Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google/Bing redirect virus help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 17th, 2012, 4:16 pm

For some reason the killbox.exe file won't run....it states that it is "not a valid Win32 application". Do you want me to continue with the other steps, or is there another way to download the killbox? Thanks
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm
Advertisement
Register to Remove

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 17th, 2012, 4:43 pm

Hello mabbitt616,
Do you want me to continue with the other steps, or is there another way to download the killbox?
Sorry about that. Please forget killbox step and make the following one instead:

Step 1.
ComboFix - CFScript
You should still have ComboFix.exe on your desktop.
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below into the window:
    Code: Select all
    KILLALL::
    
    File::
    C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll
    
  2. Save it to your Desktop as CFScript.txt
  3. Please disable any Antivirus and Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon, as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... You can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

THEN:
Please restart your computer and run all other steps.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of ComboFix log file after run of ComboFix script
  3. Contents of the C:\Program Files\ESET\EsetOnlineScanner\log.txt log file after fresh ESET scan
  4. Contents of the SystemLook.txt log file
  5. Answer for my question about initial symptoms.
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 17th, 2012, 7:56 pm

pgmigg,

Was able to run all of the steps. At this point, do not have any more redirects when using google/bing.

My combofix log is : ComboFix 12-05-17.05 - Matthew Abbott 05/17/2012 16:58:42.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.344 [GMT -4:00]
Running from: c:\documents and settings\Matthew Abbott\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matthew Abbott\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-10 12:19 . 2012-05-10 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-10 11:08 . 2012-05-10 11:08 -------- d-----w- c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Threat Expert
2012-05-10 02:00 . 2012-05-10 02:00 -------- d-----w- c:\program files\PC Tools
2012-05-10 01:08 . 2012-05-11 00:11 -------- d-----w- c:\program files\Common Files\PC Tools
2012-05-10 01:08 . 2012-04-23 18:17 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 01:06 . 2012-05-10 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-10 01:06 . 2012-05-10 01:06 -------- d-----w- c:\documents and settings\Matthew Abbott\Application Data\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2010-01-07 00:08 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-26 00:12 . 2010-05-31 22:41 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-26 00:12 . 2010-05-31 22:41 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-26 00:11 . 2012-03-26 00:11 76208 ----a-w- c:\windows\system32\FwsVpn.dll
2012-03-26 00:11 . 2012-03-26 00:11 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2012-03-26 00:11 . 2009-09-17 22:30 241584 ----a-w- c:\windows\system32\SymVPN.dll
2012-03-17 21:46 . 2012-03-17 21:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2010-01-07 00:08 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2010-01-07 00:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2010-01-07 00:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-01-07 00:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2010-01-07 00:08 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-01-07 00:08 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-13_12.41.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-17 13:23 . 2012-05-17 13:23 16384 c:\windows\Temp\Perflib_Perfdata_2f4.dat
+ 2012-05-17 21:11 . 2012-05-17 21:11 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
+ 2012-05-17 21:11 . 2012-05-17 21:11 16384 c:\windows\Temp\Perflib_Perfdata_194.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-09 401072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-12-12 994216]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-09 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"FujiSynapseBridge"="c:\program files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe" [2010-10-22 243072]
"Synapse URLSearchHook Configuration"="c:\progra~1\FUJIME~1\Synapse\WORKST~1\FujiFld.dll" [2010-10-22 3904896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
.
c:\documents and settings\Matthew Abbott\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-1-7 385024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\snac.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [7/16/2011 7:48 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [8/27/2011 7:48 PM 758904]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [5/31/2010 6:25 PM 11448]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys [5/9/2012 10:22 PM 821880]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [6/17/2011 8:29 AM 85288]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [9/13/2011 7:46 PM 137336]
R2 PACS Client Updater;PACS Client Updater;c:\program files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [4/15/2010 3:34 PM 24576]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [9/20/2011 11:58 PM 137224]
R2 SynapseUpdateSvc;Synapse Update Manager;c:\program files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe [10/22/2010 4:49 PM 199680]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120516.001\IDSXpx86.sys [5/17/2012 11:16 AM 356792]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/28/2009 2:40 AM 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2010 7:40 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/7/2010 2:18 PM 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
S3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [5/15/2012 8:19 PM 106104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 5:00 AM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2010 7:40 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [1/7/2010 2:30 PM 39040]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-05-17 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-16 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-15 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-17 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 23:39]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {1FBD11EF-1260-11D1-87A7-444553540001} - Local
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-17 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Citrix\ICA Client\pnsson.dll
.
- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Fuji Medical System\Synapse\Workstation\FujiFld.dll
c:\progra~1\FUJIME~1\Synapse\WORKST~1\FujiFldR.dll
c:\program files\Fuji Medical System\Synapse\Workstation\DBCmds.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\RTHDCPL.EXE
c:\program files\Citrix\ICA Client\WFCRUN32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-05-17 17:18:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-17 21:18
ComboFix2.txt 2012-05-13 12:47
ComboFix3.txt 2012-05-12 21:34
.
Pre-Run: 134,056,189,952 bytes free
Post-Run: 134,108,213,248 bytes free
.
- - End Of File - - 0CE89FCAD414CF264F772D0CFAD930E9

My systemlook log file is :
SystemLook 30.07.11 by jpshortstuff
Log created at 17:20 on 17/05/2012 by Matthew Abbott
Administrator - Elevation successful

========== filefind ==========

Searching for "yxuoo*"
C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll --a---- 461312 bytes [13:48 09/05/2012] [13:48 09/05/2012] 96B491EFD78B5B49CC0F378C4E0F549A

========== Regfind ==========

Searching for "yxuoo"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"h"="C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"
[HKEY_USERS\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"h"="C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"
[HKEY_USERS\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"

-= EOF =-

My ESET log is :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c7dd2be6ad5b2b4fa22f54d01aea979a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-17 11:50:14
# local_time=2012-05-17 07:50:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=56445
# found=3
# cleaned=0
# scan_time=7121
C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll a variant of Win32/Kryptik.AFRA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\rlrjomrye.dll.vir a variant of Win32/Kryptik.AFRA trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.03.2012_17.06.37\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan (unable to clean) 00000000000000000000000000000000 I
thanks
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 17th, 2012, 7:57 pm

pgmigg,

Was able to run all of the steps. At this point, do not have any more redirects when using google/bing.

My combofix log is : ComboFix 12-05-17.05 - Matthew Abbott 05/17/2012 16:58:42.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.344 [GMT -4:00]
Running from: c:\documents and settings\Matthew Abbott\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Matthew Abbott\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-10 12:19 . 2012-05-10 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-05-10 11:08 . 2012-05-10 11:08 -------- d-----w- c:\documents and settings\Matthew Abbott\Local Settings\Application Data\Threat Expert
2012-05-10 02:00 . 2012-05-10 02:00 -------- d-----w- c:\program files\PC Tools
2012-05-10 01:08 . 2012-05-11 00:11 -------- d-----w- c:\program files\Common Files\PC Tools
2012-05-10 01:08 . 2012-04-23 18:17 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-05-10 01:06 . 2012-05-10 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2012-05-10 01:06 . 2012-05-10 01:06 -------- d-----w- c:\documents and settings\Matthew Abbott\Application Data\TestApp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2008-04-14 00:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2010-01-07 00:08 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-26 00:12 . 2010-05-31 22:41 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-26 00:12 . 2010-05-31 22:41 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-26 00:11 . 2012-03-26 00:11 76208 ----a-w- c:\windows\system32\FwsVpn.dll
2012-03-26 00:11 . 2012-03-26 00:11 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2012-03-26 00:11 . 2009-09-17 22:30 241584 ----a-w- c:\windows\system32\SymVPN.dll
2012-03-17 21:46 . 2012-03-17 21:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2010-01-07 00:08 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2010-01-07 00:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2010-01-07 00:08 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-01-07 00:08 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2010-01-07 00:08 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-01-07 00:08 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-13_12.41.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-17 13:23 . 2012-05-17 13:23 16384 c:\windows\Temp\Perflib_Perfdata_2f4.dat
+ 2012-05-17 21:11 . 2012-05-17 21:11 16384 c:\windows\Temp\Perflib_Perfdata_280.dat
+ 2012-05-17 21:11 . 2012-05-17 21:11 16384 c:\windows\Temp\Perflib_Perfdata_194.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-09 401072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-12-12 994216]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-09 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RTHDCPL"="RTHDCPL.EXE" [2009-04-27 17881088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"FujiSynapseBridge"="c:\program files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe" [2010-10-22 243072]
"Synapse URLSearchHook Configuration"="c:\progra~1\FUJIME~1\Synapse\WORKST~1\FujiFld.dll" [2010-10-22 3904896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
.
c:\documents and settings\Matthew Abbott\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-1-7 385024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\12.1.1000.157.105\\Bin\\snac.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\WINWORD.EXE"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys [7/16/2011 7:48 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys [8/27/2011 7:48 PM 758904]
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [5/31/2010 6:25 PM 11448]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys [5/9/2012 10:22 PM 821880]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [6/17/2011 8:29 AM 85288]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys [9/13/2011 7:46 PM 137336]
R2 PACS Client Updater;PACS Client Updater;c:\program files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe [4/15/2010 3:34 PM 24576]
R2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [9/20/2011 11:58 PM 137224]
R2 SynapseUpdateSvc;Synapse Update Manager;c:\program files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe [10/22/2010 4:49 PM 199680]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120516.001\IDSXpx86.sys [5/17/2012 11:16 AM 356792]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/28/2009 2:40 AM 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2010 7:40 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/7/2010 2:18 PM 1684736]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/14/2009 12:51 PM 23888]
S3 EraserUtilDrv11122;EraserUtilDrv11122;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [5/15/2012 8:19 PM 106104]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/3/2012 5:00 AM 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/22/2010 7:40 PM 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [1/7/2010 2:30 PM 39040]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2012-05-17 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-16 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-15 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-17 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-11-17 01:12]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 23:39]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-22 23:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {1FBD11EF-1260-11D1-87A7-444553540001} - Local
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-17 17:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPBBCDrv]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(908)
c:\program files\Citrix\ICA Client\pnsson.dll
.
- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\Fuji Medical System\Synapse\Workstation\FujiFld.dll
c:\progra~1\FUJIME~1\Synapse\WORKST~1\FujiFldR.dll
c:\program files\Fuji Medical System\Synapse\Workstation\DBCmds.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Citrix\ICA Client\ssonsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\RTHDCPL.EXE
c:\program files\Citrix\ICA Client\WFCRUN32.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-05-17 17:18:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-17 21:18
ComboFix2.txt 2012-05-13 12:47
ComboFix3.txt 2012-05-12 21:34
.
Pre-Run: 134,056,189,952 bytes free
Post-Run: 134,108,213,248 bytes free
.
- - End Of File - - 0CE89FCAD414CF264F772D0CFAD930E9

My systemlook log file is :
SystemLook 30.07.11 by jpshortstuff
Log created at 17:20 on 17/05/2012 by Matthew Abbott
Administrator - Elevation successful

========== filefind ==========

Searching for "yxuoo*"
C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll --a---- 461312 bytes [13:48 09/05/2012] [13:48 09/05/2012] 96B491EFD78B5B49CC0F378C4E0F549A

========== Regfind ==========

Searching for "yxuoo"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"h"="C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"
[HKEY_USERS\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"h"="C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"
[HKEY_USERS\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"a"="C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll"

-= EOF =-

My ESET log is :

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c7dd2be6ad5b2b4fa22f54d01aea979a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-17 11:50:14
# local_time=2012-05-17 07:50:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=56445
# found=3
# cleaned=0
# scan_time=7121
C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll a variant of Win32/Kryptik.AFRA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\rlrjomrye.dll.vir a variant of Win32/Kryptik.AFRA trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\25.03.2012_17.06.37\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KS trojan (unable to clean) 00000000000000000000000000000000 I
thanks
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 18th, 2012, 12:13 pm

Hello mabbitt616,

I analyzed your previous posts and logs one more time and found that TDSSKiller was run on your computer some time ago (25.03.2012). Now there is some mess and would like to ask you to do the following:

Step 1.
  1. Please go to Start button, left-click on it, navigate to Explore, and right-click on it to open Windows Explorer.
  2. Then find a folder C:\TDSSKiller_Quarantine and delete it completely.
  3. Then find and delete TDSSKiller.exe from your Desktop.
  4. Then find and delete all previously done and kept on C:\ TDSSKiller logs looks like TDSSKiller.2.4.0.0 24.07.2010.
  5. Restart your computer.

Step 2.
TDSSKiller
  1. Please Download TDSSKiller.zip and save it on your desktop.
  2. Extract (unzip) its contents to your Desktop.
  3. Double-click the TDSSKiller Folder on your Desktop.
  4. Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  5. Important!: Run this fix once and once only.
  6. Double click the TDSSKiller icon on you're desktop then click Start scan.
  7. A box will appear saying System scan completed.
  8. If any Malicious objects are found click Cure > Continue > Reboot now.
  9. A log file should be created on your C:\ drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  10. Please post the contents of that log in your next reply.

Step 3.
Please download GMER Rootkit Scanner from Here.
  1. Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  2. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  3. In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image

  4. Then click the Scan button & wait for it to finish
  5. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  6. Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller report file.
  3. Contents of Gmer report file.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 18th, 2012, 3:09 pm

pgmigg,

I was able to delete the TDSSkiller files you asked and downloaded it again and ran it, however there were no malicious objects identified.

I ran the GMER and the log file is as follows:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-18 15:04:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.01.0
Running: 28l0vk3o.exe; Driver: C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\fgtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT 85F0C9A0 ZwAlertResumeThread
SSDT 860BBF68 ZwAlertThread
SSDT 85F003E8 ZwAllocateVirtualMemory
SSDT 85F21AE8 ZwAssignProcessToJobObject
SSDT 861B2840 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA75D9980]
SSDT 860A9268 ZwCreateMutant
SSDT 86018BB8 ZwCreateSymbolicLinkObject
SSDT 860430B8 ZwCreateThread
SSDT 85F0E560 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA75D9C00]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA75D9F10]
SSDT 85F0ADB8 ZwDuplicateObject
SSDT 8602BBC0 ZwFreeVirtualMemory
SSDT 861799C0 ZwImpersonateAnonymousToken
SSDT 85F0C900 ZwImpersonateThread
SSDT 861C3C18 ZwLoadDriver
SSDT 86199ED8 ZwMapViewOfSection
SSDT 8603D6A8 ZwOpenEvent
SSDT 85F17368 ZwOpenProcess
SSDT 860196C0 ZwOpenProcessToken
SSDT 85FC73A0 ZwOpenSection
SSDT 85F12890 ZwOpenThread
SSDT 8201F6F0 ZwProtectVirtualMemory
SSDT 861BE758 ZwResumeThread
SSDT 8555C780 ZwSetContextThread
SSDT 85F0EE30 ZwSetInformationProcess
SSDT 85F089B8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA75DA160]
SSDT 85F19448 ZwSuspendProcess
SSDT 86194C40 ZwSuspendThread
SSDT 85F11908 ZwTerminateProcess
SSDT 85F1B878 ZwTerminateThread
SSDT 860E0E50 ZwUnmapViewOfSection
SSDT 8617DCA8 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_650_14951.SYS (NetBIOS Redirector/Juniper Networks)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 9EB38D20

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Thanks
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 18th, 2012, 3:50 pm

Hello mabbitt616,

Thank you, but I would like to see the TDSSKiller log even in case when there were no malicious objects identified. Please find something like C:\TDSSKiller.2.7.35.0_18.05.2012_15.22.50_log.txt and post its contents in your next reply.

Then, please try again to run OTL scan:

OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Under Extra Registry section, select Use SafeList.
  4. Click the Scan All Users checkbox.
  5. Click on Run Scan at the top left hand corner.
  6. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  7. Please post the contents of these 2 Notepad files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller report file.
  3. Contents of a OTL.txt log file after OTL Scan run
  4. Contents of a Extras.txt log file after OTL Scan run
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 18th, 2012, 9:37 pm

pgmigg,

My TDSSKiller log is: 13:48:31.0968 0564 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
13:48:32.0328 0564 ============================================================
13:48:32.0328 0564 Current date / time: 2012/05/18 13:48:32.0328
13:48:32.0328 0564 SystemInfo:
13:48:32.0328 0564
13:48:32.0328 0564 OS Version: 5.1.2600 ServicePack: 3.0
13:48:32.0328 0564 Product type: Workstation
13:48:32.0343 0564 ComputerName: ABBOTT
13:48:32.0343 0564 UserName: Matthew Abbott
13:48:32.0343 0564 Windows directory: C:\WINDOWS
13:48:32.0343 0564 System windows directory: C:\WINDOWS
13:48:32.0343 0564 Processor architecture: Intel x86
13:48:32.0343 0564 Number of processors: 2
13:48:32.0343 0564 Page size: 0x1000
13:48:32.0343 0564 Boot type: Normal boot
13:48:32.0343 0564 ============================================================
13:48:33.0250 0564 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:48:33.0250 0564 ============================================================
13:48:33.0250 0564 \Device\Harddisk0\DR0:
13:48:33.0250 0564 MBR partitions:
13:48:33.0250 0564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
13:48:33.0250 0564 ============================================================
13:48:33.0296 0564 C: <-> \Device\Harddisk0\DR0\Partition0
13:48:33.0296 0564 ============================================================
13:48:33.0296 0564 Initialize success
13:48:33.0296 0564 ============================================================
13:48:35.0890 0540 ============================================================
13:48:35.0890 0540 Scan started
13:48:35.0890 0540 Mode: Manual;
13:48:35.0890 0540 ============================================================
13:48:36.0312 0540 Abiosdsk - ok
13:48:36.0328 0540 abp480n5 - ok
13:48:36.0406 0540 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:48:36.0421 0540 ACPI - ok
13:48:36.0468 0540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:48:36.0515 0540 ACPIEC - ok
13:48:36.0531 0540 adpu160m - ok
13:48:36.0609 0540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:48:36.0625 0540 aec - ok
13:48:36.0703 0540 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:48:36.0718 0540 AFD - ok
13:48:36.0718 0540 Aha154x - ok
13:48:36.0734 0540 aic78u2 - ok
13:48:36.0765 0540 aic78xx - ok
13:48:36.0812 0540 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:48:36.0812 0540 Alerter - ok
13:48:36.0875 0540 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:48:36.0890 0540 ALG - ok
13:48:36.0906 0540 AliIde - ok
13:48:37.0125 0540 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
13:48:37.0218 0540 Ambfilt - ok
13:48:37.0328 0540 amsint - ok
13:48:37.0500 0540 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:48:37.0500 0540 Apple Mobile Device - ok
13:48:37.0531 0540 AppMgmt - ok
13:48:37.0734 0540 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
13:48:37.0875 0540 AR5416 - ok
13:48:38.0000 0540 asc - ok
13:48:38.0015 0540 asc3350p - ok
13:48:38.0031 0540 asc3550 - ok
13:48:38.0171 0540 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:48:38.0250 0540 aspnet_state - ok
13:48:38.0312 0540 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
13:48:38.0328 0540 AsUpIO - ok
13:48:38.0390 0540 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
13:48:38.0390 0540 AsusACPI - ok
13:48:38.0453 0540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:48:38.0468 0540 AsyncMac - ok
13:48:38.0531 0540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
13:48:38.0562 0540 atapi - ok
13:48:38.0578 0540 Atdisk - ok
13:48:38.0625 0540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:48:38.0656 0540 Atmarpc - ok
13:48:38.0718 0540 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:48:38.0718 0540 AudioSrv - ok
13:48:38.0765 0540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:48:38.0765 0540 audstub - ok
13:48:38.0859 0540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:48:38.0859 0540 Beep - ok
13:48:39.0109 0540 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys
13:48:39.0125 0540 BHDrvx86 - ok
13:48:39.0234 0540 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:48:39.0281 0540 BITS - ok
13:48:39.0390 0540 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
13:48:39.0406 0540 Bonjour Service - ok
13:48:39.0484 0540 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:48:39.0484 0540 Browser - ok
13:48:39.0515 0540 btaudio - ok
13:48:39.0531 0540 BTDriver - ok
13:48:39.0562 0540 BTWDNDIS - ok
13:48:39.0578 0540 btwhid - ok
13:48:39.0609 0540 BTWUSB - ok
13:48:39.0625 0540 catchme - ok
13:48:39.0671 0540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:48:39.0703 0540 cbidf2k - ok
13:48:39.0734 0540 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:48:39.0750 0540 CCDECODE - ok
13:48:39.0890 0540 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
13:48:39.0906 0540 ccEvtMgr - ok
13:48:39.0921 0540 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
13:48:39.0937 0540 ccSetMgr - ok
13:48:39.0953 0540 cd20xrnt - ok
13:48:40.0031 0540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:48:40.0031 0540 Cdaudio - ok
13:48:40.0078 0540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:48:40.0125 0540 Cdfs - ok
13:48:40.0218 0540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:48:40.0234 0540 Cdrom - ok
13:48:40.0250 0540 Changer - ok
13:48:40.0281 0540 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:48:40.0296 0540 CiSvc - ok
13:48:40.0328 0540 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:48:40.0328 0540 ClipSrv - ok
13:48:40.0453 0540 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:48:40.0562 0540 clr_optimization_v2.0.50727_32 - ok
13:48:40.0640 0540 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:48:40.0640 0540 CmBatt - ok
13:48:40.0656 0540 CmdIde - ok
13:48:40.0734 0540 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\WINDOWS\system32\Drivers\COH_Mon.sys
13:48:40.0750 0540 COH_Mon - ok
13:48:40.0781 0540 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:48:40.0781 0540 Compbatt - ok
13:48:40.0796 0540 COMSysApp - ok
13:48:40.0843 0540 Cpqarray - ok
13:48:40.0921 0540 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:48:40.0921 0540 CryptSvc - ok
13:48:40.0937 0540 dac2w2k - ok
13:48:40.0968 0540 dac960nt - ok
13:48:41.0078 0540 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:48:41.0093 0540 DcomLaunch - ok
13:48:41.0171 0540 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:48:41.0171 0540 Dhcp - ok
13:48:41.0218 0540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:48:41.0218 0540 Disk - ok
13:48:41.0234 0540 dmadmin - ok
13:48:41.0359 0540 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:48:41.0437 0540 dmboot - ok
13:48:41.0500 0540 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:48:41.0500 0540 dmio - ok
13:48:41.0546 0540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:48:41.0578 0540 dmload - ok
13:48:41.0640 0540 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:48:41.0640 0540 dmserver - ok
13:48:41.0687 0540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:48:41.0703 0540 DMusic - ok
13:48:41.0750 0540 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:48:41.0750 0540 Dnscache - ok
13:48:41.0812 0540 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:48:41.0828 0540 Dot3svc - ok
13:48:41.0843 0540 dpti2o - ok
13:48:41.0890 0540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:48:41.0890 0540 drmkaud - ok
13:48:41.0953 0540 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
13:48:41.0953 0540 dsNcAdpt - ok
13:48:42.0140 0540 dsNcService (b9750c064b43c7a3bbc8a74f1127aa4e) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
13:48:42.0156 0540 dsNcService - ok
13:48:42.0187 0540 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:48:42.0187 0540 EapHost - ok
13:48:42.0343 0540 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:48:42.0343 0540 eeCtrl - ok
13:48:42.0390 0540 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
13:48:42.0390 0540 EraserUtilDrv11122 - ok
13:48:42.0437 0540 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:48:42.0484 0540 EraserUtilRebootDrv - ok
13:48:42.0531 0540 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:48:42.0531 0540 ERSvc - ok
13:48:42.0593 0540 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:48:42.0609 0540 Eventlog - ok
13:48:42.0687 0540 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:48:42.0750 0540 EventSystem - ok
13:48:42.0828 0540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:48:42.0875 0540 Fastfat - ok
13:48:42.0937 0540 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:48:42.0953 0540 FastUserSwitchingCompatibility - ok
13:48:43.0000 0540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:48:43.0015 0540 Fdc - ok
13:48:43.0031 0540 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:48:43.0046 0540 Fips - ok
13:48:43.0078 0540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:48:43.0078 0540 Flpydisk - ok
13:48:43.0156 0540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:48:43.0156 0540 FltMgr - ok
13:48:43.0281 0540 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:48:43.0328 0540 FontCache3.0.0.0 - ok
13:48:43.0375 0540 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
13:48:43.0390 0540 fssfltr - ok
13:48:43.0578 0540 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:48:43.0750 0540 fsssvc - ok
13:48:43.0796 0540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:48:43.0796 0540 Fs_Rec - ok
13:48:43.0875 0540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:48:43.0906 0540 Ftdisk - ok
13:48:43.0953 0540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:48:43.0953 0540 GEARAspiWDM - ok
13:48:44.0000 0540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:48:44.0015 0540 Gpc - ok
13:48:44.0125 0540 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:48:44.0140 0540 gupdate - ok
13:48:44.0156 0540 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:48:44.0171 0540 gupdatem - ok
13:48:44.0234 0540 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:48:44.0250 0540 HDAudBus - ok
13:48:44.0359 0540 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:48:44.0359 0540 helpsvc - ok
13:48:44.0406 0540 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:48:44.0406 0540 HidServ - ok
13:48:44.0437 0540 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:48:44.0468 0540 HidUsb - ok
13:48:44.0531 0540 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:48:44.0531 0540 hkmsvc - ok
13:48:44.0546 0540 hpn - ok
13:48:44.0656 0540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:48:44.0703 0540 HTTP - ok
13:48:44.0750 0540 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:48:44.0765 0540 HTTPFilter - ok
13:48:44.0781 0540 i2omgmt - ok
13:48:44.0796 0540 i2omp - ok
13:48:44.0859 0540 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:48:44.0875 0540 i8042prt - ok
13:48:45.0500 0540 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:48:45.0765 0540 ialm - ok
13:48:45.0984 0540 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
13:48:46.0000 0540 iaStor - ok
13:48:46.0156 0540 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:48:46.0296 0540 idsvc - ok
13:48:46.0562 0540 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120516.001\IDSxpx86.sys
13:48:46.0562 0540 IDSxpx86 - ok
13:48:46.0718 0540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:48:46.0734 0540 Imapi - ok
13:48:46.0781 0540 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:48:46.0828 0540 ImapiService - ok
13:48:46.0859 0540 ini910u - ok
13:48:47.0390 0540 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:48:47.0484 0540 IntcAzAudAddService - ok
13:48:47.0609 0540 IntelIde - ok
13:48:47.0656 0540 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:48:47.0671 0540 intelppm - ok
13:48:47.0703 0540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:48:47.0718 0540 Ip6Fw - ok
13:48:47.0734 0540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:48:47.0765 0540 IpFilterDriver - ok
13:48:47.0796 0540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:48:47.0828 0540 IpInIp - ok
13:48:47.0859 0540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:48:47.0859 0540 IpNat - ok
13:48:48.0062 0540 iPod Service (82b9bf8f3cb7f443fbb7fecd5350665b) C:\Program Files\iPod\bin\iPodService.exe
13:48:48.0093 0540 iPod Service - ok
13:48:48.0187 0540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:48:48.0187 0540 IPSec - ok
13:48:48.0250 0540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:48:48.0281 0540 IRENUM - ok
13:48:48.0359 0540 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:48:48.0359 0540 isapnp - ok
13:48:48.0484 0540 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
13:48:48.0500 0540 JavaQuickStarterService - ok
13:48:48.0562 0540 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:48:48.0593 0540 Kbdclass - ok
13:48:48.0656 0540 kbfiltr (7f2b8d0b31fb4a797e5786ef124c5a80) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
13:48:48.0656 0540 kbfiltr - ok
13:48:48.0734 0540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:48:48.0750 0540 kmixer - ok
13:48:48.0828 0540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:48:48.0843 0540 KSecDD - ok
13:48:48.0921 0540 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
13:48:48.0921 0540 L1c - ok
13:48:48.0984 0540 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:48:49.0000 0540 LanmanServer - ok
13:48:49.0078 0540 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:48:49.0109 0540 lanmanworkstation - ok
13:48:49.0125 0540 lbrtfdc - ok
13:48:49.0203 0540 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:48:49.0203 0540 LmHosts - ok
13:48:49.0250 0540 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:48:49.0265 0540 Messenger - ok
13:48:49.0375 0540 Microsoft SharePoint Workspace Audit Service - ok
13:48:49.0437 0540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:48:49.0437 0540 mnmdd - ok
13:48:49.0500 0540 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:48:49.0500 0540 mnmsrvc - ok
13:48:49.0546 0540 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:48:49.0546 0540 Modem - ok
13:48:49.0750 0540 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
13:48:49.0828 0540 Monfilt - ok
13:48:49.0890 0540 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:48:49.0906 0540 Mouclass - ok
13:48:49.0953 0540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:48:49.0984 0540 mouhid - ok
13:48:50.0046 0540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:48:50.0062 0540 MountMgr - ok
13:48:50.0062 0540 mraid35x - ok
13:48:50.0140 0540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:48:50.0140 0540 MRxDAV - ok
13:48:50.0234 0540 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:48:50.0281 0540 MRxSmb - ok
13:48:50.0328 0540 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:48:50.0328 0540 MSDTC - ok
13:48:50.0359 0540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:48:50.0375 0540 Msfs - ok
13:48:50.0390 0540 MSIServer - ok
13:48:50.0437 0540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:48:50.0437 0540 MSKSSRV - ok
13:48:50.0468 0540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:48:50.0468 0540 MSPCLOCK - ok
13:48:50.0500 0540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:48:50.0500 0540 MSPQM - ok
13:48:50.0562 0540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:48:50.0562 0540 mssmbios - ok
13:48:50.0625 0540 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:48:50.0625 0540 MSTEE - ok
13:48:50.0687 0540 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:48:50.0687 0540 Mup - ok
13:48:50.0734 0540 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:48:50.0750 0540 NABTSFEC - ok
13:48:50.0796 0540 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:48:50.0828 0540 napagent - ok
13:48:51.0062 0540 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.005\NAVENG.SYS
13:48:51.0062 0540 NAVENG - ok
13:48:51.0250 0540 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.005\NAVEX15.SYS
13:48:51.0312 0540 NAVEX15 - ok
13:48:51.0515 0540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:48:51.0531 0540 NDIS - ok
13:48:51.0578 0540 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:48:51.0593 0540 NdisIP - ok
13:48:51.0640 0540 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:48:51.0656 0540 NdisTapi - ok
13:48:51.0703 0540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:48:51.0718 0540 Ndisuio - ok
13:48:51.0765 0540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:48:51.0781 0540 NdisWan - ok
13:48:51.0843 0540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:48:51.0843 0540 NDProxy - ok
13:48:51.0921 0540 NEOFLTR_650_14951 (0fc1898e1ebd9b22272243d4ea4168d1) C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS
13:48:51.0921 0540 NEOFLTR_650_14951 - ok
13:48:51.0984 0540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:48:51.0984 0540 NetBIOS - ok
13:48:52.0031 0540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:48:52.0046 0540 NetBT - ok
13:48:52.0078 0540 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:48:52.0093 0540 NetDDE - ok
13:48:52.0109 0540 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:48:52.0125 0540 NetDDEdsdm - ok
13:48:52.0187 0540 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:52.0203 0540 Netlogon - ok
13:48:52.0265 0540 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:48:52.0296 0540 Netman - ok
13:48:52.0406 0540 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:48:52.0500 0540 NetTcpPortSharing - ok
13:48:52.0578 0540 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:48:52.0593 0540 Nla - ok
13:48:52.0640 0540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:48:52.0640 0540 Npfs - ok
13:48:52.0750 0540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:48:52.0781 0540 Ntfs - ok
13:48:52.0796 0540 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:52.0812 0540 NtLmSsp - ok
13:48:52.0890 0540 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:48:52.0921 0540 NtmsSvc - ok
13:48:52.0984 0540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:48:52.0984 0540 Null - ok
13:48:53.0015 0540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:48:53.0046 0540 NwlnkFlt - ok
13:48:53.0078 0540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:48:53.0093 0540 NwlnkFwd - ok
13:48:53.0203 0540 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:48:53.0218 0540 ose - ok
13:48:53.0765 0540 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:48:54.0062 0540 osppsvc - ok
13:48:54.0187 0540 PACS Client Updater (9acf3e3e177ff477b6f17bc61d24ed31) C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
13:48:54.0187 0540 PACS Client Updater - ok
13:48:54.0359 0540 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:48:54.0390 0540 Parport - ok
13:48:54.0453 0540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:48:54.0453 0540 PartMgr - ok
13:48:54.0500 0540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:48:54.0531 0540 ParVdm - ok
13:48:54.0562 0540 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:48:54.0593 0540 PCI - ok
13:48:54.0609 0540 PCIDump - ok
13:48:54.0640 0540 PCIIde - ok
13:48:54.0687 0540 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:48:54.0750 0540 Pcmcia - ok
13:48:54.0765 0540 PDCOMP - ok
13:48:54.0796 0540 PDFRAME - ok
13:48:54.0812 0540 PDRELI - ok
13:48:54.0828 0540 PDRFRAME - ok
13:48:54.0859 0540 perc2 - ok
13:48:54.0875 0540 perc2hib - ok
13:48:54.0968 0540 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:48:54.0968 0540 PlugPlay - ok
13:48:55.0031 0540 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:55.0031 0540 PolicyAgent - ok
13:48:55.0109 0540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:48:55.0109 0540 PptpMiniport - ok
13:48:55.0125 0540 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:55.0125 0540 ProtectedStorage - ok
13:48:55.0140 0540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:48:55.0156 0540 PSched - ok
13:48:55.0187 0540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:48:55.0187 0540 Ptilink - ok
13:48:55.0203 0540 ql1080 - ok
13:48:55.0218 0540 Ql10wnt - ok
13:48:55.0234 0540 ql12160 - ok
13:48:55.0250 0540 ql1240 - ok
13:48:55.0265 0540 ql1280 - ok
13:48:55.0296 0540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:48:55.0312 0540 RasAcd - ok
13:48:55.0359 0540 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:48:55.0359 0540 RasAuto - ok
13:48:55.0406 0540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:48:55.0406 0540 Rasl2tp - ok
13:48:55.0453 0540 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:48:55.0468 0540 RasMan - ok
13:48:55.0484 0540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:48:55.0500 0540 RasPppoe - ok
13:48:55.0515 0540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:48:55.0515 0540 Raspti - ok
13:48:55.0578 0540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:48:55.0593 0540 Rdbss - ok
13:48:55.0671 0540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:48:55.0671 0540 RDPCDD - ok
13:48:55.0750 0540 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:48:55.0796 0540 RDPWD - ok
13:48:55.0875 0540 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:48:55.0890 0540 RDSessMgr - ok
13:48:55.0953 0540 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:48:55.0953 0540 redbook - ok
13:48:56.0000 0540 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:48:56.0031 0540 RemoteAccess - ok
13:48:56.0078 0540 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:48:56.0093 0540 RpcLocator - ok
13:48:56.0171 0540 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:48:56.0187 0540 RpcSs - ok
13:48:56.0265 0540 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:48:56.0312 0540 RSVP - ok
13:48:56.0359 0540 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:56.0359 0540 SamSs - ok
13:48:56.0406 0540 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:48:56.0421 0540 SCardSvr - ok
13:48:56.0500 0540 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:48:56.0515 0540 Schedule - ok
13:48:56.0562 0540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:48:56.0593 0540 Secdrv - ok
13:48:56.0671 0540 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:48:56.0671 0540 seclogon - ok
13:48:56.0718 0540 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:48:56.0718 0540 SENS - ok
13:48:56.0937 0540 SepMasterService (74885bdff62e537f268ebf8e8cec24bb) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
13:48:56.0937 0540 SepMasterService - ok
13:48:57.0015 0540 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:48:57.0015 0540 Serial - ok
13:48:57.0078 0540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:48:57.0078 0540 Sfloppy - ok
13:48:57.0171 0540 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:48:57.0187 0540 SharedAccess - ok
13:48:57.0250 0540 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:48:57.0265 0540 ShellHWDetection - ok
13:48:57.0281 0540 Simbad - ok
13:48:57.0328 0540 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:48:57.0359 0540 SLIP - ok
13:48:57.0562 0540 SmcService (244687a7f63848235b8b5cc493b6caff) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
13:48:57.0750 0540 SmcService - ok
13:48:57.0828 0540 SNAC (6cd803703835cc3ea4e8d47b2517f1c1) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe
13:48:57.0890 0540 SNAC - ok
13:48:58.0171 0540 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
13:48:58.0250 0540 SNP2UVC - ok
13:48:58.0343 0540 Sparrow - ok
13:48:58.0359 0540 SPBBCDrv - ok
13:48:58.0421 0540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:48:58.0421 0540 splitter - ok
13:48:58.0484 0540 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:48:58.0484 0540 Spooler - ok
13:48:58.0546 0540 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:48:58.0562 0540 sr - ok
13:48:58.0656 0540 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:48:58.0703 0540 srservice - ok
13:48:58.0859 0540 SRTSP (818ff33e09c5ef86e721e1fc00154564) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS
13:48:58.0875 0540 SRTSP - ok
13:48:58.0968 0540 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
13:48:58.0984 0540 SRTSPL - ok
13:48:59.0031 0540 SRTSPX (3c01529e8b986d9dc7489f7ce8bcad91) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS
13:48:59.0046 0540 SRTSPX - ok
13:48:59.0156 0540 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:48:59.0171 0540 Srv - ok
13:48:59.0218 0540 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:48:59.0234 0540 SSDPSRV - ok
13:48:59.0296 0540 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
13:48:59.0312 0540 StillCam - ok
13:48:59.0406 0540 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:48:59.0437 0540 stisvc - ok
13:48:59.0468 0540 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:48:59.0484 0540 streamip - ok
13:48:59.0500 0540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:48:59.0546 0540 swenum - ok
13:48:59.0593 0540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:48:59.0593 0540 swmidi - ok
13:48:59.0609 0540 SwPrv - ok
13:48:59.0640 0540 symc810 - ok
13:48:59.0656 0540 symc8xx - ok
13:48:59.0796 0540 SymDS (4f52d56310fef75249914f352dde7d13) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMDS.SYS
13:48:59.0859 0540 SymDS - ok
13:49:00.0015 0540 SymEFA (71b5577badcf9c9420393395601bb995) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMEFA.SYS
13:49:00.0093 0540 SymEFA - ok
13:49:00.0171 0540 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:49:00.0171 0540 SymEvent - ok
13:49:00.0234 0540 SymIRON (7450a24afbc9b0804d0a987204ffc0f8) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS
13:49:00.0250 0540 SymIRON - ok
13:49:00.0296 0540 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:49:00.0328 0540 SYMREDRV - ok
13:49:00.0421 0540 SYMTDI (2b574c93d074222d2bc8ff9a27567bfd) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMTDI.SYS
13:49:00.0421 0540 SYMTDI - ok
13:49:00.0437 0540 sym_hi - ok
13:49:00.0468 0540 sym_u3 - ok
13:49:00.0625 0540 SynapseUpdateSvc (8acc90c2c0f57e2892f986cc336bd0c4) C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe
13:49:00.0687 0540 SynapseUpdateSvc - ok
13:49:00.0765 0540 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:49:00.0781 0540 SynTP - ok
13:49:00.0843 0540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:49:00.0859 0540 sysaudio - ok
13:49:00.0906 0540 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:49:00.0968 0540 SysmonLog - ok
13:49:01.0031 0540 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:49:01.0046 0540 TapiSrv - ok
13:49:01.0140 0540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:49:01.0156 0540 Tcpip - ok
13:49:01.0218 0540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:49:01.0250 0540 TDPIPE - ok
13:49:01.0296 0540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:49:01.0328 0540 TDTCP - ok
13:49:01.0375 0540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:49:01.0390 0540 TermDD - ok
13:49:01.0453 0540 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:49:01.0468 0540 TermService - ok
13:49:01.0531 0540 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:49:01.0546 0540 Themes - ok
13:49:01.0593 0540 TosIde - ok
13:49:01.0671 0540 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:49:01.0671 0540 TrkWks - ok
13:49:01.0734 0540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:49:01.0765 0540 Udfs - ok
13:49:01.0781 0540 ultra - ok
13:49:01.0890 0540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:49:01.0906 0540 Update - ok
13:49:01.0968 0540 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:49:01.0984 0540 upnphost - ok
13:49:02.0015 0540 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:49:02.0031 0540 UPS - ok
13:49:02.0062 0540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:49:02.0093 0540 usbccgp - ok
13:49:02.0156 0540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:49:02.0171 0540 usbehci - ok
13:49:02.0234 0540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:49:02.0265 0540 usbhub - ok
13:49:02.0312 0540 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:49:02.0359 0540 usbprint - ok
13:49:02.0406 0540 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:49:02.0453 0540 usbscan - ok
13:49:02.0500 0540 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:49:02.0515 0540 usbstor - ok
13:49:02.0562 0540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:49:02.0578 0540 usbuhci - ok
13:49:02.0640 0540 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:49:02.0703 0540 usbvideo - ok
13:49:02.0750 0540 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
13:49:02.0781 0540 uvclf - ok
13:49:02.0859 0540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:49:02.0859 0540 VgaSave - ok
13:49:02.0875 0540 ViaIde - ok
13:49:02.0984 0540 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:49:02.0984 0540 VolSnap - ok
13:49:03.0062 0540 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:49:03.0093 0540 VSS - ok
13:49:03.0171 0540 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:49:03.0203 0540 W32Time - ok
13:49:03.0281 0540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:49:03.0281 0540 Wanarp - ok
13:49:03.0390 0540 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:49:03.0406 0540 Wdf01000 - ok
13:49:03.0421 0540 WDICA - ok
13:49:03.0500 0540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:49:03.0515 0540 wdmaud - ok
13:49:03.0562 0540 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:49:03.0578 0540 WebClient - ok
13:49:03.0703 0540 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:49:03.0718 0540 winmgmt - ok
13:49:03.0796 0540 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:49:03.0828 0540 WmdmPmSN - ok
13:49:03.0921 0540 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:49:03.0984 0540 WmiApSrv - ok
13:49:04.0187 0540 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:49:04.0343 0540 WMPNetworkSvc - ok
13:49:04.0390 0540 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:49:04.0406 0540 WS2IFSL - ok
13:49:04.0437 0540 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:49:04.0453 0540 wscsvc - ok
13:49:04.0500 0540 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:49:04.0546 0540 WSTCODEC - ok
13:49:04.0609 0540 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:49:04.0625 0540 wuauserv - ok
13:49:04.0671 0540 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:49:04.0687 0540 WudfPf - ok
13:49:04.0765 0540 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:49:04.0812 0540 WudfRd - ok
13:49:04.0859 0540 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:49:04.0875 0540 WudfSvc - ok
13:49:04.0984 0540 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:49:05.0000 0540 WZCSVC - ok
13:49:05.0078 0540 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:49:05.0093 0540 xmlprov - ok
13:49:05.0156 0540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:49:05.0984 0540 \Device\Harddisk0\DR0 - ok
13:49:06.0000 0540 Boot (0x1200) (b055a910e0d627b4724382edca5af673) \Device\Harddisk0\DR0\Partition0
13:49:06.0000 0540 \Device\Harddisk0\DR0\Partition0 - ok
13:49:06.0000 0540 ============================================================
13:49:06.0000 0540 Scan finished
13:49:06.0000 0540 ============================================================
13:49:06.0031 1528 Detected object count: 0
13:49:06.0031 1528 Actual detected object count: 0
13:50:05.0609 3268 Deinitialize success

My OTL log :OTL logfile created on: 5/18/2012 4:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Matthew Abbott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 385.97 Mb Available Physical Memory | 38.02% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 124.91 Gb Free Space | 86.67% Space Free | Partition Type: NTFS

Computer Name: ABBOTT | User Name: Matthew Abbott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/15 19:36:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\OTL.exe
PRC - [2011/10/30 21:01:00 | 001,667,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
PRC - [2011/09/20 23:58:00 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/10/22 16:49:52 | 000,199,680 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe
PRC - [2010/10/22 16:11:44 | 000,243,072 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) -- C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 17:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/04/15 15:34:52 | 000,024,576 | ---- | M] (Agfa Healthcare) -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
PRC - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/12/29 19:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
PRC - [2009/12/12 00:14:58 | 000,994,216 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/11/09 18:34:04 | 000,401,072 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2009/06/26 17:13:00 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009/05/08 20:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/04/30 14:49:42 | 000,385,024 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/12 14:18:27 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a437d5af\mscorlib.dll
MOD - [2012/01/12 14:18:09 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c543bd15\system.xml.dll
MOD - [2012/01/12 14:17:40 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4b9393da\system.dll
MOD - [2012/01/12 14:17:26 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/07 14:57:24 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2010/01/07 14:57:23 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/01/07 14:57:23 | 001,294,336 | ---- | M] () -- c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll
MOD - [2009/12/29 19:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
MOD - [2009/11/09 18:34:04 | 000,401,072 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/30 21:01:00 | 001,667,328 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/10/30 20:41:00 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe -- (SNAC)
SRV - [2011/09/20 23:58:00 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/22 16:49:52 | 000,199,680 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) [Auto | Running] -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe -- (SynapseUpdateSvc)
SRV - [2010/04/15 15:34:52 | 000,024,576 | ---- | M] (Agfa Healthcare) [Auto | Running] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
SRV - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SPBBCDrv)
DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\fgtdrpog.sys -- (fgtdrpog)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - [2012/05/15 20:19:07 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 20:19:07 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.023\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/03 01:27:14 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120517.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/25 14:40:39 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/04/25 14:40:39 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - [2012/04/02 19:40:10 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/25 20:12:20 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/03 05:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/27 19:45:00 | 000,522,872 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/09/27 19:45:00 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/09/13 19:46:00 | 000,137,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/09/08 20:24:00 | 000,370,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\symtdi.sys -- (SYMTDI)
DRV - [2011/08/27 19:48:00 | 000,758,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2011/07/16 19:48:00 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys -- (SymDS)
DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/12/09 09:28:04 | 000,085,288 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_14951.SYS -- (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/06 02:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/07/06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/04/27 07:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/14 03:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 20:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 01:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/11/19 05:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/11/03 19:03:28 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 22:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1006
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes\{E1F1D83E-270B-054F-25C9-60461DF5B614}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z082&partner_id=249&product_id=628&affiliate_id=&channel=3_18&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110802&user_guid=59ED0A5B6EA145DA9D5560E93E82EB61&machine_id=e257fc4aca42a1f3aa4283be70bce6fa&browser=IE&os=win&os_version=5.1-x86-SP3
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/16 17:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [2012/05/18 13:31:13 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/17 17:12:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Synapse BHO Class) - {33414365-E6C7-460d-880A-A163BD69E84D} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe ()
O4 - HKLM..\Run: [FujiSynapseBridge] C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe (FUJIFILM Medical Systems U.S.A., Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Synapse URLSearchHook Configuration] C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Matthew Abbott\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1FBD11EF-1260-11D1-87A7-444553540001} Local (Synapse)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/Juni ... Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236E87B1-95E4-4041-A2ED-2E03B5E01403}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Matthew Abbott\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew Abbott\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 21:20:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 13:47:58 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew Abbott\Desktop\TDSSKiller.exe
[2012/05/17 17:32:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/17 17:29:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\TFC.exe
[2012/05/17 16:56:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/17 16:56:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/17 16:56:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/17 16:56:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/15 19:36:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\OTL.exe
[2012/05/12 21:41:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/12 17:03:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/12 16:43:32 | 004,496,432 | R--- | C] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\ComboFix.exe
[2012/05/12 09:22:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Matthew Abbott\Desktop\aswMBR.exe
[2012/05/10 20:26:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\dds.scr
[2012/05/10 08:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/05/10 07:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Threat Expert
[2012/05/09 22:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/05/09 21:08:57 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/05/09 21:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/05/09 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/05/09 21:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Abbott\Application Data\TestApp
[2012/04/20 21:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\PDF2Office Personal v4.0

========== Files - Modified Within 30 Days ==========

[2012/05/18 15:36:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 14:00:03 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/05/18 13:50:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\28l0vk3o.exe
[2012/05/18 13:47:23 | 002,107,843 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\tdsskiller.zip
[2012/05/18 13:31:09 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 13:30:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/05/17 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/05/17 17:29:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\TFC.exe
[2012/05/17 17:29:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/05/17 17:12:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/17 16:55:26 | 004,496,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\ComboFix.exe
[2012/05/17 16:15:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\KillBox.exe
[2012/05/17 13:45:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/17 10:33:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\MBR.dat
[2012/05/17 09:00:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/16 07:40:00 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew Abbott\Desktop\TDSSKiller.exe
[2012/05/15 20:00:06 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\SystemLook.exe
[2012/05/15 19:36:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\OTL.exe
[2012/05/13 07:47:09 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 21:43:47 | 000,445,394 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/12 21:43:46 | 000,073,120 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/12 21:37:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/12 17:03:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/12 09:22:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Matthew Abbott\Desktop\aswMBR.exe
[2012/05/10 20:27:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\dds.scr
[2012/05/09 21:09:43 | 000,587,581 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/04/23 14:17:56 | 000,203,088 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys

========== Files Created - No Company Name ==========

[2012/05/18 13:50:46 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\28l0vk3o.exe
[2012/05/18 13:47:22 | 002,107,843 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\tdsskiller.zip
[2012/05/17 16:56:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/17 16:56:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/17 16:56:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/17 16:56:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/17 16:56:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/17 16:13:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\KillBox.exe
[2012/05/15 20:00:04 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\SystemLook.exe
[2012/05/12 17:03:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/12 17:03:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/12 10:01:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\MBR.dat
[2012/05/09 21:09:15 | 000,587,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/24 12:47:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/14 21:04:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 19:06:29 | 000,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini
[2011/11/12 19:06:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Concentr.ini
[2011/11/12 19:06:28 | 000,000,148 | ---- | C] () -- C:\WINDOWS\Citrix.ini
[2011/06/17 08:24:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\fusioncache.dat
[2011/06/06 16:04:39 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 14:24:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/23 16:23:01 | 000,077,620 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 04:47:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/31 18:25:36 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010/05/31 18:17:36 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

< End of report >
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 18th, 2012, 9:39 pm

pgmigg,

I have to split this into 2 replies to send it.

My TDSSKiller log is :
13:48:31.0968 0564 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
13:48:32.0328 0564 ============================================================
13:48:32.0328 0564 Current date / time: 2012/05/18 13:48:32.0328
13:48:32.0328 0564 SystemInfo:
13:48:32.0328 0564
13:48:32.0328 0564 OS Version: 5.1.2600 ServicePack: 3.0
13:48:32.0328 0564 Product type: Workstation
13:48:32.0343 0564 ComputerName: ABBOTT
13:48:32.0343 0564 UserName: Matthew Abbott
13:48:32.0343 0564 Windows directory: C:\WINDOWS
13:48:32.0343 0564 System windows directory: C:\WINDOWS
13:48:32.0343 0564 Processor architecture: Intel x86
13:48:32.0343 0564 Number of processors: 2
13:48:32.0343 0564 Page size: 0x1000
13:48:32.0343 0564 Boot type: Normal boot
13:48:32.0343 0564 ============================================================
13:48:33.0250 0564 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:48:33.0250 0564 ============================================================
13:48:33.0250 0564 \Device\Harddisk0\DR0:
13:48:33.0250 0564 MBR partitions:
13:48:33.0250 0564 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1203EBBF
13:48:33.0250 0564 ============================================================
13:48:33.0296 0564 C: <-> \Device\Harddisk0\DR0\Partition0
13:48:33.0296 0564 ============================================================
13:48:33.0296 0564 Initialize success
13:48:33.0296 0564 ============================================================
13:48:35.0890 0540 ============================================================
13:48:35.0890 0540 Scan started
13:48:35.0890 0540 Mode: Manual;
13:48:35.0890 0540 ============================================================
13:48:36.0312 0540 Abiosdsk - ok
13:48:36.0328 0540 abp480n5 - ok
13:48:36.0406 0540 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:48:36.0421 0540 ACPI - ok
13:48:36.0468 0540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:48:36.0515 0540 ACPIEC - ok
13:48:36.0531 0540 adpu160m - ok
13:48:36.0609 0540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:48:36.0625 0540 aec - ok
13:48:36.0703 0540 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:48:36.0718 0540 AFD - ok
13:48:36.0718 0540 Aha154x - ok
13:48:36.0734 0540 aic78u2 - ok
13:48:36.0765 0540 aic78xx - ok
13:48:36.0812 0540 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:48:36.0812 0540 Alerter - ok
13:48:36.0875 0540 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:48:36.0890 0540 ALG - ok
13:48:36.0906 0540 AliIde - ok
13:48:37.0125 0540 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
13:48:37.0218 0540 Ambfilt - ok
13:48:37.0328 0540 amsint - ok
13:48:37.0500 0540 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:48:37.0500 0540 Apple Mobile Device - ok
13:48:37.0531 0540 AppMgmt - ok
13:48:37.0734 0540 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
13:48:37.0875 0540 AR5416 - ok
13:48:38.0000 0540 asc - ok
13:48:38.0015 0540 asc3350p - ok
13:48:38.0031 0540 asc3550 - ok
13:48:38.0171 0540 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:48:38.0250 0540 aspnet_state - ok
13:48:38.0312 0540 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys
13:48:38.0328 0540 AsUpIO - ok
13:48:38.0390 0540 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
13:48:38.0390 0540 AsusACPI - ok
13:48:38.0453 0540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:48:38.0468 0540 AsyncMac - ok
13:48:38.0531 0540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
13:48:38.0562 0540 atapi - ok
13:48:38.0578 0540 Atdisk - ok
13:48:38.0625 0540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:48:38.0656 0540 Atmarpc - ok
13:48:38.0718 0540 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:48:38.0718 0540 AudioSrv - ok
13:48:38.0765 0540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:48:38.0765 0540 audstub - ok
13:48:38.0859 0540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:48:38.0859 0540 Beep - ok
13:48:39.0109 0540 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys
13:48:39.0125 0540 BHDrvx86 - ok
13:48:39.0234 0540 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:48:39.0281 0540 BITS - ok
13:48:39.0390 0540 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
13:48:39.0406 0540 Bonjour Service - ok
13:48:39.0484 0540 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:48:39.0484 0540 Browser - ok
13:48:39.0515 0540 btaudio - ok
13:48:39.0531 0540 BTDriver - ok
13:48:39.0562 0540 BTWDNDIS - ok
13:48:39.0578 0540 btwhid - ok
13:48:39.0609 0540 BTWUSB - ok
13:48:39.0625 0540 catchme - ok
13:48:39.0671 0540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:48:39.0703 0540 cbidf2k - ok
13:48:39.0734 0540 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:48:39.0750 0540 CCDECODE - ok
13:48:39.0890 0540 ccEvtMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
13:48:39.0906 0540 ccEvtMgr - ok
13:48:39.0921 0540 ccSetMgr (27d036fb3d22ca8a6662fe960d1a937d) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
13:48:39.0937 0540 ccSetMgr - ok
13:48:39.0953 0540 cd20xrnt - ok
13:48:40.0031 0540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:48:40.0031 0540 Cdaudio - ok
13:48:40.0078 0540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:48:40.0125 0540 Cdfs - ok
13:48:40.0218 0540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:48:40.0234 0540 Cdrom - ok
13:48:40.0250 0540 Changer - ok
13:48:40.0281 0540 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:48:40.0296 0540 CiSvc - ok
13:48:40.0328 0540 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:48:40.0328 0540 ClipSrv - ok
13:48:40.0453 0540 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:48:40.0562 0540 clr_optimization_v2.0.50727_32 - ok
13:48:40.0640 0540 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:48:40.0640 0540 CmBatt - ok
13:48:40.0656 0540 CmdIde - ok
13:48:40.0734 0540 COH_Mon (c586875ece5318c6309ed1ab79d0e55f) C:\WINDOWS\system32\Drivers\COH_Mon.sys
13:48:40.0750 0540 COH_Mon - ok
13:48:40.0781 0540 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:48:40.0781 0540 Compbatt - ok
13:48:40.0796 0540 COMSysApp - ok
13:48:40.0843 0540 Cpqarray - ok
13:48:40.0921 0540 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:48:40.0921 0540 CryptSvc - ok
13:48:40.0937 0540 dac2w2k - ok
13:48:40.0968 0540 dac960nt - ok
13:48:41.0078 0540 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:48:41.0093 0540 DcomLaunch - ok
13:48:41.0171 0540 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:48:41.0171 0540 Dhcp - ok
13:48:41.0218 0540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:48:41.0218 0540 Disk - ok
13:48:41.0234 0540 dmadmin - ok
13:48:41.0359 0540 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:48:41.0437 0540 dmboot - ok
13:48:41.0500 0540 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:48:41.0500 0540 dmio - ok
13:48:41.0546 0540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:48:41.0578 0540 dmload - ok
13:48:41.0640 0540 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:48:41.0640 0540 dmserver - ok
13:48:41.0687 0540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:48:41.0703 0540 DMusic - ok
13:48:41.0750 0540 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:48:41.0750 0540 Dnscache - ok
13:48:41.0812 0540 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:48:41.0828 0540 Dot3svc - ok
13:48:41.0843 0540 dpti2o - ok
13:48:41.0890 0540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:48:41.0890 0540 drmkaud - ok
13:48:41.0953 0540 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
13:48:41.0953 0540 dsNcAdpt - ok
13:48:42.0140 0540 dsNcService (b9750c064b43c7a3bbc8a74f1127aa4e) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
13:48:42.0156 0540 dsNcService - ok
13:48:42.0187 0540 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:48:42.0187 0540 EapHost - ok
13:48:42.0343 0540 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:48:42.0343 0540 eeCtrl - ok
13:48:42.0390 0540 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
13:48:42.0390 0540 EraserUtilDrv11122 - ok
13:48:42.0437 0540 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
13:48:42.0484 0540 EraserUtilRebootDrv - ok
13:48:42.0531 0540 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:48:42.0531 0540 ERSvc - ok
13:48:42.0593 0540 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:48:42.0609 0540 Eventlog - ok
13:48:42.0687 0540 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:48:42.0750 0540 EventSystem - ok
13:48:42.0828 0540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:48:42.0875 0540 Fastfat - ok
13:48:42.0937 0540 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:48:42.0953 0540 FastUserSwitchingCompatibility - ok
13:48:43.0000 0540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:48:43.0015 0540 Fdc - ok
13:48:43.0031 0540 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:48:43.0046 0540 Fips - ok
13:48:43.0078 0540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:48:43.0078 0540 Flpydisk - ok
13:48:43.0156 0540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:48:43.0156 0540 FltMgr - ok
13:48:43.0281 0540 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:48:43.0328 0540 FontCache3.0.0.0 - ok
13:48:43.0375 0540 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
13:48:43.0390 0540 fssfltr - ok
13:48:43.0578 0540 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:48:43.0750 0540 fsssvc - ok
13:48:43.0796 0540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:48:43.0796 0540 Fs_Rec - ok
13:48:43.0875 0540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:48:43.0906 0540 Ftdisk - ok
13:48:43.0953 0540 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:48:43.0953 0540 GEARAspiWDM - ok
13:48:44.0000 0540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:48:44.0015 0540 Gpc - ok
13:48:44.0125 0540 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:48:44.0140 0540 gupdate - ok
13:48:44.0156 0540 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:48:44.0171 0540 gupdatem - ok
13:48:44.0234 0540 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:48:44.0250 0540 HDAudBus - ok
13:48:44.0359 0540 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:48:44.0359 0540 helpsvc - ok
13:48:44.0406 0540 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:48:44.0406 0540 HidServ - ok
13:48:44.0437 0540 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:48:44.0468 0540 HidUsb - ok
13:48:44.0531 0540 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:48:44.0531 0540 hkmsvc - ok
13:48:44.0546 0540 hpn - ok
13:48:44.0656 0540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:48:44.0703 0540 HTTP - ok
13:48:44.0750 0540 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:48:44.0765 0540 HTTPFilter - ok
13:48:44.0781 0540 i2omgmt - ok
13:48:44.0796 0540 i2omp - ok
13:48:44.0859 0540 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:48:44.0875 0540 i8042prt - ok
13:48:45.0500 0540 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:48:45.0765 0540 ialm - ok
13:48:45.0984 0540 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
13:48:46.0000 0540 iaStor - ok
13:48:46.0156 0540 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:48:46.0296 0540 idsvc - ok
13:48:46.0562 0540 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120516.001\IDSxpx86.sys
13:48:46.0562 0540 IDSxpx86 - ok
13:48:46.0718 0540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:48:46.0734 0540 Imapi - ok
13:48:46.0781 0540 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:48:46.0828 0540 ImapiService - ok
13:48:46.0859 0540 ini910u - ok
13:48:47.0390 0540 IntcAzAudAddService (9037c8bd3e896d7f2803a171fdeaeef4) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:48:47.0484 0540 IntcAzAudAddService - ok
13:48:47.0609 0540 IntelIde - ok
13:48:47.0656 0540 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:48:47.0671 0540 intelppm - ok
13:48:47.0703 0540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:48:47.0718 0540 Ip6Fw - ok
13:48:47.0734 0540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:48:47.0765 0540 IpFilterDriver - ok
13:48:47.0796 0540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:48:47.0828 0540 IpInIp - ok
13:48:47.0859 0540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:48:47.0859 0540 IpNat - ok
13:48:48.0062 0540 iPod Service (82b9bf8f3cb7f443fbb7fecd5350665b) C:\Program Files\iPod\bin\iPodService.exe
13:48:48.0093 0540 iPod Service - ok
13:48:48.0187 0540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:48:48.0187 0540 IPSec - ok
13:48:48.0250 0540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:48:48.0281 0540 IRENUM - ok
13:48:48.0359 0540 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:48:48.0359 0540 isapnp - ok
13:48:48.0484 0540 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
13:48:48.0500 0540 JavaQuickStarterService - ok
13:48:48.0562 0540 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:48:48.0593 0540 Kbdclass - ok
13:48:48.0656 0540 kbfiltr (7f2b8d0b31fb4a797e5786ef124c5a80) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
13:48:48.0656 0540 kbfiltr - ok
13:48:48.0734 0540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:48:48.0750 0540 kmixer - ok
13:48:48.0828 0540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:48:48.0843 0540 KSecDD - ok
13:48:48.0921 0540 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
13:48:48.0921 0540 L1c - ok
13:48:48.0984 0540 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:48:49.0000 0540 LanmanServer - ok
13:48:49.0078 0540 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:48:49.0109 0540 lanmanworkstation - ok
13:48:49.0125 0540 lbrtfdc - ok
13:48:49.0203 0540 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:48:49.0203 0540 LmHosts - ok
13:48:49.0250 0540 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:48:49.0265 0540 Messenger - ok
13:48:49.0375 0540 Microsoft SharePoint Workspace Audit Service - ok
13:48:49.0437 0540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:48:49.0437 0540 mnmdd - ok
13:48:49.0500 0540 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:48:49.0500 0540 mnmsrvc - ok
13:48:49.0546 0540 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:48:49.0546 0540 Modem - ok
13:48:49.0750 0540 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
13:48:49.0828 0540 Monfilt - ok
13:48:49.0890 0540 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:48:49.0906 0540 Mouclass - ok
13:48:49.0953 0540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:48:49.0984 0540 mouhid - ok
13:48:50.0046 0540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:48:50.0062 0540 MountMgr - ok
13:48:50.0062 0540 mraid35x - ok
13:48:50.0140 0540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:48:50.0140 0540 MRxDAV - ok
13:48:50.0234 0540 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:48:50.0281 0540 MRxSmb - ok
13:48:50.0328 0540 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:48:50.0328 0540 MSDTC - ok
13:48:50.0359 0540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:48:50.0375 0540 Msfs - ok
13:48:50.0390 0540 MSIServer - ok
13:48:50.0437 0540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:48:50.0437 0540 MSKSSRV - ok
13:48:50.0468 0540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:48:50.0468 0540 MSPCLOCK - ok
13:48:50.0500 0540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:48:50.0500 0540 MSPQM - ok
13:48:50.0562 0540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:48:50.0562 0540 mssmbios - ok
13:48:50.0625 0540 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:48:50.0625 0540 MSTEE - ok
13:48:50.0687 0540 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:48:50.0687 0540 Mup - ok
13:48:50.0734 0540 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:48:50.0750 0540 NABTSFEC - ok
13:48:50.0796 0540 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:48:50.0828 0540 napagent - ok
13:48:51.0062 0540 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.005\NAVENG.SYS
13:48:51.0062 0540 NAVENG - ok
13:48:51.0250 0540 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.005\NAVEX15.SYS
13:48:51.0312 0540 NAVEX15 - ok
13:48:51.0515 0540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:48:51.0531 0540 NDIS - ok
13:48:51.0578 0540 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:48:51.0593 0540 NdisIP - ok
13:48:51.0640 0540 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:48:51.0656 0540 NdisTapi - ok
13:48:51.0703 0540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:48:51.0718 0540 Ndisuio - ok
13:48:51.0765 0540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:48:51.0781 0540 NdisWan - ok
13:48:51.0843 0540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:48:51.0843 0540 NDProxy - ok
13:48:51.0921 0540 NEOFLTR_650_14951 (0fc1898e1ebd9b22272243d4ea4168d1) C:\WINDOWS\system32\Drivers\NEOFLTR_650_14951.SYS
13:48:51.0921 0540 NEOFLTR_650_14951 - ok
13:48:51.0984 0540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:48:51.0984 0540 NetBIOS - ok
13:48:52.0031 0540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:48:52.0046 0540 NetBT - ok
13:48:52.0078 0540 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:48:52.0093 0540 NetDDE - ok
13:48:52.0109 0540 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:48:52.0125 0540 NetDDEdsdm - ok
13:48:52.0187 0540 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:52.0203 0540 Netlogon - ok
13:48:52.0265 0540 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:48:52.0296 0540 Netman - ok
13:48:52.0406 0540 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:48:52.0500 0540 NetTcpPortSharing - ok
13:48:52.0578 0540 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:48:52.0593 0540 Nla - ok
13:48:52.0640 0540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:48:52.0640 0540 Npfs - ok
13:48:52.0750 0540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:48:52.0781 0540 Ntfs - ok
13:48:52.0796 0540 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:52.0812 0540 NtLmSsp - ok
13:48:52.0890 0540 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:48:52.0921 0540 NtmsSvc - ok
13:48:52.0984 0540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:48:52.0984 0540 Null - ok
13:48:53.0015 0540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:48:53.0046 0540 NwlnkFlt - ok
13:48:53.0078 0540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:48:53.0093 0540 NwlnkFwd - ok
13:48:53.0203 0540 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:48:53.0218 0540 ose - ok
13:48:53.0765 0540 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:48:54.0062 0540 osppsvc - ok
13:48:54.0187 0540 PACS Client Updater (9acf3e3e177ff477b6f17bc61d24ed31) C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
13:48:54.0187 0540 PACS Client Updater - ok
13:48:54.0359 0540 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:48:54.0390 0540 Parport - ok
13:48:54.0453 0540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:48:54.0453 0540 PartMgr - ok
13:48:54.0500 0540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:48:54.0531 0540 ParVdm - ok
13:48:54.0562 0540 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:48:54.0593 0540 PCI - ok
13:48:54.0609 0540 PCIDump - ok
13:48:54.0640 0540 PCIIde - ok
13:48:54.0687 0540 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:48:54.0750 0540 Pcmcia - ok
13:48:54.0765 0540 PDCOMP - ok
13:48:54.0796 0540 PDFRAME - ok
13:48:54.0812 0540 PDRELI - ok
13:48:54.0828 0540 PDRFRAME - ok
13:48:54.0859 0540 perc2 - ok
13:48:54.0875 0540 perc2hib - ok
13:48:54.0968 0540 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:48:54.0968 0540 PlugPlay - ok
13:48:55.0031 0540 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:55.0031 0540 PolicyAgent - ok
13:48:55.0109 0540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:48:55.0109 0540 PptpMiniport - ok
13:48:55.0125 0540 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:55.0125 0540 ProtectedStorage - ok
13:48:55.0140 0540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:48:55.0156 0540 PSched - ok
13:48:55.0187 0540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:48:55.0187 0540 Ptilink - ok
13:48:55.0203 0540 ql1080 - ok
13:48:55.0218 0540 Ql10wnt - ok
13:48:55.0234 0540 ql12160 - ok
13:48:55.0250 0540 ql1240 - ok
13:48:55.0265 0540 ql1280 - ok
13:48:55.0296 0540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:48:55.0312 0540 RasAcd - ok
13:48:55.0359 0540 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:48:55.0359 0540 RasAuto - ok
13:48:55.0406 0540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:48:55.0406 0540 Rasl2tp - ok
13:48:55.0453 0540 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:48:55.0468 0540 RasMan - ok
13:48:55.0484 0540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:48:55.0500 0540 RasPppoe - ok
13:48:55.0515 0540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:48:55.0515 0540 Raspti - ok
13:48:55.0578 0540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:48:55.0593 0540 Rdbss - ok
13:48:55.0671 0540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:48:55.0671 0540 RDPCDD - ok
13:48:55.0750 0540 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:48:55.0796 0540 RDPWD - ok
13:48:55.0875 0540 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:48:55.0890 0540 RDSessMgr - ok
13:48:55.0953 0540 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:48:55.0953 0540 redbook - ok
13:48:56.0000 0540 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:48:56.0031 0540 RemoteAccess - ok
13:48:56.0078 0540 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:48:56.0093 0540 RpcLocator - ok
13:48:56.0171 0540 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:48:56.0187 0540 RpcSs - ok
13:48:56.0265 0540 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:48:56.0312 0540 RSVP - ok
13:48:56.0359 0540 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:48:56.0359 0540 SamSs - ok
13:48:56.0406 0540 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:48:56.0421 0540 SCardSvr - ok
13:48:56.0500 0540 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:48:56.0515 0540 Schedule - ok
13:48:56.0562 0540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:48:56.0593 0540 Secdrv - ok
13:48:56.0671 0540 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:48:56.0671 0540 seclogon - ok
13:48:56.0718 0540 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:48:56.0718 0540 SENS - ok
13:48:56.0937 0540 SepMasterService (74885bdff62e537f268ebf8e8cec24bb) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
13:48:56.0937 0540 SepMasterService - ok
13:48:57.0015 0540 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:48:57.0015 0540 Serial - ok
13:48:57.0078 0540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:48:57.0078 0540 Sfloppy - ok
13:48:57.0171 0540 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:48:57.0187 0540 SharedAccess - ok
13:48:57.0250 0540 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:48:57.0265 0540 ShellHWDetection - ok
13:48:57.0281 0540 Simbad - ok
13:48:57.0328 0540 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:48:57.0359 0540 SLIP - ok
13:48:57.0562 0540 SmcService (244687a7f63848235b8b5cc493b6caff) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
13:48:57.0750 0540 SmcService - ok
13:48:57.0828 0540 SNAC (6cd803703835cc3ea4e8d47b2517f1c1) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe
13:48:57.0890 0540 SNAC - ok
13:48:58.0171 0540 SNP2UVC (473f35e2a378b854731e67c377a3bea7) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
13:48:58.0250 0540 SNP2UVC - ok
13:48:58.0343 0540 Sparrow - ok
13:48:58.0359 0540 SPBBCDrv - ok
13:48:58.0421 0540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:48:58.0421 0540 splitter - ok
13:48:58.0484 0540 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:48:58.0484 0540 Spooler - ok
13:48:58.0546 0540 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:48:58.0562 0540 sr - ok
13:48:58.0656 0540 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:48:58.0703 0540 srservice - ok
13:48:58.0859 0540 SRTSP (818ff33e09c5ef86e721e1fc00154564) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSP.SYS
13:48:58.0875 0540 SRTSP - ok
13:48:58.0968 0540 SRTSPL (e2f9e5887bea5bd8784d337e06eda31b) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
13:48:58.0984 0540 SRTSPL - ok
13:48:59.0031 0540 SRTSPX (3c01529e8b986d9dc7489f7ce8bcad91) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SRTSPX.SYS
13:48:59.0046 0540 SRTSPX - ok
13:48:59.0156 0540 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:48:59.0171 0540 Srv - ok
13:48:59.0218 0540 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:48:59.0234 0540 SSDPSRV - ok
13:48:59.0296 0540 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
13:48:59.0312 0540 StillCam - ok
13:48:59.0406 0540 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:48:59.0437 0540 stisvc - ok
13:48:59.0468 0540 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:48:59.0484 0540 streamip - ok
13:48:59.0500 0540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:48:59.0546 0540 swenum - ok
13:48:59.0593 0540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:48:59.0593 0540 swmidi - ok
13:48:59.0609 0540 SwPrv - ok
13:48:59.0640 0540 symc810 - ok
13:48:59.0656 0540 symc8xx - ok
13:48:59.0796 0540 SymDS (4f52d56310fef75249914f352dde7d13) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMDS.SYS
13:48:59.0859 0540 SymDS - ok
13:49:00.0015 0540 SymEFA (71b5577badcf9c9420393395601bb995) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMEFA.SYS
13:49:00.0093 0540 SymEFA - ok
13:49:00.0171 0540 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
13:49:00.0171 0540 SymEvent - ok
13:49:00.0234 0540 SymIRON (7450a24afbc9b0804d0a987204ffc0f8) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\Ironx86.SYS
13:49:00.0250 0540 SymIRON - ok
13:49:00.0296 0540 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
13:49:00.0328 0540 SYMREDRV - ok
13:49:00.0421 0540 SYMTDI (2b574c93d074222d2bc8ff9a27567bfd) C:\WINDOWS\system32\Drivers\SEP\0C0103E8\009D.105\x86\SYMTDI.SYS
13:49:00.0421 0540 SYMTDI - ok
13:49:00.0437 0540 sym_hi - ok
13:49:00.0468 0540 sym_u3 - ok
13:49:00.0625 0540 SynapseUpdateSvc (8acc90c2c0f57e2892f986cc336bd0c4) C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe
13:49:00.0687 0540 SynapseUpdateSvc - ok
13:49:00.0765 0540 SynTP (8e25a1dbb8527b2074af9b682f818768) C:\WINDOWS\system32\DRIVERS\SynTP.sys
13:49:00.0781 0540 SynTP - ok
13:49:00.0843 0540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:49:00.0859 0540 sysaudio - ok
13:49:00.0906 0540 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:49:00.0968 0540 SysmonLog - ok
13:49:01.0031 0540 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:49:01.0046 0540 TapiSrv - ok
13:49:01.0140 0540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:49:01.0156 0540 Tcpip - ok
13:49:01.0218 0540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:49:01.0250 0540 TDPIPE - ok
13:49:01.0296 0540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:49:01.0328 0540 TDTCP - ok
13:49:01.0375 0540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:49:01.0390 0540 TermDD - ok
13:49:01.0453 0540 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:49:01.0468 0540 TermService - ok
13:49:01.0531 0540 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:49:01.0546 0540 Themes - ok
13:49:01.0593 0540 TosIde - ok
13:49:01.0671 0540 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:49:01.0671 0540 TrkWks - ok
13:49:01.0734 0540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:49:01.0765 0540 Udfs - ok
13:49:01.0781 0540 ultra - ok
13:49:01.0890 0540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:49:01.0906 0540 Update - ok
13:49:01.0968 0540 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:49:01.0984 0540 upnphost - ok
13:49:02.0015 0540 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:49:02.0031 0540 UPS - ok
13:49:02.0062 0540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:49:02.0093 0540 usbccgp - ok
13:49:02.0156 0540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:49:02.0171 0540 usbehci - ok
13:49:02.0234 0540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:49:02.0265 0540 usbhub - ok
13:49:02.0312 0540 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:49:02.0359 0540 usbprint - ok
13:49:02.0406 0540 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:49:02.0453 0540 usbscan - ok
13:49:02.0500 0540 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:49:02.0515 0540 usbstor - ok
13:49:02.0562 0540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:49:02.0578 0540 usbuhci - ok
13:49:02.0640 0540 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:49:02.0703 0540 usbvideo - ok
13:49:02.0750 0540 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
13:49:02.0781 0540 uvclf - ok
13:49:02.0859 0540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:49:02.0859 0540 VgaSave - ok
13:49:02.0875 0540 ViaIde - ok
13:49:02.0984 0540 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:49:02.0984 0540 VolSnap - ok
13:49:03.0062 0540 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:49:03.0093 0540 VSS - ok
13:49:03.0171 0540 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:49:03.0203 0540 W32Time - ok
13:49:03.0281 0540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:49:03.0281 0540 Wanarp - ok
13:49:03.0390 0540 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:49:03.0406 0540 Wdf01000 - ok
13:49:03.0421 0540 WDICA - ok
13:49:03.0500 0540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:49:03.0515 0540 wdmaud - ok
13:49:03.0562 0540 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:49:03.0578 0540 WebClient - ok
13:49:03.0703 0540 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:49:03.0718 0540 winmgmt - ok
13:49:03.0796 0540 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:49:03.0828 0540 WmdmPmSN - ok
13:49:03.0921 0540 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:49:03.0984 0540 WmiApSrv - ok
13:49:04.0187 0540 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:49:04.0343 0540 WMPNetworkSvc - ok
13:49:04.0390 0540 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:49:04.0406 0540 WS2IFSL - ok
13:49:04.0437 0540 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:49:04.0453 0540 wscsvc - ok
13:49:04.0500 0540 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:49:04.0546 0540 WSTCODEC - ok
13:49:04.0609 0540 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
13:49:04.0625 0540 wuauserv - ok
13:49:04.0671 0540 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:49:04.0687 0540 WudfPf - ok
13:49:04.0765 0540 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:49:04.0812 0540 WudfRd - ok
13:49:04.0859 0540 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:49:04.0875 0540 WudfSvc - ok
13:49:04.0984 0540 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:49:05.0000 0540 WZCSVC - ok
13:49:05.0078 0540 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:49:05.0093 0540 xmlprov - ok
13:49:05.0156 0540 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:49:05.0984 0540 \Device\Harddisk0\DR0 - ok
13:49:06.0000 0540 Boot (0x1200) (b055a910e0d627b4724382edca5af673) \Device\Harddisk0\DR0\Partition0
13:49:06.0000 0540 \Device\Harddisk0\DR0\Partition0 - ok
13:49:06.0000 0540 ============================================================
13:49:06.0000 0540 Scan finished
13:49:06.0000 0540 ============================================================
13:49:06.0031 1528 Detected object count: 0
13:49:06.0031 1528 Actual detected object count: 0
13:50:05.0609 3268 Deinitialize success

My OTL log is :
OTL logfile created on: 5/18/2012 4:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Matthew Abbott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 385.97 Mb Available Physical Memory | 38.02% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 124.91 Gb Free Space | 86.67% Space Free | Partition Type: NTFS

Computer Name: ABBOTT | User Name: Matthew Abbott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/15 19:36:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\OTL.exe
PRC - [2011/10/30 21:01:00 | 001,667,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe
PRC - [2011/09/20 23:58:00 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
PRC - [2010/12/21 01:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/10/22 16:49:52 | 000,199,680 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe
PRC - [2010/10/22 16:11:44 | 000,243,072 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) -- C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/10/12 17:44:00 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/04/15 15:34:52 | 000,024,576 | ---- | M] (Agfa Healthcare) -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe
PRC - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/12/29 19:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
PRC - [2009/12/12 00:14:58 | 000,994,216 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2009/11/09 18:34:04 | 000,401,072 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2009/06/26 17:13:00 | 000,118,784 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsTray.exe
PRC - [2009/05/08 20:54:20 | 000,098,304 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\ACPI\AsEPCMon.exe
PRC - [2009/04/30 14:49:42 | 000,385,024 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/12 14:18:27 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a437d5af\mscorlib.dll
MOD - [2012/01/12 14:18:09 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c543bd15\system.xml.dll
MOD - [2012/01/12 14:17:40 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4b9393da\system.dll
MOD - [2012/01/12 14:17:26 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/07 14:57:24 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2010/01/07 14:57:23 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/01/07 14:57:23 | 001,294,336 | ---- | M] () -- c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll
MOD - [2009/12/29 19:28:14 | 000,104,960 | ---- | M] () -- C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
MOD - [2009/11/09 18:34:04 | 000,401,072 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/30 21:01:00 | 001,667,328 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/10/30 20:41:00 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe -- (SNAC)
SRV - [2011/09/20 23:58:00 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/22 16:49:52 | 000,199,680 | ---- | M] (FUJIFILM Medical Systems U.S.A., Inc.) [Auto | Running] -- C:\Program Files\Fuji Medical System\Synapse\Workstation\SynapseUpdateManager.exe -- (SynapseUpdateSvc)
SRV - [2010/04/15 15:34:52 | 000,024,576 | ---- | M] (Agfa Healthcare) [Auto | Running] -- C:\Program Files\Agfa\IMPAX Client\Agfa.Client.Updater.Service.exe -- (PACS Client Updater)
SRV - [2010/02/18 20:22:04 | 000,615,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SPBBCDrv)
DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\MATTHE~1\LOCALS~1\Temp\fgtdrpog.sys -- (fgtdrpog)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwhid.sys -- (btwhid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - [2012/05/15 20:19:07 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/15 20:19:07 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20120517.023\NAVENG.SYS -- (NAVENG)
DRV - [2012/05/03 01:27:14 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\IPSDefs\20120517.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/04/25 14:40:39 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/04/25 14:40:39 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys -- (EraserUtilDrv11122)
DRV - [2012/04/02 19:40:10 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20120508.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/03/25 20:12:20 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/02/03 05:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/27 19:45:00 | 000,522,872 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/09/27 19:45:00 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/09/13 19:46:00 | 000,137,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/09/08 20:24:00 | 000,370,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\symtdi.sys -- (SYMTDI)
DRV - [2011/08/27 19:48:00 | 000,758,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2011/07/16 19:48:00 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SEP\0C0103E8\009D.105\x86\SymDS.sys -- (SymDS)
DRV - [2010/02/18 20:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2009/12/09 09:28:04 | 000,085,288 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NEOFLTR_650_14951.SYS -- (NEOFLTR_650_14951) Juniper Networks TDI Filter Driver (NEOFLTR_650_14951)
DRV - [2009/09/03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009/08/25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/06 02:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/14 12:51:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/07/06 10:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/04/27 07:26:44 | 005,074,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/14 03:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/13 20:32:18 | 001,759,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2009/03/02 01:03:48 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2008/11/19 05:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/11/03 19:03:28 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/08 22:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\URLSearchHook: {3D31A26E-04D4-4B45-AFD4-DA4E1AE4AF1B} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1006
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\SearchScopes\{E1F1D83E-270B-054F-25C9-60461DF5B614}: "URL" = http://www.startnow.com/s/?q={searchTerms}&src=defsearch&provider=Bing&provider_code=Z082&partner_id=249&product_id=628&affiliate_id=&channel=3_18&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110802&user_guid=59ED0A5B6EA145DA9D5560E93E82EB61&machine_id=e257fc4aca42a1f3aa4283be70bce6fa&browser=IE&os=win&os_version=5.1-x86-SP3
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/10/16 17:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\IPSFFPlgn\ [2012/05/18 13:31:13 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/17 17:12:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Synapse BHO Class) - {33414365-E6C7-460d-880A-A163BD69E84D} - C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe ()
O4 - HKLM..\Run: [FujiSynapseBridge] C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiSynapseBridge.exe (FUJIFILM Medical Systems U.S.A., Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Synapse URLSearchHook Configuration] C:\Program Files\Fuji Medical System\Synapse\Workstation\FujiFld.dll (FUJIFILM Medical Systems U.S.A., Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Matthew Abbott\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm File not found
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1FBD11EF-1260-11D1-87A7-444553540001} Local (Synapse)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/Juni ... Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{236E87B1-95E4-4041-A2ED-2E03B5E01403}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Matthew Abbott\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matthew Abbott\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/06 21:20:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 13:47:58 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew Abbott\Desktop\TDSSKiller.exe
[2012/05/17 17:32:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/17 17:29:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\TFC.exe
[2012/05/17 16:56:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/17 16:56:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/17 16:56:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/17 16:56:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/15 19:36:06 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\OTL.exe
[2012/05/12 21:41:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/05/12 17:03:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/12 16:43:32 | 004,496,432 | R--- | C] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\ComboFix.exe
[2012/05/12 09:22:26 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Matthew Abbott\Desktop\aswMBR.exe
[2012/05/10 20:26:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\dds.scr
[2012/05/10 08:19:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/05/10 07:08:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Threat Expert
[2012/05/09 22:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/05/09 21:08:57 | 000,203,088 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012/05/09 21:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/05/09 21:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2012/05/09 21:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matthew Abbott\Application Data\TestApp
[2012/04/20 21:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\PDF2Office Personal v4.0

========== Files - Modified Within 30 Days ==========

[2012/05/18 15:36:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 14:00:03 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/05/18 13:50:56 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\28l0vk3o.exe
[2012/05/18 13:47:23 | 002,107,843 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\tdsskiller.zip
[2012/05/18 13:31:09 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 13:30:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/18 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/05/17 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/05/17 17:29:46 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\TFC.exe
[2012/05/17 17:29:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/05/17 17:12:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/17 16:55:26 | 004,496,432 | R--- | M] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\ComboFix.exe
[2012/05/17 16:15:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\KillBox.exe
[2012/05/17 13:45:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/17 10:33:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\MBR.dat
[2012/05/17 09:00:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/16 07:40:00 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Matthew Abbott\Desktop\TDSSKiller.exe
[2012/05/15 20:00:06 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Matthew Abbott\Desktop\SystemLook.exe
[2012/05/15 19:36:17 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matthew Abbott\Desktop\OTL.exe
[2012/05/13 07:47:09 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 21:43:47 | 000,445,394 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/12 21:43:46 | 000,073,120 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/12 21:37:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/12 17:03:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/12 09:22:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Matthew Abbott\Desktop\aswMBR.exe
[2012/05/10 20:27:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Matthew Abbott\Desktop\dds.scr
[2012/05/09 21:09:43 | 000,587,581 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/04/23 14:17:56 | 000,203,088 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys

========== Files Created - No Company Name ==========

[2012/05/18 13:50:46 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\28l0vk3o.exe
[2012/05/18 13:47:22 | 002,107,843 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\tdsskiller.zip
[2012/05/17 16:56:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/17 16:56:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/17 16:56:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/17 16:56:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/17 16:56:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/17 16:13:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\KillBox.exe
[2012/05/15 20:00:04 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\SystemLook.exe
[2012/05/12 17:03:45 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/12 17:03:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/05/12 10:01:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Desktop\MBR.dat
[2012/05/09 21:09:15 | 000,587,581 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012/03/24 12:47:35 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/14 21:04:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/12 19:06:29 | 000,000,074 | ---- | C] () -- C:\WINDOWS\webica.ini
[2011/11/12 19:06:29 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Concentr.ini
[2011/11/12 19:06:28 | 000,000,148 | ---- | C] () -- C:\WINDOWS\Citrix.ini
[2011/06/17 08:24:13 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\fusioncache.dat
[2011/06/06 16:04:39 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 14:24:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/23 16:23:01 | 000,077,620 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/01 04:47:51 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/31 18:25:36 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010/05/31 18:17:36 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

< End of report >
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 18th, 2012, 9:40 pm

My extras log is :

OTL Extras logfile created on: 5/18/2012 4:06:34 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Matthew Abbott\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.17 Mb Total Physical Memory | 385.97 Mb Available Physical Memory | 38.02% Memory free
2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.33% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 124.91 Gb Free Space | 86.67% Space Free | Partition Type: NTFS

Computer Name: ABBOTT | User Name: Matthew Abbott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\snac.exe:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" = C:\Program Files\Microsoft Office\Office14\WINWORD.EXE:*:Enabled:Microsoft Word -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Help
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16FCDD97-AE09-476B-88CD-261D852BD34C}" = Marketsplash Shortcuts
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1AEE8A1C-1FD0-4421-B46F-BF97FD7EA90D}" = Synapse Workstation
"{1B343C8C-F170-4829-8481-E163317C5830}" = iTunes
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BEB27D1-0CBC-4B3D-8FE1-18CDDB74AED0}" = EeeSplendid
"{2CF4F553-5E00-42DC-85AB-9A1A29C7D9D2}" = Citrix online plug-in (SSON)
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{600AB648-F79B-41EC-B426-A49A7DB121EA}" = HP Officejet 6500 E710n-z Basic Device Software
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DF9279C-8FBB-4D82-B359-3FBD9DF7AFC7}" = AGFA IMPAX Client 6.3.1.7001
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7C5B1ECD-FE93-4FB2-A51A-06451BA49969}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.2 MUI
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA689023-0B72-4771-98A6-A1C927E58207}" = Symantec Endpoint Protection
"{FAABDC10-41B3-4A4C-A76E-C02CB9BE2A5E}" = HP Officejet 6500 E710n-z Product Improvement Study
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CitrixOnlinePluginFull" = Citrix Online Plug-in v12.1.0.30
"Eee Docking_is1" = Eee Docking 1.3.10.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1272441048-3259255283-445769570-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2012 7:02:39 AM | Computer Name = ABBOTT | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1028, faulting module
unknown, version 0.0.0.0, fault address 0x1000b3a2.

Error - 5/17/2012 9:12:54 AM | Computer Name = ABBOTT | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Cookie:matthew abbott@serving-sys.com/
by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted
successfully.

Error - 5/17/2012 10:07:47 AM | Computer Name = ABBOTT | Source = Application Error | ID = 1000
Description = Faulting application aswmbr.exe, version 0.9.9.1665, faulting module
aswmbr.exe, version 0.9.9.1665, fault address 0x00010f53.

Error - 5/17/2012 1:35:32 PM | Computer Name = ABBOTT | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Cookie:matthew abbott@quantserve.com/
by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted
successfully.

Error - 5/17/2012 5:13:08 PM | Computer Name = ABBOTT | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1028, faulting module
unknown, version 0.0.0.0, fault address 0x1000b3a2.

Error - 5/17/2012 5:26:06 PM | Computer Name = ABBOTT | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1028, faulting module
unknown, version 0.0.0.0, fault address 0x1000b3a2.

Error - 5/17/2012 5:34:28 PM | Computer Name = ABBOTT | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1028, faulting module
unknown, version 0.0.0.0, fault address 0x1000b3a2.

Error - 5/18/2012 9:01:46 AM | Computer Name = ABBOTT | Source = Application Error | ID = 1000
Description = Faulting application asacpisvr.exe, version 6.1.1.1028, faulting module
unknown, version 0.0.0.0, fault address 0x1000b3a2.

Error - 5/18/2012 9:58:29 AM | Computer Name = ABBOTT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/18/2012 1:25:25 PM | Computer Name = ABBOTT | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Cookie:matthew abbott@quantserve.com/
by: Manual scan. Action: Delete succeeded. Action Description: The file was deleted
successfully.

[ System Events ]
Error - 5/17/2012 5:11:57 PM | Computer Name = ABBOTT | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 5/17/2012 5:31:28 PM | Computer Name = ABBOTT | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/17/2012 5:31:28 PM | Computer Name = ABBOTT | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/17/2012 5:31:28 PM | Computer Name = ABBOTT | Source = Service Control Manager | ID = 7031
Description = The Juniper Network Connect Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
30000 milliseconds: Restart the service.

Error - 5/17/2012 5:31:28 PM | Computer Name = ABBOTT | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/17/2012 5:31:28 PM | Computer Name = ABBOTT | Source = Service Control Manager | ID = 7034
Description = The PACS Client Updater service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/17/2012 5:31:29 PM | Computer Name = ABBOTT | Source = Service Control Manager | ID = 7034
Description = The Synapse Update Manager service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/17/2012 5:31:32 PM | Computer Name = ABBOTT | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/18/2012 1:30:58 PM | Computer Name = ABBOTT | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 5/18/2012 2:00:44 PM | Computer Name = ABBOTT | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 19th, 2012, 1:53 pm

Hello mabbitt616,

Thank you, good job! :) Let continue...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    
    :Files
    C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the OTL.txt log file after OTL FixScript run
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 21st, 2012, 7:18 am

Pgmigg,

I will be away from my infected computer until Sunday, May 27. So I will not be able to run the scan until then. I wanted to send a reply so that the thread is not deleted. Thanks.
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 21st, 2012, 11:01 am

Hello mabbitt616,

Thank you for your notification. I will leave it open until the May 27 or even May 29 because I will be also out of Internet between May 25 and May 28... ;)

See you and your logs after that!

pgmigg
:D
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Google/Bing redirect virus help

Unread postby mabbitt616 » May 27th, 2012, 11:42 am

pgmigg,

I was able to run OTL without problem.

The log is:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
========== FILES ==========
C:\Documents and Settings\Matthew Abbott\Local Settings\Application Data\Apple Computer\Adobe\yxuoo.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Matthew Abbott\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Matthew Abbott\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Matthew Abbott
->Temp folder emptied: 1396213 bytes
->Temporary Internet Files folder emptied: 2099031 bytes
->Java cache emptied: 1619532 bytes
->Flash cache emptied: 470 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26394 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.43.0 log created on 05272012_113401

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c4.dat not found!

Registry entries deleted on Reboot...
mabbitt616
Regular Member
 
Posts: 17
Joined: May 10th, 2012, 8:30 pm

Re: Google/Bing redirect virus help

Unread postby pgmigg » May 28th, 2012, 10:46 am

Hello mabbitt616,

Very well! :)

Could you please tell me about current conditions of your computer?
Do you still have any kind of redirection, or you can see suspicious activity, or there left something else I should resolve?

Thanks,
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware