users\artinion\AppData\Local\temp
[2012/11/30 21:11:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/30 08:20:55 | 000,000,000 | ---D | C] -- C:\Users\artinion\AppData\Roaming\PC Tools
[2012/11/30 08:20:53 | 000,000,000 | ---D | C] -- C:\Users\artinion\AppData\Roaming\Spam Monitor
[2012/11/30 07:58:13 | 002,957,840 | ---- | C] (Symantec Corporation) -- C:\Users\artinion\Desktop\NPE.exe
[2012/11/29 22:13:03 | 000,000,000 | ---D | C] -- C:\Users\artinion\Documents\Chem Lit Speech
[2012/11/29 15:00:05 | 000,128,024 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2012/11/29 14:59:59 | 000,060,128 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdisLW.sys
[2012/11/29 14:59:56 | 000,092,608 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2012/11/29 14:59:56 | 000,033,512 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2012/11/28 14:56:54 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2012/11/28 14:56:54 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2012/11/28 14:56:52 | 000,260,760 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2012/11/28 14:56:52 | 000,178,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2012/11/28 14:56:43 | 000,019,464 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012/11/28 14:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/11/28 14:56:40 | 000,071,752 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2012/11/28 14:56:40 | 000,068,272 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsm.sys
[2012/11/28 14:45:49 | 000,368,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2012/11/28 14:45:49 | 000,163,288 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2012/11/27 19:41:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2012/11/27 19:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2012/11/27 19:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/11/27 17:12:03 | 000,000,000 | ---D | C] -- C:\Users\artinion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/11/27 13:11:54 | 000,000,000 | ---D | C] -- C:\Users\artinion\AppData\Local\Torch
[2012/11/17 06:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/16 03:02:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/16 03:02:51 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/16 03:02:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/16 03:02:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/16 03:02:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/16 03:02:50 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/16 03:02:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/16 03:02:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/13 23:22:02 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/13 23:21:48 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/05/05 20:18:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\artinion\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/12/06 21:59:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\artinion\Desktop\OTL.exe
[2012/12/06 21:52:09 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/06 21:52:05 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task cd92519c-35c1-4dd7-bf95-51c183717058.job
[2012/12/06 21:40:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/06 21:21:12 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 21:21:12 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/06 21:03:01 | 000,013,946 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\VT20121114.016
[2012/12/06 20:20:07 | 002,213,788 | ---- | M] () -- C:\Windows\System32\drivers\N360\1402000.013\Cat.DB
[2012/12/06 20:19:20 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2012/12/06 20:19:20 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/12/06 20:19:20 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/12/06 20:19:14 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/12/06 20:17:35 | 000,000,836 | ---- | M] () -- C:\Users\artinion\Desktop\Norton Installation Files.lnk
[2012/12/06 20:13:10 | 000,000,512 | ---- | M] () -- C:\Users\artinion\Desktop\MBR.dat
[2012/12/06 19:39:20 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\artinion\Desktop\tdsskiller.exe
[2012/12/06 15:37:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/06 15:21:30 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/06 15:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/06 13:24:27 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for artinion.job
[2012/12/06 02:00:00 | 000,000,516 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4f9e9eb1-75e7-42c8-a0d7-6024628e8c73.job
[2012/12/05 22:09:34 | 005,009,321 | R--- | M] (Swearware) -- C:\Users\artinion\Desktop\ComboFix.exe
[2012/12/05 21:31:56 | 000,752,128 | ---- | M] () -- C:\Users\artinion\Desktop\RogueKiller.exe
[2012/12/05 21:23:25 | 001,673,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/05 21:14:59 | 000,540,743 | ---- | M] () -- C:\Users\artinion\Desktop\adwcleaner.exe
[2012/12/05 21:12:13 | 000,002,708 | ---- | M] () -- C:\Users\artinion\AppData\Local\d3d9caps.dat
[2012/12/05 21:11:32 | 000,856,731 | ---- | M] () -- C:\Users\artinion\Desktop\SecurityCheck.exe
[2012/12/05 12:45:33 | 000,039,424 | ---- | M] () -- C:\Users\artinion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/05 08:31:20 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\artinion\Desktop\dds.com
[2012/12/04 13:36:40 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/04 12:55:32 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\artinion\Desktop\aswMBR.exe
[2012/12/03 22:33:40 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/03 21:52:17 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/02 15:50:37 | 000,018,250 | ---- | M] () -- C:\Users\artinion\Vaccine.jpg
[2012/11/30 08:07:43 | 002,235,942 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/11/30 08:07:43 | 002,216,270 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604000.009\Cat.DB
[2012/11/30 07:58:14 | 002,957,840 | ---- | M] (Symantec Corporation) -- C:\Users\artinion\Desktop\NPE.exe
[2012/11/29 21:04:28 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/29 15:00:05 | 000,128,024 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2012/11/29 14:59:59 | 000,060,128 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctNdisLW.sys
[2012/11/29 14:59:56 | 000,092,608 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2012/11/29 14:59:56 | 000,033,512 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2012/11/29 13:50:50 | 000,003,528 | ---- | M] () -- C:\{2552858D-6DFC-4243-B601-3265DD12346D}
[2012/11/29 13:45:33 | 000,003,616 | ---- | M] () -- C:\{63ED2A87-F552-42A2-816A-ADCA17DB07FF}
[2012/11/29 08:58:13 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/11/27 19:41:34 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/11/27 19:41:19 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2012/11/27 17:12:03 | 000,000,318 | ---- | M] () -- C:\Users\artinion\Desktop\Curse Client.appref-ms
[2012/11/25 23:19:58 | 000,000,940 | ---- | M] () -- C:\Users\artinion\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/11/25 23:04:24 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/17 06:59:28 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/16 08:13:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/16 08:13:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/16 03:15:29 | 000,613,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/16 03:15:29 | 000,108,044 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/15 22:27:07 | 000,013,946 | ---- | M] () -- C:\Windows\System32\drivers\N360\0604000.009\VT20121114.016
[2012/11/15 22:18:54 | 000,012,125 | ---- | M] () -- C:\Users\artinion\Documents\heystud_4200592.jpg

========== Files Created - No Company Name ==========

[2012/12/06 20:19:20 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2012/12/06 20:19:20 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2012/12/06 20:19:14 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/12/06 20:17:34 | 000,000,836 | ---- | C] () -- C:\Users\artinion\Desktop\Norton Installation Files.lnk
[2012/12/06 20:13:10 | 000,000,512 | ---- | C] () -- C:\Users\artinion\Desktop\MBR.dat
[2012/12/05 22:11:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/05 22:11:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/05 22:11:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/05 22:11:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/05 22:11:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/05 21:31:54 | 000,752,128 | ---- | C] () -- C:\Users\artinion\Desktop\RogueKiller.exe
[2012/12/05 21:14:54 | 000,540,743 | ---- | C] () -- C:\Users\artinion\Desktop\adwcleaner.exe
[2012/12/05 21:11:23 | 000,856,731 | ---- | C] () -- C:\Users\artinion\Desktop\SecurityCheck.exe
[2012/12/04 13:36:40 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/03 21:52:37 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task cd92519c-35c1-4dd7-bf95-51c183717058.job
[2012/12/03 21:52:36 | 000,000,516 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 4f9e9eb1-75e7-42c8-a0d7-6024628e8c73.job
[2012/12/03 21:52:17 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/12/02 15:50:36 | 000,018,250 | ---- | C] () -- C:\Users\artinion\Vaccine.jpg
[2012/11/29 13:50:41 | 000,003,528 | ---- | C] () -- C:\{2552858D-6DFC-4243-B601-3265DD12346D}
[2012/11/29 13:45:33 | 000,003,616 | ---- | C] () -- C:\{63ED2A87-F552-42A2-816A-ADCA17DB07FF}
[2012/11/29 08:58:13 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2012/11/27 19:41:18 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\Ventrilo.lnk
[2012/11/27 19:40:53 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/11/25 22:25:12 | 000,000,946 | ---- | C] () -- C:\Users\artinion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/11/15 22:18:52 | 000,012,125 | ---- | C] () -- C:\Users\artinion\Documents\heystud_4200592.jpg
[2012/08/22 01:40:48 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/08/22 01:40:48 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/08/22 01:40:48 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2012/08/22 01:40:45 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/08/07 12:06:40 | 000,001,940 | ---- | C] () -- C:\Users\artinion\PerfectDisk 12.5.lnk
[2012/07/23 09:28:54 | 000,000,104 | ---- | C] () -- C:\Users\artinion\Computer - Shortcut.lnk
[2012/06/07 10:30:14 | 000,148,961 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/06/07 10:22:53 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/05/10 21:47:38 | 000,000,016 | ---- | C] () -- C:\ProgramData\obtf504
[2012/03/31 10:15:38 | 000,067,584 | ---- | C] () -- C:\Windows\System32\avcore.dll
[2012/01/18 00:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 00:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 00:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/11/17 09:49:08 | 000,000,096 | ---- | C] () -- C:\Users\artinion\AppData\Local\fusioncache.dat
[2011/11/16 19:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/10/20 09:37:34 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/09/26 10:08:34 | 000,000,060 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/09/26 10:08:33 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2011/08/12 11:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/30 21:00:36 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/05/18 17:23:48 | 000,001,940 | ---- | C] () -- C:\Users\artinion\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/05 20:18:27 | 000,007,887 | ---- | C] () -- C:\Users\artinion\AppData\Roaming\pcouffin.cat
[2011/05/05 20:18:27 | 000,001,144 | ---- | C] () -- C:\Users\artinion\AppData\Roaming\pcouffin.inf
[2011/04/17 21:28:07 | 000,001,025 | ---- | C] () -- C:\Windows\System32\ou2kog6.dll
[2011/04/17 21:28:07 | 000,000,204 | ---- | C] () -- C:\Windows\System32\mfmuw5n.dll
[2011/04/17 21:28:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2011/04/17 21:28:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2011/04/17 21:28:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2011/04/17 21:28:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2011/04/17 21:28:06 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2011/04/17 21:28:06 | 000,000,072 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2011/04/17 21:28:06 | 000,000,016 | ---- | C] () -- C:\Windows\System32\vd23d61.dll
[2010/12/09 08:10:34 | 000,148,882 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2010/12/09 08:10:34 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2010/06/19 22:11:00 | 000,000,818 | ---- | C] () -- C:\Users\artinion\AppData\Roaming\wklnhst.dat
[2010/02/25 18:20:16 | 000,000,552 | ---- | C] () -- C:\Users\artinion\AppData\Local\d3d8caps.dat
[2010/02/25 18:11:43 | 000,039,424 | ---- | C] () -- C:\Users\artinion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 05:42:13 | 000,002,708 | ---- | C] () -- C:\Users\artinion\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 06:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5830277B
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 12 bytes -> C:\Users\artinion\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 07 December 2012 - 11:19 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
    O3 - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5830277B
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 12 bytes -> C:\Users\artinion\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}  
    IE - HKLM\..\SearchScopes\{E1016ECE-A6D5-42F8-AAC8-FD42577B826C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-2394963718-1737706593-3200010221-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
    :Files
    C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 artinion

artinion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 07 December 2012 - 02:53 PM

I still have the redirect problem when I click on link and etc. As of the time I have post this I have yet to see the ad in the bottom corner but occasionally it takes it a while before it starts appearing everywhere.



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2394963718-1737706593-3200010221-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:5830277B deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\Users\artinion\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1016ECE-A6D5-42F8-AAC8-FD42577B826C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1016ECE-A6D5-42F8-AAC8-FD42577B826C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2394963718-1737706593-3200010221-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
========== FILES ==========
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Session Storage folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#static.ak.crunchyroll.com folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#flash.quantserve.com folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#edge.buzzdock.com folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\SACC92KJ\macromedia.com\support\flashplayer\sys folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\SACC92KJ\macromedia.com\support\flashplayer folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\SACC92KJ\macromedia.com\support folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\SACC92KJ\macromedia.com folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\SACC92KJ folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\X6A7EKRU folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Pepper Data folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Media Cache folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_TW folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\zh_CN folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\pt_BR folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\ja folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\fr folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\es folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\en folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales\de folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\_locales folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.5_0\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.5_0\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.5_0\html folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.5_0\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.5_0 folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\_locales\en folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\_locales folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\RedirectPages folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\images\Widgets folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\images\StatusButton folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\images\SafeBrowse folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\IdentitySafe folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0 folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\_locales\en folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\_locales folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\toolbarImages folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\sl folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\lib\jquery.alerts folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\lib folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\core folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\WEATHER folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TWITTER folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\SEARCH folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\Optimizer folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa\404 folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\wa folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\menu\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\menu\img folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\menu\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\menu folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\gf\img folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\gf\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\gf folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui\dlg folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ui folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\searchProtector\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\searchProtector folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\options\js\resources folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\options\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\options\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\options\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\options folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\myStuffDialogs folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\features\js\resources folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\features\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\features folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\api folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ac\res folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ac\img folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ac\css folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\ac folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\aboutBox\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\aboutBox\images folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al\aboutBox folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb\al folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\tb folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\plugins folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\js\toolbarAPI folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\js\tabs\back folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\js\tabs folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\js\popup folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\js\options folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\js\lib folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0\js folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek\10.11.21.5_0 folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkbmedckhcibhkdhaokebnllokeokek folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extensions folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Extension State folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\databases folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully.
C:\Users\artinion\AppData\Local\Google\Chrome\User Data\Default folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\artinion\Desktop\cmd.bat deleted successfully.
C:\Users\artinion\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: artinion
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 56994 bytes

User: All Users

User: artinion
->Flash cache emptied: 19391 bytes

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 56502 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12072012_134624

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 07 December 2012 - 02:57 PM

restart the computer and let me know which browser this happens in



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 artinion

artinion
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:59 AM

Posted 07 December 2012 - 03:21 PM

I restarted and i still have the same issue and I primarily use the Firefox web browser

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:59 AM

Posted 07 December 2012 - 09:24 PM

Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users