Jump to content

I'm Infected With A Search Re-Direct Malware


spartan
 Share

Recommended Posts

Hello:

I am infected with a search re-direct malware that I have been unable to get rid of after Malwarebytes and Norton Internet Security scans. Below are the DDS.txt. and Attch.txt scans. I await your instructions. Thank you in advance for your kind assistance.

DDS (Ver_2012-11-07.01) - NTFS_x86

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2

Run by Russ at 12:02:02 on 2012-11-18

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.585 [GMT -8:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\agrsmsvc.exe

C:\Windows\system32\atashost.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Windows\system32\o2flash.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RtHDVCpl.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Logitech\Vid HD\Vid.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

C:\Users\Russ\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Apoint2K\Apntex.exe

C:\Users\Russ\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uWindow Title = Windows Internet Explorer provided by Yahoo!

uSearch Page = hxxp://www.google.com

uProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\norton internet security\engine\19.9.0.9\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\norton internet security\engine\19.9.0.9\ips\ipsbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\norton internet security\engine\19.9.0.9\coieplg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode

uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN221AR28D05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [Akamai NetSession Interface] "c:\users\russ\appdata\local\akamai\netsession_win.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [indicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe

mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe

mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe

mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe

mRun: [sSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe

mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"

mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\updatenv.exe

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\russ\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Trusted Zone: realist.com

Trusted Zone: sandicor.com

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab

DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - hxxp://www.parallelgraphics.com/l2/bin/cortvrml.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://etradeevents.webex.com/client/T27L/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://mls.realist.com/mapviewer/mapviewer.cab

TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{1A869D51-1787-4766-9AB5-9F141C0CCE25} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{FCD03BA8-033B-4E14-A063-536F5CD40842} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: ccc-core-static - msiexec /fums {9FB9E409-423F-8B24-BF0D-1172F67EFA2F} /qb

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\russ\appdata\roaming\mozilla\firefox\profiles\z8uojzrp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\users\russ\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll

FF - component: c:\users\russ\appdata\roaming\mozilla\firefox\profiles\z8uojzrp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\users\russ\appdata\roaming\mozilla\firefox\profiles\z8uojzrp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2012-09-19 20:19; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-18 05:32; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: !HIDDEN! 2011-03-23 18:25; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - ExtSQL: !HIDDEN! 2012-01-11 11:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-5-11 8960]

R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-5-11 10368]

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]

R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1309000.009\symds.sys [2012-10-1 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1309000.009\symefa.sys [2012-10-1 924320]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\bashdefs\20121106.001\BHDrvx86.sys [2012-10-23 995488]

R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1309000.009\ccsetx86.sys [2012-10-1 132768]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\ipsdefs\20121116.001\IDSvix86.sys [2012-11-18 386720]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1309000.009\ironx86.sys [2012-10-1 149624]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1309000.009\symtdiv.sys [2012-10-1 345208]

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-4-6 43904]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-2 21504]

R2 NIS;Norton Internet Security;c:\program files\norton internet security\norton internet security\engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]

R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\fjdvrupd\updnvsrv.exe [2007-1-27 11776]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-31 106656]

R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-11 5632]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2008-11-25 3872]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-11 30192]

S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2007-5-11 7680]

.

=============== Created Last 30 ================

.

2012-11-16 01:28:37 -------- d-----w- c:\users\russ\appdata\roaming\Malwarebytes

2012-11-16 01:28:13 -------- d-----w- c:\programdata\Malwarebytes

2012-11-16 01:28:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-16 01:28:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-14 14:25:09 75776 ----a-w- c:\windows\system32\synceng.dll

2012-11-14 14:24:49 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-11-03 01:08:42 -------- d-----w- c:\program files\JSS

2012-10-31 05:30:06 -------- d-s---w- c:\users\russ\Google Drive

2012-10-30 15:46:29 -------- d-----w- c:\users\russ\appdata\roaming\picpick

2012-10-30 15:43:31 -------- d-----w- c:\program files\PicPick

2012-10-27 01:22:54 -------- d-----w- c:\windows\Keyword Optimizer Pro 2

2012-10-27 01:22:53 -------- d-----w- c:\program files\KeywordOptimizerPro2

2012-10-26 23:49:26 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-26 23:42:23 -------- d-----w- c:\users\russ\appdata\local\Citrix

2012-10-26 23:42:17 102248 ----a-w- c:\users\russ\GoToAssistDownloadHelper.exe

.

==================== Find3M ====================

.

2012-11-16 13:34:06 60304 ----a-w- c:\users\russ\g2mdlhlpx.exe

2012-11-08 13:37:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-08 13:37:56 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-26 23:48:38 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-26 23:48:37 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll

.

============= FINISH: 12:03:42.23 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 8/27/2008 3:19:28 PM

System Uptime: 11/18/2012 11:23:15 AM (1 hours ago)

.

Motherboard: FUJITSU | | FJNBA03

Processor: AMD Turion 64 X2 Mobile Technology TL-60 | Onboard | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 147 GiB total, 61.164 GiB free.

D: is FIXED (NTFS) - 1 GiB total, 1.001 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0001

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #2

PNP Device ID: ROOT\*6TO4MP\0001

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0019

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #19

PNP Device ID: ROOT\*6TO4MP\0019

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0021

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #21

PNP Device ID: ROOT\*6TO4MP\0021

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0022

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #22

PNP Device ID: ROOT\*6TO4MP\0022

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0053

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #41

PNP Device ID: ROOT\*6TO4MP\0053

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0060

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #60

PNP Device ID: ROOT\*6TO4MP\0060

Service: tunnel

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7 Day Blog Profits 1.00

Adobe Acrobat Connect Add-in

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Agere Systems HDA Modem

Akamai NetSession Interface

ALPS Touch Pad Driver

Apple Application Support

Apple Software Update

ATI Catalyst Install Manager

ATI Uninstaller

Bing Bar

Blog Profit Pro

Branding

Business Contact Manager for Outlook 2007 SP2

Camera Access Library

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera Window DC_DV 5 for ZoomBrowser EX

Canon Camera Window DC_DV 6 for ZoomBrowser EX

Canon Camera Window DSLR 5 for ZoomBrowser EX

Canon Camera Window MC 6 for ZoomBrowser EX

Canon MovieEdit Task for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities PhotoStitch 3.1

Canon ZoomBrowser EX (E)

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Crypto Tool

ErrorEND

Forex Signal Live World Market Times

Fujitsu Display Manager

Fujitsu Driver Update

Fujitsu Hotkey Utility

Fujitsu MobilityCenter Extension Utility

Fujitsu System Extension Utility

Google Chrome

Google Desktop

Google Drive

Google Quick Search Box

Google Toolbar for Firefox

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.3.0.1009

hotComm Lite®

hotComm® CL

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Officejet Pro 8600 Basic Device Software

HP Officejet Pro 8600 Help

HP Officejet Pro 8600 Product Improvement Study

HP Update

I.R.I.S. OCR

Japanese Fonts Support For Adobe Reader 8

Java 7 Update 9

Java Auto Updater

Java 6 Update 37

Keyword Optimizer Pro 2

Keyword Sweetspotter

KeywordOptimizerPro

LifeBook Application Panel

LiveUpdate 3.2 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

Logitech Vid HD

Logitech Webcam Software

Logitech Webcam Software Driver Package

MakeDisc

Malwarebytes Anti-Malware version 1.65.1.1000

Market Samurai

Marketsplash Shortcuts

Micro Niche Finder 5.0

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MovieEdit Task

Mozilla Firefox 15.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Backpage Demo

Norton Internet Security

O2Micro Flash Memory Card Windows Driver

Octoshape add-in for Adobe Flash Player

OfficeSharedAddInSetup

OGA Notifier 2.0.0048.0

ParetoLogic PC Health Advisor

PhotoStitch

Picasa 2

PicPick

Point2 Photo Utility

PowerDirector Express

PowerDVD

PowerProducer

PrimoPDF -- brought to you by Nitro PDF Software

Pristine Chat

QuickTime

RAW Image Task 2.2

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio Easy Media Creator Home

Search Syndicate version 1.0

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Shock Sensor Utility

Site Spy

Skins

Skype Toolbars

Skype™ 5.10

Smart PDF Converter 6.3.0.495

Spelling Dictionaries Support For Adobe Reader 8

TestDrive Client

TradeStation 8.3 (Build 1631)

TradeStation 8.4 (Build 1688)

TradeStation 8.4 (Build 1693)

TradeStation 8.5 (Build 2289)

TradeStation 8.6 (Build 2612)

TradeStation 8.6 (Build 2696)

TradeStation 8.7 (Build 3085)

TradeStation 8.8

TradeStation 9.0

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VLC media player 1.1.9

WebEx

Windows Live ID Sign-in Assistant

Xvid 1.2.1 final uninstall

Yahoo! Software Update

Yahoo! Toolbar

YTS

.

==== End Of File ===========================

Link to post
Share on other sites

Hello and welcome. Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.

icon11.gif Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.

.

Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

Here are the TDSSKiller and ComboFix Logs:

12:45:26.0494 5160 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

12:45:26.0976 5160 ============================================================

12:45:26.0976 5160 Current date / time: 2012/11/18 12:45:26.0976

12:45:26.0976 5160 SystemInfo:

12:45:26.0976 5160

12:45:26.0976 5160 OS Version: 6.0.6002 ServicePack: 2.0

12:45:26.0976 5160 Product type: Workstation

12:45:26.0976 5160 ComputerName: RUSS-PC

12:45:26.0977 5160 UserName: Russ

12:45:26.0977 5160 Windows directory: C:\Windows

12:45:26.0977 5160 System windows directory: C:\Windows

12:45:26.0977 5160 Processor architecture: Intel x86

12:45:26.0977 5160 Number of processors: 2

12:45:26.0977 5160 Page size: 0x1000

12:45:26.0977 5160 Boot type: Normal boot

12:45:26.0977 5160 ============================================================

12:45:28.0619 5160 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:45:28.0623 5160 ============================================================

12:45:28.0623 5160 \Device\Harddisk0\DR0:

12:45:28.0624 5160 MBR partitions:

12:45:28.0624 5160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x300800, BlocksNum 0x12512800

12:45:28.0624 5160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12813000, BlocksNum 0x206000

12:45:28.0624 5160 ============================================================

12:45:28.0649 5160 C: <-> \Device\Harddisk0\DR0\Partition1

12:45:28.0691 5160 D: <-> \Device\Harddisk0\DR0\Partition2

12:45:28.0691 5160 ============================================================

12:45:28.0691 5160 Initialize success

12:45:28.0691 5160 ============================================================

12:45:47.0856 0316 ============================================================

12:45:47.0856 0316 Scan started

12:45:47.0856 0316 Mode: Manual; TDLFS;

12:45:47.0856 0316 ============================================================

12:45:48.0214 0316 ================ Scan system memory ========================

12:45:48.0214 0316 System memory - ok

12:45:48.0215 0316 ================ Scan services =============================

12:45:48.0433 0316 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

12:45:48.0437 0316 ACPI - ok

12:45:48.0538 0316 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

12:45:48.0539 0316 AdobeARMservice - ok

12:45:48.0636 0316 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:45:48.0638 0316 AdobeFlashPlayerUpdateSvc - ok

12:45:48.0695 0316 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

12:45:48.0700 0316 adp94xx - ok

12:45:48.0724 0316 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys

12:45:48.0728 0316 adpahci - ok

12:45:48.0746 0316 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

12:45:48.0748 0316 adpu160m - ok

12:45:48.0771 0316 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys

12:45:48.0773 0316 adpu320 - ok

12:45:48.0835 0316 [ E341A95C1329E272782B2BAECC64316A ] ADVNTDRV C:\Windows\System32\drivers\ADVNTDRV.SYS

12:45:48.0837 0316 ADVNTDRV - ok

12:45:48.0866 0316 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:45:48.0867 0316 AeLookupSvc - ok

12:45:48.0970 0316 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

12:45:48.0974 0316 AFD - ok

12:45:49.0011 0316 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe

12:45:49.0012 0316 AgereModemAudio - ok

12:45:49.0089 0316 [ 2E3ABAACBF547ABBB5E73A504A56D05A ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

12:45:49.0103 0316 AgereSoftModem - ok

12:45:49.0135 0316 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys

12:45:49.0136 0316 agp440 - ok

12:45:49.0171 0316 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

12:45:49.0173 0316 aic78xx - ok

12:45:49.0218 0316 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

12:45:49.0219 0316 ALG - ok

12:45:49.0238 0316 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys

12:45:49.0239 0316 aliide - ok

12:45:49.0262 0316 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys

12:45:49.0263 0316 amdagp - ok

12:45:49.0288 0316 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys

12:45:49.0290 0316 amdide - ok

12:45:49.0315 0316 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

12:45:49.0316 0316 AmdK7 - ok

12:45:49.0357 0316 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

12:45:49.0359 0316 AmdK8 - ok

12:45:49.0395 0316 [ 7C2F57BCE81FA74933F0E1C84A97C9DB ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

12:45:49.0397 0316 ApfiltrService - ok

12:45:49.0492 0316 [ DFAE18C675D71FD06D57DC69D2913975 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll

12:45:49.0493 0316 AppHostSvc - ok

12:45:49.0546 0316 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

12:45:49.0547 0316 Appinfo - ok

12:45:49.0577 0316 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys

12:45:49.0578 0316 arc - ok

12:45:49.0612 0316 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys

12:45:49.0613 0316 arcsas - ok

12:45:49.0661 0316 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:45:49.0662 0316 AsyncMac - ok

12:45:49.0695 0316 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

12:45:49.0696 0316 atapi - ok

12:45:49.0736 0316 [ 21F6000DA2E094C210E79B3362BCF5F2 ] atashost C:\Windows\system32\atashost.exe

12:45:49.0739 0316 atashost - ok

12:45:49.0928 0316 [ 999EFF35B4C6D969B232BF575972F86F ] athr C:\Windows\system32\DRIVERS\athr.sys

12:45:49.0936 0316 athr - ok

12:45:50.0103 0316 [ 34572C40DD3AFD6CABD5AA2EC9D17F65 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

12:45:50.0111 0316 Ati External Event Utility - ok

12:45:50.0145 0316 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

12:45:50.0146 0316 AtiPcie - ok

12:45:50.0211 0316 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:45:50.0216 0316 AudioEndpointBuilder - ok

12:45:50.0245 0316 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

12:45:50.0249 0316 Audiosrv - ok

12:45:50.0337 0316 [ B5D974C1FD078A68C7536C561B031D39 ] Automatic LiveUpdate Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

12:45:50.0343 0316 Automatic LiveUpdate Scheduler - ok

12:45:50.0424 0316 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

12:45:50.0426 0316 BBSvc - ok

12:45:50.0475 0316 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

12:45:50.0479 0316 BBUpdate - ok

12:45:50.0557 0316 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

12:45:50.0559 0316 BcmSqlStartupSvc - ok

12:45:50.0591 0316 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

12:45:50.0591 0316 Beep - ok

12:45:50.0652 0316 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

12:45:50.0656 0316 BFE - ok

12:45:50.0802 0316 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20121106.001\BHDrvx86.sys

12:45:50.0812 0316 BHDrvx86 - ok

12:45:50.0885 0316 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll

12:45:50.0897 0316 BITS - ok

12:45:50.0906 0316 blbdrive - ok

12:45:50.0950 0316 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:45:50.0951 0316 bowser - ok

12:45:50.0992 0316 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

12:45:50.0993 0316 BrFiltLo - ok

12:45:51.0006 0316 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

12:45:51.0007 0316 BrFiltUp - ok

12:45:51.0044 0316 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

12:45:51.0045 0316 Browser - ok

12:45:51.0068 0316 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

12:45:51.0070 0316 Brserid - ok

12:45:51.0090 0316 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

12:45:51.0092 0316 BrSerWdm - ok

12:45:51.0117 0316 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

12:45:51.0118 0316 BrUsbMdm - ok

12:45:51.0134 0316 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

12:45:51.0135 0316 BrUsbSer - ok

12:45:51.0164 0316 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

12:45:51.0165 0316 BTHMODEM - ok

12:45:51.0247 0316 [ A9ACC4B9730B6D5B0BB2BFFDC53F0812 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe

12:45:51.0248 0316 CCALib8 - ok

12:45:51.0353 0316 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1309000.009\ccSetx86.sys

12:45:51.0358 0316 ccSet_NIS - ok

12:45:51.0419 0316 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:45:51.0422 0316 cdfs - ok

12:45:51.0467 0316 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

12:45:51.0469 0316 cdrom - ok

12:45:51.0522 0316 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

12:45:51.0523 0316 CertPropSvc - ok

12:45:51.0545 0316 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys

12:45:51.0546 0316 circlass - ok

12:45:51.0584 0316 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

12:45:51.0588 0316 CLFS - ok

12:45:51.0644 0316 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:45:51.0646 0316 clr_optimization_v2.0.50727_32 - ok

12:45:51.0747 0316 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:45:51.0751 0316 clr_optimization_v4.0.30319_32 - ok

12:45:51.0807 0316 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:45:51.0809 0316 CmBatt - ok

12:45:51.0839 0316 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:45:51.0842 0316 cmdide - ok

12:45:51.0867 0316 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:45:51.0868 0316 Compbatt - ok

12:45:51.0879 0316 COMSysApp - ok

12:45:51.0903 0316 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

12:45:51.0904 0316 crcdisk - ok

12:45:51.0927 0316 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys

12:45:51.0928 0316 Crusoe - ok

12:45:51.0988 0316 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:45:51.0990 0316 CryptSvc - ok

12:45:52.0053 0316 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

12:45:52.0062 0316 DcomLaunch - ok

12:45:52.0094 0316 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:45:52.0096 0316 DfsC - ok

12:45:52.0236 0316 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

12:45:52.0258 0316 DFSR - ok

12:45:52.0329 0316 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

12:45:52.0333 0316 Dhcp - ok

12:45:52.0376 0316 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

12:45:52.0377 0316 disk - ok

12:45:52.0420 0316 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:45:52.0423 0316 Dnscache - ok

12:45:52.0446 0316 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

12:45:52.0449 0316 dot3svc - ok

12:45:52.0481 0316 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

12:45:52.0484 0316 DPS - ok

12:45:52.0518 0316 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:45:52.0520 0316 drmkaud - ok

12:45:52.0582 0316 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:45:52.0588 0316 DXGKrnl - ok

12:45:52.0616 0316 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

12:45:52.0618 0316 E1G60 - ok

12:45:52.0677 0316 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

12:45:52.0679 0316 EapHost - ok

12:45:52.0717 0316 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

12:45:52.0720 0316 Ecache - ok

12:45:52.0813 0316 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

12:45:52.0818 0316 eeCtrl - ok

12:45:52.0886 0316 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

12:45:52.0890 0316 ehRecvr - ok

12:45:52.0942 0316 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

12:45:52.0944 0316 ehSched - ok

12:45:52.0981 0316 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

12:45:52.0984 0316 ehstart - ok

12:45:53.0053 0316 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys

12:45:53.0057 0316 elxstor - ok

12:45:53.0118 0316 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

12:45:53.0124 0316 EMDMgmt - ok

12:45:53.0175 0316 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:45:53.0177 0316 EraserUtilRebootDrv - ok

12:45:53.0229 0316 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

12:45:53.0232 0316 EventSystem - ok

12:45:53.0285 0316 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

12:45:53.0287 0316 exfat - ok

12:45:53.0320 0316 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:45:53.0322 0316 fastfat - ok

12:45:53.0355 0316 [ F64B86A52FB20686954703A6F7A955D5 ] FBIOSDRV C:\Windows\system32\drivers\FBIOSDRV.SYS

12:45:53.0356 0316 FBIOSDRV - ok

12:45:53.0406 0316 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

12:45:53.0407 0316 fdc - ok

12:45:53.0454 0316 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

12:45:53.0456 0316 fdPHost - ok

12:45:53.0481 0316 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

12:45:53.0483 0316 FDResPub - ok

12:45:53.0532 0316 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:45:53.0533 0316 FileInfo - ok

12:45:53.0564 0316 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:45:53.0566 0316 Filetrace - ok

12:45:53.0579 0316 [ 04895ABDFF069972EB2C56CCC31A0ABF ] FJGSDisk C:\Windows\system32\DRIVERS\FJGSDisk.sys

12:45:53.0580 0316 FJGSDisk - ok

12:45:53.0604 0316 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

12:45:53.0605 0316 flpydisk - ok

12:45:53.0648 0316 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:45:53.0650 0316 FltMgr - ok

12:45:53.0738 0316 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

12:45:53.0748 0316 FontCache - ok

12:45:53.0799 0316 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

12:45:53.0815 0316 FontCache3.0.0.0 - ok

12:45:53.0854 0316 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:45:53.0855 0316 Fs_Rec - ok

12:45:53.0898 0316 [ 49E588AC7D2B57F057756A91C6F36D25 ] FUJ02B1 C:\Windows\system32\DRIVERS\FUJ02B1.sys

12:45:53.0899 0316 FUJ02B1 - ok

12:45:53.0912 0316 [ D45474A7E5E2F35150C29A3193747884 ] FUJ02E3 C:\Windows\system32\DRIVERS\FUJ02E3.sys

12:45:53.0913 0316 FUJ02E3 - ok

12:45:53.0948 0316 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

12:45:53.0950 0316 gagp30kx - ok

12:45:54.0024 0316 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

12:45:54.0026 0316 GoogleDesktopManager-051210-111108 - ok

12:45:54.0079 0316 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

12:45:54.0086 0316 gpsvc - ok

12:45:54.0154 0316 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

12:45:54.0158 0316 gupdate - ok

12:45:54.0169 0316 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

12:45:54.0171 0316 gupdatem - ok

12:45:54.0231 0316 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

12:45:54.0237 0316 gusvc - ok

12:45:54.0290 0316 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

12:45:54.0298 0316 HdAudAddService - ok

12:45:54.0358 0316 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

12:45:54.0387 0316 HDAudBus - ok

12:45:54.0430 0316 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

12:45:54.0436 0316 HidBth - ok

12:45:54.0468 0316 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

12:45:54.0472 0316 HidIr - ok

12:45:54.0504 0316 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll

12:45:54.0507 0316 hidserv - ok

12:45:54.0526 0316 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

12:45:54.0529 0316 HidUsb - ok

12:45:54.0566 0316 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:45:54.0570 0316 hkmsvc - ok

12:45:54.0592 0316 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

12:45:54.0595 0316 HpCISSs - ok

12:45:54.0651 0316 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:45:54.0674 0316 HTTP - ok

12:45:54.0712 0316 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys

12:45:54.0715 0316 i2omp - ok

12:45:54.0755 0316 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

12:45:54.0759 0316 i8042prt - ok

12:45:54.0819 0316 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys

12:45:54.0866 0316 ialm - ok

12:45:54.0895 0316 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

12:45:54.0903 0316 iaStorV - ok

12:45:54.0997 0316 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

12:45:55.0001 0316 IDriverT - ok

12:45:55.0087 0316 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:45:55.0230 0316 idsvc - ok

12:45:55.0345 0316 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20121116.001\IDSvix86.sys

12:45:55.0368 0316 IDSVix86 - ok

12:45:55.0402 0316 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

12:45:55.0405 0316 iirsp - ok

12:45:55.0456 0316 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

12:45:55.0479 0316 IKEEXT - ok

12:45:55.0611 0316 [ 72D98DBBD14549C8F7E9C64712C45407 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

12:45:55.0689 0316 IntcAzAudAddService - ok

12:45:55.0712 0316 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys

12:45:55.0715 0316 intelide - ok

12:45:55.0735 0316 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:45:55.0739 0316 intelppm - ok

12:45:55.0776 0316 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:45:55.0781 0316 IPBusEnum - ok

12:45:55.0829 0316 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:45:55.0832 0316 IpFilterDriver - ok

12:45:55.0878 0316 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

12:45:55.0885 0316 iphlpsvc - ok

12:45:55.0897 0316 IpInIp - ok

12:45:55.0927 0316 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

12:45:55.0931 0316 IPMIDRV - ok

12:45:55.0966 0316 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

12:45:55.0971 0316 IPNAT - ok

12:45:56.0010 0316 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys

12:45:56.0014 0316 irda - ok

12:45:56.0058 0316 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:45:56.0061 0316 IRENUM - ok

12:45:56.0093 0316 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll

12:45:56.0096 0316 Irmon - ok

12:45:56.0114 0316 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:45:56.0117 0316 isapnp - ok

12:45:56.0155 0316 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

12:45:56.0160 0316 iScsiPrt - ok

12:45:56.0182 0316 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

12:45:56.0185 0316 iteatapi - ok

12:45:56.0220 0316 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

12:45:56.0223 0316 iteraid - ok

12:45:56.0268 0316 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

12:45:56.0271 0316 kbdclass - ok

12:45:56.0290 0316 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

12:45:56.0294 0316 kbdhid - ok

12:45:56.0324 0316 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

12:45:56.0326 0316 KeyIso - ok

12:45:56.0378 0316 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:45:56.0401 0316 KSecDD - ok

12:45:56.0453 0316 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

12:45:56.0477 0316 KtmRm - ok

12:45:56.0529 0316 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll

12:45:56.0535 0316 LanmanServer - ok

12:45:56.0582 0316 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:45:56.0597 0316 LanmanWorkstation - ok

12:45:56.0781 0316 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

12:45:56.0885 0316 LiveUpdate - ok

12:45:56.0896 0316 LiveUpdate Notice Ex - ok

12:45:56.0960 0316 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

12:45:56.0983 0316 LiveUpdate Notice Service - ok

12:45:57.0020 0316 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:45:57.0023 0316 lltdio - ok

12:45:57.0068 0316 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:45:57.0074 0316 lltdsvc - ok

12:45:57.0108 0316 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

12:45:57.0111 0316 lmhosts - ok

12:45:57.0143 0316 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

12:45:57.0148 0316 LSI_FC - ok

12:45:57.0166 0316 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

12:45:57.0171 0316 LSI_SAS - ok

12:45:57.0209 0316 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

12:45:57.0214 0316 LSI_SCSI - ok

12:45:57.0258 0316 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

12:45:57.0262 0316 luafv - ok

12:45:57.0324 0316 [ C57C48FB9AE3EFB9848AF594E3123A63 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys

12:45:57.0330 0316 LVPr2Mon - ok

12:45:57.0394 0316 [ 5C7B88695CE461D8BDA4FE0C0E57E71D ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

12:45:57.0398 0316 LVPrcSrv - ok

12:45:57.0442 0316 [ 37072EC9299E825F4335CC554B6FAC6A ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys

12:45:57.0449 0316 LVRS - ok

12:45:57.0885 0316 [ A240E42A7402E927A71B6E8AA4629B13 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys

12:45:58.0104 0316 LVUVC - ok

12:45:58.0140 0316 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

12:45:58.0144 0316 Mcx2Svc - ok

12:45:58.0196 0316 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys

12:45:58.0199 0316 megasas - ok

12:45:58.0220 0316 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

12:45:58.0225 0316 MMCSS - ok

12:45:58.0268 0316 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

12:45:58.0271 0316 Modem - ok

12:45:58.0315 0316 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:45:58.0319 0316 monitor - ok

12:45:58.0333 0316 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

12:45:58.0337 0316 mouclass - ok

12:45:58.0359 0316 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

12:45:58.0361 0316 mouhid - ok

12:45:58.0407 0316 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

12:45:58.0410 0316 MountMgr - ok

12:45:58.0497 0316 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

12:45:58.0501 0316 MozillaMaintenance - ok

12:45:58.0545 0316 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys

12:45:58.0549 0316 mpio - ok

12:45:58.0589 0316 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

12:45:58.0592 0316 mpsdrv - ok

12:45:58.0640 0316 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

12:45:58.0652 0316 MpsSvc - ok

12:45:58.0667 0316 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

12:45:58.0671 0316 Mraid35x - ok

12:45:58.0711 0316 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

12:45:58.0715 0316 MRxDAV - ok

12:45:58.0744 0316 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

12:45:58.0748 0316 mrxsmb - ok

12:45:58.0788 0316 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:45:58.0795 0316 mrxsmb10 - ok

12:45:58.0822 0316 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:45:58.0827 0316 mrxsmb20 - ok

12:45:58.0841 0316 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys

12:45:58.0844 0316 msahci - ok

12:45:58.0866 0316 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys

12:45:58.0871 0316 msdsm - ok

12:45:58.0911 0316 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

12:45:58.0917 0316 MSDTC - ok

12:45:58.0960 0316 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

12:45:58.0963 0316 Msfs - ok

12:45:58.0996 0316 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

12:45:58.0999 0316 msisadrv - ok

12:45:59.0026 0316 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

12:45:59.0031 0316 MSiSCSI - ok

12:45:59.0044 0316 msiserver - ok

12:45:59.0068 0316 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

12:45:59.0070 0316 MSKSSRV - ok

12:45:59.0134 0316 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

12:45:59.0136 0316 MSPCLOCK - ok

12:45:59.0170 0316 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

12:45:59.0173 0316 MSPQM - ok

12:45:59.0206 0316 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

12:45:59.0211 0316 MsRPC - ok

12:45:59.0234 0316 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

12:45:59.0237 0316 mssmbios - ok

12:45:59.0305 0316 MSSQL$MSSMLBIZ - ok

12:45:59.0357 0316 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

12:45:59.0359 0316 MSSQLServerADHelper - ok

12:45:59.0368 0316 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

12:45:59.0371 0316 MSTEE - ok

12:45:59.0418 0316 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

12:45:59.0421 0316 Mup - ok

12:45:59.0457 0316 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

12:45:59.0480 0316 napagent - ok

12:45:59.0526 0316 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

12:45:59.0532 0316 NativeWifiP - ok

12:45:59.0619 0316 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121117.005\NAVENG.SYS

12:45:59.0628 0316 NAVENG - ok

12:45:59.0762 0316 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20121117.005\NAVEX15.SYS

12:45:59.0850 0316 NAVEX15 - ok

12:45:59.0927 0316 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

12:45:59.0957 0316 NDIS - ok

12:45:59.0993 0316 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

12:46:00.0004 0316 NdisTapi - ok

12:46:00.0067 0316 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

12:46:00.0073 0316 Ndisuio - ok

12:46:00.0121 0316 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

12:46:00.0125 0316 NdisWan - ok

12:46:00.0157 0316 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

12:46:00.0160 0316 NDProxy - ok

12:46:00.0204 0316 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

12:46:00.0247 0316 NetBIOS - ok

12:46:00.0328 0316 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

12:46:00.0373 0316 netbt - ok

12:46:00.0417 0316 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

12:46:00.0420 0316 Netlogon - ok

12:46:00.0506 0316 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

12:46:00.0516 0316 Netman - ok

12:46:00.0546 0316 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:46:00.0550 0316 NetMsmqActivator - ok

12:46:00.0558 0316 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:46:00.0560 0316 NetPipeActivator - ok

12:46:00.0608 0316 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

12:46:00.0616 0316 netprofm - ok

12:46:00.0625 0316 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:46:00.0627 0316 NetTcpActivator - ok

12:46:00.0637 0316 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:46:00.0640 0316 NetTcpPortSharing - ok

12:46:00.0674 0316 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

12:46:00.0678 0316 nfrd960 - ok

12:46:00.0781 0316 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

12:46:00.0785 0316 NIS - ok

12:46:00.0811 0316 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

12:46:00.0818 0316 NlaSvc - ok

12:46:00.0849 0316 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

12:46:00.0852 0316 Npfs - ok

12:46:00.0885 0316 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

12:46:00.0889 0316 nsi - ok

12:46:00.0925 0316 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

12:46:00.0928 0316 nsiproxy - ok

12:46:01.0006 0316 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

12:46:01.0050 0316 Ntfs - ok

12:46:01.0076 0316 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

12:46:01.0079 0316 ntrigdigi - ok

12:46:01.0117 0316 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

12:46:01.0120 0316 Null - ok

12:46:01.0145 0316 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys

12:46:01.0150 0316 nvraid - ok

12:46:01.0176 0316 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys

12:46:01.0179 0316 nvstor - ok

12:46:01.0202 0316 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

12:46:01.0208 0316 nv_agp - ok

12:46:01.0221 0316 NwlnkFlt - ok

12:46:01.0231 0316 NwlnkFwd - ok

12:46:01.0262 0316 [ A7B4D345D0F160649AA7CDC37E5C1A28 ] o2flash C:\Windows\system32\o2flash.exe

12:46:01.0267 0316 o2flash - ok

12:46:01.0284 0316 [ F4AA04F7BA01D54B31F14841386CC60B ] O2MDRDR C:\Windows\system32\DRIVERS\o2media.sys

12:46:01.0287 0316 O2MDRDR - ok

12:46:01.0311 0316 [ BFD27594E1FF49DDFF3C23DAE246AD44 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sd.sys

12:46:01.0315 0316 O2SDRDR - ok

12:46:01.0425 0316 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:46:01.0447 0316 odserv - ok

12:46:01.0501 0316 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys

12:46:01.0505 0316 ohci1394 - ok

12:46:01.0547 0316 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:46:01.0551 0316 ose - ok

12:46:01.0637 0316 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

12:46:01.0659 0316 p2pimsvc - ok

12:46:01.0693 0316 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

12:46:01.0700 0316 p2psvc - ok

12:46:01.0726 0316 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys

12:46:01.0730 0316 Parport - ok

12:46:01.0766 0316 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

12:46:01.0768 0316 partmgr - ok

12:46:01.0784 0316 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys

12:46:01.0787 0316 Parvdm - ok

12:46:01.0818 0316 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

12:46:01.0823 0316 PcaSvc - ok

12:46:01.0860 0316 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

12:46:01.0866 0316 pci - ok

12:46:01.0887 0316 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

12:46:01.0889 0316 pciide - ok

12:46:01.0917 0316 [ 3BB2244F343B610C29C98035504C9B75 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

12:46:01.0924 0316 pcmcia - ok

12:46:01.0993 0316 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

12:46:02.0026 0316 PEAUTH - ok

12:46:02.0140 0316 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

12:46:02.0195 0316 pla - ok

12:46:02.0242 0316 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

12:46:02.0252 0316 PlugPlay - ok

12:46:02.0294 0316 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

12:46:02.0304 0316 PNRPAutoReg - ok

12:46:02.0338 0316 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

12:46:02.0348 0316 PNRPsvc - ok

12:46:02.0378 0316 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

12:46:02.0401 0316 PolicyAgent - ok

12:46:02.0422 0316 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

12:46:02.0425 0316 PptpMiniport - ok

12:46:02.0464 0316 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys

12:46:02.0468 0316 Processor - ok

12:46:02.0492 0316 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

12:46:02.0500 0316 ProfSvc - ok

12:46:02.0516 0316 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

12:46:02.0519 0316 ProtectedStorage - ok

12:46:02.0558 0316 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

12:46:02.0561 0316 PSched - ok

12:46:02.0576 0316 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

12:46:02.0580 0316 PxHelp20 - ok

12:46:02.0651 0316 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys

12:46:02.0684 0316 ql2300 - ok

12:46:02.0709 0316 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

12:46:02.0715 0316 ql40xx - ok

12:46:02.0762 0316 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

12:46:02.0770 0316 QWAVE - ok

12:46:02.0811 0316 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

12:46:02.0813 0316 QWAVEdrv - ok

12:46:02.0924 0316 [ 15B131177EC8A6DD6CBEC2C124712EE4 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys

12:46:03.0000 0316 R300 - ok

12:46:03.0030 0316 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

12:46:03.0033 0316 RasAcd - ok

12:46:03.0071 0316 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

12:46:03.0077 0316 RasAuto - ok

12:46:03.0120 0316 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

12:46:03.0123 0316 Rasl2tp - ok

12:46:03.0154 0316 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

12:46:03.0164 0316 RasMan - ok

12:46:03.0202 0316 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

12:46:03.0205 0316 RasPppoe - ok

12:46:03.0248 0316 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

12:46:03.0252 0316 RasSstp - ok

12:46:03.0297 0316 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

12:46:03.0305 0316 rdbss - ok

12:46:03.0340 0316 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

12:46:03.0342 0316 RDPCDD - ok

12:46:03.0374 0316 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

12:46:03.0382 0316 rdpdr - ok

12:46:03.0390 0316 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

12:46:03.0393 0316 RDPENCDD - ok

12:46:03.0436 0316 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

12:46:03.0442 0316 RDPWD - ok

12:46:03.0540 0316 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

12:46:03.0545 0316 RemoteAccess - ok

12:46:03.0575 0316 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

12:46:03.0582 0316 RemoteRegistry - ok

12:46:03.0644 0316 [ B216B03852DF788C7E2AFDF6C6E8A9B0 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe

12:46:03.0651 0316 RichVideo - ok

12:46:03.0681 0316 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

12:46:03.0685 0316 RpcLocator - ok

12:46:03.0728 0316 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

12:46:03.0737 0316 RpcSs - ok

12:46:03.0777 0316 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

12:46:03.0780 0316 rspndr - ok

12:46:03.0795 0316 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

12:46:03.0800 0316 SamSs - ok

12:46:03.0823 0316 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

12:46:03.0828 0316 sbp2port - ok

12:46:03.0866 0316 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

12:46:03.0873 0316 SCardSvr - ok

12:46:03.0933 0316 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

12:46:03.0968 0316 Schedule - ok

12:46:04.0005 0316 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

12:46:04.0007 0316 SCPolicySvc - ok

12:46:04.0044 0316 [ 4339A2585708C7D9B0C0CE5AAD3DD6FF ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

12:46:04.0053 0316 sdbus - ok

12:46:04.0104 0316 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

12:46:04.0117 0316 SDRSVC - ok

12:46:04.0138 0316 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

12:46:04.0141 0316 secdrv - ok

12:46:04.0173 0316 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

12:46:04.0179 0316 seclogon - ok

12:46:04.0201 0316 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll

12:46:04.0206 0316 SENS - ok

12:46:04.0233 0316 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

12:46:04.0236 0316 Serenum - ok

12:46:04.0267 0316 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\DRIVERS\serial.sys

12:46:04.0272 0316 Serial - ok

12:46:04.0284 0316 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

12:46:04.0287 0316 sermouse - ok

12:46:04.0337 0316 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

12:46:04.0343 0316 SessionEnv - ok

12:46:04.0361 0316 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

12:46:04.0364 0316 sffdisk - ok

12:46:04.0390 0316 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

12:46:04.0393 0316 sffp_mmc - ok

12:46:04.0403 0316 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

12:46:04.0409 0316 sffp_sd - ok

12:46:04.0424 0316 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

12:46:04.0428 0316 sfloppy - ok

12:46:04.0456 0316 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

12:46:04.0466 0316 SharedAccess - ok

12:46:04.0505 0316 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:46:04.0514 0316 ShellHWDetection - ok

12:46:04.0537 0316 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys

12:46:04.0541 0316 sisagp - ok

12:46:04.0553 0316 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

12:46:04.0555 0316 SiSRaid2 - ok

12:46:04.0574 0316 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

12:46:04.0579 0316 SiSRaid4 - ok

12:46:04.0662 0316 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

12:46:04.0668 0316 SkypeUpdate - ok

12:46:04.0818 0316 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

12:46:04.0947 0316 slsvc - ok

12:46:05.0019 0316 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

12:46:05.0026 0316 SLUINotify - ok

12:46:05.0056 0316 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

12:46:05.0060 0316 Smb - ok

12:46:05.0096 0316 [ 12B62474E707A26D662232C54A4EF322 ] SMSCIRDA C:\Windows\system32\DRIVERS\SMSCirda.sys

12:46:05.0099 0316 SMSCIRDA - ok

12:46:05.0147 0316 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

12:46:05.0152 0316 SNMPTRAP - ok

12:46:05.0180 0316 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

12:46:05.0184 0316 spldr - ok

12:46:05.0229 0316 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

12:46:05.0235 0316 Spooler - ok

12:46:05.0274 0316 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

12:46:05.0280 0316 SQLBrowser - ok

12:46:05.0337 0316 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

12:46:05.0340 0316 SQLWriter - ok

12:46:05.0452 0316 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1309000.009\SRTSP.SYS

12:46:05.0484 0316 SRTSP - ok

12:46:05.0545 0316 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1309000.009\SRTSPX.SYS

12:46:05.0549 0316 SRTSPX - ok

12:46:05.0595 0316 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

12:46:05.0603 0316 srv - ok

12:46:05.0647 0316 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

12:46:05.0653 0316 srv2 - ok

12:46:05.0682 0316 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

12:46:05.0687 0316 srvnet - ok

12:46:05.0737 0316 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

12:46:05.0745 0316 SSDPSRV - ok

12:46:05.0783 0316 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

12:46:05.0790 0316 SstpSvc - ok

12:46:05.0829 0316 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

12:46:05.0832 0316 StillCam - ok

12:46:05.0898 0316 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

12:46:05.0921 0316 stisvc - ok

12:46:05.0934 0316 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

12:46:05.0937 0316 swenum - ok

12:46:05.0976 0316 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

12:46:05.0987 0316 swprv - ok

12:46:06.0021 0316 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

12:46:06.0024 0316 Symc8xx - ok

12:46:06.0033 0316 SYMDNS - ok

12:46:06.0078 0316 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1309000.009\SYMDS.SYS

12:46:06.0101 0316 SymDS - ok

12:46:06.0166 0316 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS

12:46:06.0201 0316 SymEFA - ok

12:46:06.0231 0316 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS

12:46:06.0244 0316 SymEvent - ok

12:46:06.0278 0316 SYMFW - ok

12:46:06.0332 0316 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1309000.009\Ironx86.SYS

12:46:06.0338 0316 SymIRON - ok

12:46:06.0346 0316 SYMNDISV - ok

12:46:06.0358 0316 SYMREDRV - ok

12:46:06.0400 0316 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\NIS\1309000.009\SYMTDIV.SYS

12:46:06.0410 0316 SYMTDIv - ok

12:46:06.0446 0316 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

12:46:06.0449 0316 Sym_hi - ok

12:46:06.0466 0316 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

12:46:06.0470 0316 Sym_u3 - ok

12:46:06.0515 0316 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

12:46:06.0538 0316 SysMain - ok

12:46:06.0566 0316 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:46:06.0571 0316 TabletInputService - ok

12:46:06.0606 0316 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

12:46:06.0615 0316 TapiSrv - ok

12:46:06.0649 0316 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

12:46:06.0654 0316 TBS - ok

12:46:06.0723 0316 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

12:46:06.0756 0316 Tcpip - ok

12:46:06.0800 0316 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

12:46:06.0810 0316 Tcpip6 - ok

12:46:06.0851 0316 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

12:46:06.0854 0316 tcpipreg - ok

12:46:06.0898 0316 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

12:46:06.0900 0316 TDPIPE - ok

12:46:06.0925 0316 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

12:46:06.0928 0316 TDTCP - ok

12:46:06.0956 0316 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

12:46:06.0960 0316 tdx - ok

12:46:06.0979 0316 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

12:46:06.0983 0316 TermDD - ok

12:46:07.0020 0316 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

12:46:07.0043 0316 TermService - ok

12:46:07.0072 0316 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

12:46:07.0079 0316 Themes - ok

12:46:07.0104 0316 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

12:46:07.0108 0316 THREADORDER - ok

12:46:07.0138 0316 [ 42A23FF09BD172FA3F6A3A0A589EF1B0 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys

12:46:07.0144 0316 tosrfbd - ok

12:46:07.0168 0316 [ 410AA85D04CFE697A2C3368286DDD128 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys

12:46:07.0172 0316 Tosrfhid - ok

12:46:07.0207 0316 [ 967316FB4777BC6EAAA0E15552FEF768 ] tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys

12:46:07.0211 0316 tosrfusb - ok

12:46:07.0251 0316 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

12:46:07.0256 0316 TrkWks - ok

12:46:07.0314 0316 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:46:07.0316 0316 TrustedInstaller - ok

12:46:07.0360 0316 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

12:46:07.0363 0316 tssecsrv - ok

12:46:07.0407 0316 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

12:46:07.0410 0316 tunmp - ok

12:46:07.0452 0316 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

12:46:07.0455 0316 tunnel - ok

12:46:07.0495 0316 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

12:46:07.0498 0316 uagp35 - ok

12:46:07.0533 0316 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

12:46:07.0540 0316 udfs - ok

12:46:07.0575 0316 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

12:46:07.0581 0316 UI0Detect - ok

12:46:07.0605 0316 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

12:46:07.0610 0316 uliagpkx - ok

12:46:07.0637 0316 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys

12:46:07.0646 0316 uliahci - ok

12:46:07.0671 0316 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

12:46:07.0677 0316 UlSata - ok

12:46:07.0698 0316 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

12:46:07.0703 0316 ulsata2 - ok

12:46:07.0737 0316 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

12:46:07.0740 0316 umbus - ok

12:46:07.0797 0316 [ 9E16F1017C4B70B9CB625D6754DFCCC7 ] UpdateNaviInstallService C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe

12:46:07.0799 0316 UpdateNaviInstallService - ok

12:46:07.0841 0316 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

12:46:07.0859 0316 upnphost - ok

12:46:07.0923 0316 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

12:46:07.0933 0316 usbaudio - ok

12:46:07.0957 0316 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

12:46:07.0960 0316 usbccgp - ok

12:46:08.0002 0316 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

12:46:08.0006 0316 usbcir - ok

12:46:08.0062 0316 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

12:46:08.0065 0316 usbehci - ok

12:46:08.0091 0316 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

12:46:08.0098 0316 usbhub - ok

12:46:08.0135 0316 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

12:46:08.0137 0316 usbohci - ok

12:46:08.0168 0316 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys

12:46:08.0170 0316 usbprint - ok

12:46:08.0209 0316 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:46:08.0214 0316 USBSTOR - ok

12:46:08.0233 0316 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

12:46:08.0236 0316 usbuhci - ok

12:46:08.0277 0316 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

12:46:08.0282 0316 usbvideo - ok

12:46:08.0319 0316 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

12:46:08.0324 0316 UxSms - ok

12:46:08.0377 0316 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

12:46:08.0412 0316 vds - ok

12:46:08.0445 0316 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

12:46:08.0448 0316 vga - ok

12:46:08.0494 0316 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

12:46:08.0497 0316 VgaSave - ok

12:46:08.0526 0316 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys

12:46:08.0530 0316 viaagp - ok

12:46:08.0550 0316 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

12:46:08.0554 0316 ViaC7 - ok

12:46:08.0576 0316 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys

12:46:08.0580 0316 viaide - ok

12:46:08.0601 0316 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:46:08.0605 0316 volmgr - ok

12:46:08.0649 0316 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:46:08.0658 0316 volmgrx - ok

12:46:08.0705 0316 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:46:08.0713 0316 volsnap - ok

12:46:08.0741 0316 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

12:46:08.0746 0316 vsmraid - ok

12:46:08.0818 0316 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

12:46:08.0863 0316 VSS - ok

12:46:08.0906 0316 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

12:46:08.0916 0316 W32Time - ok

12:46:08.0986 0316 [ 9CA92191C8F18E8B491A5B28E63C07B7 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll

12:46:08.0995 0316 W3SVC - ok

12:46:09.0016 0316 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

12:46:09.0020 0316 WacomPen - ok

12:46:09.0055 0316 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

12:46:09.0058 0316 Wanarp - ok

12:46:09.0072 0316 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:46:09.0074 0316 Wanarpv6 - ok

12:46:09.0119 0316 [ 9CA92191C8F18E8B491A5B28E63C07B7 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll

12:46:09.0123 0316 WAS - ok

12:46:09.0151 0316 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:46:09.0173 0316 wcncsvc - ok

12:46:09.0204 0316 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:46:09.0208 0316 WcsPlugInService - ok

12:46:09.0248 0316 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys

12:46:09.0251 0316 Wd - ok

12:46:09.0295 0316 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:46:09.0318 0316 Wdf01000 - ok

12:46:09.0347 0316 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:46:09.0353 0316 WdiServiceHost - ok

12:46:09.0361 0316 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:46:09.0369 0316 WdiSystemHost - ok

12:46:09.0406 0316 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

12:46:09.0414 0316 WebClient - ok

12:46:09.0458 0316 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:46:09.0467 0316 Wecsvc - ok

12:46:09.0505 0316 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:46:09.0511 0316 wercplsupport - ok

12:46:09.0551 0316 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

12:46:09.0558 0316 WerSvc - ok

12:46:09.0620 0316 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

12:46:09.0627 0316 WinDefend - ok

12:46:09.0638 0316 WinHttpAutoProxySvc - ok

12:46:09.0699 0316 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:46:09.0704 0316 Winmgmt - ok

12:46:09.0785 0316 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

12:46:09.0841 0316 WinRM - ok

12:46:09.0912 0316 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

12:46:09.0934 0316 Wlansvc - ok

12:46:10.0022 0316 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:46:10.0079 0316 wlidsvc - ok

12:46:10.0121 0316 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

12:46:10.0124 0316 WmiAcpi - ok

12:46:10.0162 0316 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:46:10.0167 0316 wmiApSrv - ok

12:46:10.0246 0316 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

12:46:10.0281 0316 WMPNetworkSvc - ok

12:46:10.0307 0316 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:46:10.0316 0316 WPCSvc - ok

12:46:10.0357 0316 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:46:10.0369 0316 WPDBusEnum - ok

12:46:10.0432 0316 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

12:46:10.0438 0316 WpdUsb - ok

12:46:10.0625 0316 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:46:10.0712 0316 WPFFontCache_v0400 - ok

12:46:10.0755 0316 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:46:10.0789 0316 ws2ifsl - ok

12:46:10.0839 0316 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll

12:46:10.0845 0316 wscsvc - ok

12:46:10.0854 0316 WSearch - ok

12:46:10.0923 0316 [ 2A456C4791E405CD810AB2219FF8B070 ] wtpfiltr C:\Windows\system32\drivers\wtpfiltr.sys

12:46:10.0930 0316 wtpfiltr - ok

12:46:11.0040 0316 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

12:46:11.0108 0316 wuauserv - ok

12:46:11.0150 0316 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

12:46:11.0154 0316 WUDFRd - ok

12:46:11.0190 0316 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:46:11.0196 0316 wudfsvc - ok

12:46:11.0262 0316 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

12:46:11.0357 0316 YahooAUService - ok

12:46:11.0408 0316 [ 64B7C777B88D3AD5A3553BAFD66F9CAE ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys

12:46:11.0442 0316 yukonwlh - ok

12:46:11.0513 0316 ================ Scan global ===============================

12:46:11.0563 0316 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

12:46:11.0714 0316 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

12:46:11.0803 0316 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

12:46:11.0891 0316 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

12:46:11.0976 0316 [Global] - ok

12:46:11.0986 0316 ================ Scan MBR ==================================

12:46:12.0017 0316 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

12:46:12.0556 0316 \Device\Harddisk0\DR0 - ok

12:46:12.0557 0316 ================ Scan VBR ==================================

12:46:12.0562 0316 [ F4763086AF101FBBE226E2B3C2F19FA0 ] \Device\Harddisk0\DR0\Partition1

12:46:12.0564 0316 \Device\Harddisk0\DR0\Partition1 - ok

12:46:12.0587 0316 [ 7AE6DE9486CB2CFB46AEEE340C1F5664 ] \Device\Harddisk0\DR0\Partition2

12:46:12.0590 0316 \Device\Harddisk0\DR0\Partition2 - ok

12:46:12.0591 0316 ============================================================

12:46:12.0591 0316 Scan finished

12:46:12.0591 0316 ============================================================

12:46:12.0613 2224 Detected object count: 0

12:46:12.0613 2224 Actual detected object count: 0

12:55:35.0971 5396 Deinitialize success

ComboFix 12-11-16.02 - Russ 11/18/2012 13:31:26.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1981.786 [GMT -8:00]

Running from: c:\users\Russ\Downloads\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Russ\AppData\Local\Temp\_MEI32922\_ctypes.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\_elementtree.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\_hashlib.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\_socket.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\_ssl.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\pyexpat.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\pysqlite2._sqlite.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\python26.dll

c:\users\Russ\AppData\Local\Temp\_MEI32922\pythoncom26.dll

c:\users\Russ\AppData\Local\Temp\_MEI32922\PyWinTypes26.dll

c:\users\Russ\AppData\Local\Temp\_MEI32922\select.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\unicodedata.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32api.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32com.shell.shell.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32crypt.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32event.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32file.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32inet.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32pdh.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32process.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32profile.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32security.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\win32ts.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\windows._cacheinvalidation.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\wx._controls_.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\wx._core_.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\wx._gdi_.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\wx._html2.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\wx._misc_.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\wx._windows_.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\wx._wizard.pyd

c:\users\Russ\AppData\Local\Temp\_MEI32922\wxbase293u_net_vc.dll

c:\users\Russ\AppData\Local\Temp\_MEI32922\wxbase293u_vc.dll

c:\users\Russ\AppData\Local\Temp\_MEI32922\wxmsw293u_adv_vc.dll

c:\users\Russ\AppData\Local\Temp\_MEI32922\wxmsw293u_core_vc.dll

c:\users\Russ\AppData\Local\Temp\_MEI32922\wxmsw293u_html_vc.dll

c:\users\Russ\AppData\Local\Temp\_MEI32922\wxmsw293u_webview_vc.dll

c:\users\Russ\g2mdlhlpx.exe

c:\users\Russ\GoToAssistDownloadHelper.exe

c:\windows\TEMP\logishrd\LVPrcInj0d.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))

.

.

No new files created in this timespan

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-16 22:17 . 2006-11-02 10:24 64010424 ----a-w- c:\windows\system32\mrt.exe

2012-11-08 13:37 . 2012-03-29 03:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-08 13:37 . 2011-05-18 13:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-26 23:48 . 2012-10-26 23:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-10-26 23:48 . 2012-07-11 02:45 821736 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-10-26 23:48 . 2010-05-26 23:26 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-12 14:29 . 2012-11-14 14:24 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-10-08 08:28 . 2012-11-16 22:11 12320768 ----a-w- c:\windows\system32\mshtml.dll

2012-10-08 07:48 . 2012-11-16 22:11 1103872 ----a-w- c:\windows\system32\urlmon.dll

2012-10-08 07:48 . 2012-11-16 22:11 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-10-08 07:46 . 2012-11-16 22:11 231936 ----a-w- c:\windows\system32\url.dll

2012-10-08 07:43 . 2012-11-16 22:11 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-10-08 07:42 . 2012-11-16 22:11 607744 ----a-w- c:\windows\system32\msfeeds.dll

2012-10-08 07:41 . 2012-11-16 22:11 73216 ----a-w- c:\windows\system32\mshtmled.dll

2012-10-08 07:40 . 2012-11-16 22:11 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-25 16:19 . 2012-11-14 14:25 75776 ----a-w- c:\windows\system32\synceng.dll

2012-09-13 13:28 . 2012-10-10 12:48 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-29 11:27 . 2012-10-10 12:45 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-29 11:27 . 2012-10-10 12:45 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 15:53 . 2012-10-10 12:47 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-30 17:11 . 2012-10-30 17:11 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-10-25 22:45 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2012-07-13 17418928]

"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

"Akamai NetSession Interface"="c:\users\Russ\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-27 39408]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-10-25 16052192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-04 5218304]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-26 151552]

"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2007-02-09 97072]

"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-17 80688]

"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-11-26 260912]

"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]

"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2006-11-12 239144]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-14 52832]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-28 30192]

"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-02-05 167936]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-26 68592]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Russ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2011-03-21 17:48 114176 ----a-w- c:\windows\System32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 13:37]

.

2012-08-02 c:\windows\Tasks\ErrorEND.job

- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:38]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 05:38]

.

2012-11-16 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2011-03-29 23:17]

.

2011-04-22 c:\windows\Tasks\ParetoLogic Update Version3.job

- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2011-03-29 23:17]

.

2012-02-15 c:\windows\Tasks\PC Health Advisor Defrag.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]

.

2012-07-20 c:\windows\Tasks\PC Health Advisor.job

- c:\program files\ParetoLogic\PCHA\PCHA.exe [2011-03-29 23:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = <local>

Trusted Zone: pristine.com\www

Trusted Zone: realist.com

Trusted Zone: sandicor.com

Trusted Zone: zerohedge.com\www

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab

DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://mls.realist.com/mapviewer/mapviewer.cab

FF - ProfilePath - c:\users\Russ\AppData\Roaming\Mozilla\Firefox\Profiles\z8uojzrp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-09-19 20:19; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF - ExtSQL: 2012-10-18 05:32; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF - ExtSQL: !HIDDEN! 2011-03-23 18:25; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - ExtSQL: !HIDDEN! 2012-01-11 11:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM_ActiveSetup-ccc-core-static - msiexec

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-11-18 14:24

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]

"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3471859834-3467075534-2614826630-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):3f,66,59,82,9c,36,a1,ec,f2,2b,02,93,eb,4b,24,b1,30,11,5f,11,c8,

76,c5,a0,01,6d,22,4c,a8,a3,64,78,0f,c7,aa,f7,a3,e4,5c,1b,00,00,00,00,00,00,\

.

[HKEY_USERS\S-1-5-21-3471859834-3467075534-2614826630-1000_Classes\CLSID\{9273a061-d847-495f-aa9f-c08bdaf6dd2f}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:0000005b

"Therad"=dword:0000001e

"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,

38,95,44,85,b1,12,f9,90,dd,23,a1,88,cf,9c,8e,d8,d3,58,13,5a,53,3c,56,d5,ae,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\system32\agrsmsvc.exe

c:\windows\system32\atashost.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

c:\windows\system32\o2flash.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\RtHDVCpl.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\program files\Apoint2K\Apntex.exe

c:\program files\Apoint2K\HidFind.exe

c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

.

**************************************************************************

.

Completion time: 2012-11-18 14:52:37 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-18 22:52

.

Pre-Run: 66,546,679,808 bytes free

Post-Run: 76,767,985,664 bytes free

.

- - End Of File - - E3FF531F7A5C852A9144DAC9E58999E6

Link to post
Share on other sites

Please do this next:

icon11.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

  • JRT log
  • MBAM log

Link to post
Share on other sites

Here are the JRT and MBAM logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.3.6 (11.18.2012)

OS: Windows Vista Home Premium x86

Ran by Russ on Sun 11/18/2012 at 20:24:57.25

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt

Successfully deleted: [File] C:\eula.1031.txt

Successfully deleted: [File] C:\eula.1033.txt

Successfully deleted: [File] C:\eula.1036.txt

Successfully deleted: [File] C:\eula.1040.txt

Successfully deleted: [File] C:\eula.1041.txt

Successfully deleted: [File] C:\eula.1042.txt

Successfully deleted: [File] C:\eula.2052.txt

Successfully deleted: [File] C:\install.res.1028.dll

Successfully deleted: [File] C:\install.res.1031.dll

Successfully deleted: [File] C:\install.res.1033.dll

Successfully deleted: [File] C:\install.res.1036.dll

Successfully deleted: [File] C:\install.res.1040.dll

Successfully deleted: [File] C:\install.res.1041.dll

Successfully deleted: [File] C:\install.res.1042.dll

Successfully deleted: [File] C:\install.res.2052.dll

Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Folder] C:\Program Files\internet download manager

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Russ\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 11/18/2012 at 20:30:30.53

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.19.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Russ :: RUSS-PC [administrator]

11/18/2012 8:34:35 PM

mbam-log-2012-11-18 (20-34-35).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 366787

Time elapsed: 1 hour(s), 49 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

How is the computer running now? Are you still having redirects? Please do this next:

icon11.gif Go to thisLINK to run an online scannner from ESET.

  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.

icon11.gif Uninstall the following outdated version of Java via Control Panel > Programs > Uninstall a program

Java™ 6 Update 37

Please include the following in your next post:

  • How is the computer running now?
  • ESET log

Link to post
Share on other sites

I have unistalled Java6 Update 37.

The ESEt log is below.

I'm still having the following problem with my computer:

When I do a Google, Yahoo or Bing search for the website, retechulous or retechulous.com, and get the search results and then click on the retechulous.com link to

go to that website I get redirected instead to http://stped.dnset.com or http://forbidden.4pu.com with an immediate warning that these sites are known to be malicious and unsafe websites that contain harmful software that can damage my computer or put my personal or financial information at risk. This seems to happen only when I do a search for the retechulous.com website and the redirect happens when I use either Explorer, Firefox or Google Chrome as my browser. When I search for any other website or search term my computer seems to work fine without any redirect to the above-mentioned malicious websites.

I await your further instructions. Thank you.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=b4634cf5b353054b99f269328bf48626

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-11-20 12:36:55

# local_time=2012-11-19 04:36:55 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 100 99975729 189967980 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=178771

# found=0

# cleaned=0

# scan_time=11362

Link to post
Share on other sites

I'm certain that your remaining issue is with retechulous.com. If the redirections were malware related they would not be specific to one search term. I did the same search on my own computer and Malwarebytes PRO immediately blocked a connection to a malicious site (probably the same site you are being redirected to). If you are familiar with that site and know it to be legitimate, I would recommend that you contact them and advise them of the issue.

Your logs look good! All I have left for you is another update and some very important cleanup:

icon11.gif Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version. Be sure to watch for and uncheck any boxes offering to install other software.

icon11.gif Uninstall ComboFix

  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall

Combofix_uninstall_image.jpg

icon11.gif Delete the following tools along with any other logs you saved from our work:

  • DDS
  • TDSSKiller

icon11.gif Download TFC to your desktop

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

icon11.gif Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Please read this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

I followed your instructions per above. Now after running the TFC scan Internet Explorer 9 does not work. It will not load websites or will only partially load them very slowly. I have gone to Microsoft's website and run their Internet Explorer 9 fix and reset the Internet Explorer settings. Microsoft's website said Internet Explorer 9 may be running slowly because I might need to update my video driver so I have gone to Fujitsu's website (my machine is a Fujitsu Lifebook Series A) and updated my video driver. I still cannot get Internet Explorer 9 to work. Firefox and Google Chrome work fine. Any suggestions?

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.