TechSpot

Browser redirect problems

By Tweez23
Apr 3, 2012
  1. here is the mbab post...
    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.03.12

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Bunzo :: BUNZO-PC [administrator]

    Protection: Enabled

    4/3/2012 3:37:15 PM
    mbam-log-2012-04-03 (15-37-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 192231
    Time elapsed: 2 minute(s), 6 second(s)

    Memory Processes Detected: 1
    C:\WINDOWS\svchost.exe (Trojan.Agent) -> 4692 -> Delete on reboot.

    Memory Modules Detected: 1
    C:\Users\Bunzo\AppData\Roaming\Macromedia\Macromedia\vubjh.dll (Trojan.Tracur) -> Delete on reboot.

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Update (Trojan.Tracur) -> Data: rundll32.exe "C:\Users\Bunzo\AppData\Roaming\Macromedia\Macromedia\vubjh.dll",DllRegisterServer -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Bunzo\AppData\Roaming\Macromedia\Macromedia\vubjh.dll (Trojan.Tracur) -> Delete on reboot.
    C:\Users\Bunzo\AppData\Roaming\Macromedia\Macromedia\oexuquj.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
    C:\WINDOWS\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)

    will post other logs on reboot...
     
  2. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-03 15:52:27
    Windows 6.1.7600
    Running: download[1].exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 929

    ---- EOF - GMER 1.0.15 ----
     
  3. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Bunzo at 15:54:39 on 2012-04-03
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5943.4085 [GMT -7:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Dell\DellDock\DellDock.exe
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    StartupFolder: C:\Users\Bunzo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{79A954A8-DEA2-4DB4-8360-614D0F94867D} : DhcpNameServer = 209.18.47.61 209.18.47.62
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-17 1157240]
    R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120401.001\IDSviA64.sys [2012-4-2 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-3 652360]
    R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccsvchst.exe [2012-3-23 138232]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-1 689472]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-10 138360]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 0214041331405665mcinstcleanup;McAfee Application Installer Cleanup (0214041331405665);C:\Users\Bunzo\AppData\Local\Temp\021404~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Users\Bunzo\AppData\Local\Temp\021404~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-03 22:43:07 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-04-03 22:43:05 20480 ----a-w- C:\Windows\svchost.exe
    2012-04-03 22:36:42 -------- d-----w- C:\Users\Bunzo\AppData\Roaming\Malwarebytes
    2012-04-03 22:36:36 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-03 22:36:35 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-03 22:36:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-03 22:34:34 388096 ----a-r- C:\Users\Bunzo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-04-03 22:34:34 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-03-30 00:11:46 -------- d-----w- C:\Users\Bunzo\AppData\Local\CrashDumps
    2012-03-28 00:58:39 -------- d-----w- C:\Users\Bunzo\My Backup Files
    2012-03-24 01:16:56 738936 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtsp64.sys
    2012-03-24 01:16:56 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symds64.sys
    2012-03-24 01:16:56 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symnets.sys
    2012-03-24 01:16:56 37496 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\srtspx64.sys
    2012-03-24 01:16:56 1092728 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\symefa64.sys
    2012-03-24 01:16:55 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ironx64.sys
    2012-03-24 01:16:55 167048 ----a-r- C:\Windows\System32\drivers\N360x64\0601020.00A\ccsetx64.sys
    2012-03-24 01:16:42 -------- d-----w- C:\Windows\System32\drivers\N360x64\0601020.00A
    2012-03-19 07:50:14 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D7E9.tmp
    2012-03-19 07:50:14 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\D7E8.tmp
    2012-03-16 07:28:01 -------- d-----w- C:\Program Files\iTunes
    2012-03-16 07:28:01 -------- d-----w- C:\Program Files\iPod
    2012-03-16 07:28:01 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-03-16 07:25:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-03-16 07:25:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-03-16 07:25:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-03-16 07:25:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-03-16 07:25:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-03-16 07:25:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-03-16 07:25:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-03-13 21:58:28 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-13 21:58:27 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2012-03-13 21:58:27 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2012-03-13 21:58:27 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2012-03-13 21:58:27 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-03-13 21:58:27 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2012-03-13 21:58:27 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-03-13 21:58:27 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-03-13 21:58:27 1541120 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-13 21:58:27 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-03-13 21:58:27 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-13 21:57:56 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-03-13 21:57:56 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-03-13 21:57:56 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-03-13 21:57:54 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-03-13 21:57:54 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
    2012-03-13 21:57:54 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-03-13 21:57:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
    2012-03-10 19:43:08 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2012-03-10 18:58:17 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-03-10 18:58:17 -------- d-----w- C:\Program Files\Symantec
    2012-03-10 18:58:17 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2012-03-10 18:57:49 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2012-03-10 18:57:48 -------- d-----w- C:\Program Files (x86)\Norton 360
    2012-03-10 18:53:02 -------- d-----w- C:\ProgramData\NortonInstaller
    2012-03-10 18:53:02 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2012-03-10 18:50:32 -------- d-----w- C:\ProgramData\Norton
    .
    ==================== Find3M ====================
    .
    2012-04-03 22:43:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
    .
    ============= FINISH: 15:55:02.73 ===============
     
  4. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/7/2012 1:33:52 AM
    System Uptime: 4/3/2012 3:41:42 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0C2KJT
    Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz | CPU 1 | 3200/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 920 GiB total, 875.756 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP33: 3/20/2012 3:00:10 AM - Windows Update
    RP34: 3/21/2012 3:00:10 AM - Windows Update
    RP35: 3/22/2012 3:00:10 AM - Windows Update
    RP36: 3/23/2012 3:00:10 AM - Windows Update
    RP37: 3/23/2012 3:24:54 PM - Removed Skype™ 4.2
    RP38: 3/23/2012 3:26:03 PM - Removed Skype Toolbars
    RP39: 3/24/2012 3:00:10 AM - Windows Update
    RP40: 3/25/2012 3:00:10 AM - Windows Update
    RP41: 3/26/2012 3:00:26 AM - Windows Update
    RP42: 3/27/2012 3:00:10 AM - Windows Update
    RP43: 3/28/2012 3:00:27 AM - Windows Update
    RP44: 3/29/2012 3:00:11 AM - Windows Update
    RP45: 3/30/2012 3:00:11 AM - Windows Update
    RP46: 3/31/2012 3:00:10 AM - Windows Update
    RP47: 4/1/2012 3:00:10 AM - Windows Update
    RP48: 4/2/2012 3:00:10 AM - Windows Update
    RP49: 4/3/2012 3:00:10 AM - Windows Update
    RP50: 4/3/2012 3:33:54 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Adobe Reader 9.1.2
    AIM 7
    Apple Application Support
    Apple Software Update
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Download Updater (AOL LLC)
    GoToAssist 8.0.0.514
    HiJackThis
    Intel(R) Graphics Media Accelerator Driver
    Internet Explorer
    Java Auto Updater
    Java(TM) 6 Update 21
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft Choice Guard
    Microsoft Digital Image Library 9
    Microsoft Digital Image Pro 9
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    MSVCRT
    Multimedia Card Reader
    Norton 360
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Burn
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    WildTangent Games
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/3/2012 3:42:43 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    4/3/2012 3:42:43 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    4/3/2012 3:00:23 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
    4/2/2012 11:02:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
    3/30/2012 3:20:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    3/29/2012 3:17:20 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    3/28/2012 11:50:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR6.
    .
    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You started a thread last July for this same problem. Broni was helping you with several replies. But you abandoned the thread and didn't finish.

    If you would like me to help you, I would like your assurance that you will continue.
    =======================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  6. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    100% i will finish.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- I will hold you to that:
    ---------------------------------------
    There are some things I can't reconcile. Since your last thread from July, 2011 referenced the same problem, I assumed the current problem was referring to the same computer. However, this system shows an Install Date: 1/7/2012

    You also had to choose between Norton and Avast at that time. It appears that you uninstalled Norton in favor of keeping Avast, although you left this Scheduled Task:

    2011-07-27 c:\windows\Tasks\Norton Security Scan for Mr Roboto.job
    - c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-07 17:06]
    ----------------
    Avast shows 2 install dates:
    PRC - [2011/07/04 04:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    And again, 7/28/2012.

    And you now show 03-10 18:50:32 -------- d-----w- C:\ProgramData\Norton
    2012-03-10 18:58:17 -------- d-----w- C:\Program Files\Symantec
    ===========================================
    So I have questions:
    1. Do you actually understand what a redirect problem is? Described please.
    2. Do your 2 thread refer to 2 different computers?
    3. Or, did you do a reinstall/reformat on 1/26/2012?
    ===========================================
    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    ==================================
    Uinstall the HijackThis you now have. Delete any previous logs. The program has not been installed correctly. Reboot after removal then follow>>>>

    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    =================================
    Run both scans above, answer my questions, leave logs in next reply.
     
  8. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    Im going to start your check list...but to reply to your questions. this is a new computer. norton 360 is installed...and im assuming a redirect is when, for example, i try to do a google search and it kicks me somewhere else...and i can try to go back n it wont let me so i have to close and try again.

    here is the first part of the checklist...

    Results of screen317's Security Check version 0.99.32
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 21
    Java version out of date!
    Adobe Reader 9 Adobe Reader out of date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ``````````End of Log````````````
     
  9. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:25:32 PM, on 4/5/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16930)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
    C:\Program Files (x86)\internet explorer\iexplore.exe
    C:\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\IPS\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coIEPlg.dll
    O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    O23 - Service: McAfee Application Installer Cleanup (0214041331405665) (0214041331405665mcinstcleanup) - Unknown owner - C:\Users\Bunzo\AppData\Local\Temp\021404~1.EXE (file missing)
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9366 bytes
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    About this:
    Never assume! Would it describe the problem if I said the following:
    1. You put a search term in Google Search
    2. You click on Search
    3. A page from Google comes up with hits to match your search term.
    4. You click on the hit (URL) that you want
    5. But the site that you choose is not what comes up
    6. Instead, another site displays, possibly unrelated to the search term.

    Now the part I need clarified:
    1. "i can try to go back n it won't let me.">> Go back to what? Do you use the Back button in the Toolbar or do you click 'Search' to bring up the hits page again?
    2. What "won't let me"? How won't it let you?
    3. "I have to close and try again.">> Close what? The browser? Which browser?
    ====================================
    I wouldn't mind a bit if you were more generous with information!

    Important! There is a process indicating you have/had the McAfee Cleanup Installer. Did McAfee come with the new computer? Did you uninstall it so you could put Norton on the system?
    ====================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ======================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==================================
    Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader > Current is vX(10.xx)> Adobe Reader Update
    Java(TM) > Current is v6u31> Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
    ================================
    You are short on security. Remind me when we finish to give you recommendation for additional security.
    Note: I won't be online tomorrow, Easter Sunday. We will continue on Monday.
     
  11. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    This is exactly what happens as you described below.

    Never assume! Would it describe the problem if I said the following:
    1. You put a search term in Google Search
    2. You click on Search
    3. A page from Google comes up with hits to match your search term.
    4. You click on the hit (URL) that you want
    5. But the site that you choose is not what comes up
    6. Instead, another site displays, possibly unrelated to the search term.

    Now the part I need clarified:
    1. "i can try to go back n it won't let me.">> Go back to what? Do you use the Back button in the Toolbar or do you click 'Search' to bring up the hits page again? I use the back button and it doesn't allow me to go back so I close that tab and/or window and retry. Sometimes I just close out the browser and retry my search.

    going to do ur steps now.
     
  12. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    McAfee came with the computer. It was a trial version.
     
  13. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    ComboFix 12-04-07.03 - Bunzo 04/07/2012 19:13:33.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5943.4589 [GMT -7:00]
    Running from: c:\users\Bunzo\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-08 to 2012-04-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-05 19:24 . 2012-04-05 19:25 -------- d-----w- C:\HiJackThis
    2012-04-03 22:43 . 2012-04-03 22:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-03 22:36 . 2012-04-03 22:36 -------- d-----w- c:\users\Bunzo\AppData\Roaming\Malwarebytes
    2012-04-03 22:36 . 2012-04-03 22:36 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-03 22:36 . 2012-04-03 22:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-03 22:36 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-30 00:11 . 2012-03-30 03:50 -------- d-----w- c:\users\Bunzo\AppData\Local\CrashDumps
    2012-03-28 00:58 . 2012-03-28 00:58 -------- d-----w- c:\users\Bunzo\My Backup Files
    2012-03-23 22:00 . 2012-03-23 22:00 -------- d-----w- c:\windows\system32\Macromed
    2012-03-19 07:50 . 2012-03-19 07:50 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\D7E9.tmp
    2012-03-19 07:50 . 2012-03-19 07:50 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\D7E8.tmp
    2012-03-16 07:28 . 2012-03-16 07:28 -------- d-----w- c:\program files\iTunes
    2012-03-16 07:28 . 2012-03-16 07:28 -------- d-----w- c:\program files (x86)\iTunes
    2012-03-16 07:28 . 2012-03-16 07:28 -------- d-----w- c:\program files\iPod
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-03-13 21:58 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-03-13 21:58 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-13 21:58 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-13 21:58 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-13 21:58 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-13 21:58 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-13 21:58 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-13 21:58 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2012-03-13 21:58 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-03-13 21:58 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-03-13 21:58 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-03-13 21:57 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-13 21:57 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-13 21:57 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-13 21:57 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-13 21:57 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-13 21:57 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 21:57 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-10 19:43 . 2012-03-10 19:43 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2012-03-10 18:58 . 2012-03-24 01:17 -------- d-----w- c:\program files\Symantec
    2012-03-10 18:58 . 2012-03-24 01:17 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-03-10 18:58 . 2012-03-10 18:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-03-10 18:57 . 2012-03-29 10:17 -------- d-----w- c:\windows\system32\drivers\N360x64
    2012-03-10 18:57 . 2012-03-10 18:57 -------- d-----w- c:\program files (x86)\Norton 360
    2012-03-10 18:53 . 2012-03-10 18:53 -------- d-----w- c:\program files (x86)\NortonInstaller
    2012-03-10 18:50 . 2012-03-10 19:00 -------- d-----w- c:\programdata\Norton
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-03 22:43 . 2012-01-15 07:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-04 09:19 . 2012-02-04 09:19 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5F8C.tmp
    2012-02-04 09:19 . 2012-02-04 09:19 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5F8B.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
    .
    c:\users\Bunzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 0214041331405665mcinstcleanup;McAfee Application Installer Cleanup (0214041331405665);c:\users\Bunzo\AppData\Local\Temp\021404~1.EXE [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-17 1157240]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120406.002\IDSvia64.sys [2012-03-28 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-09 138360]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:43]
    .
    2012-01-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
    .
    2012-04-07 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-07 19:25:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-08 02:25
    .
    Pre-Run: 939,677,327,360 bytes free
    Post-Run: 939,905,867,776 bytes free
    .
    - - End Of File - - CD8703A4C8DDEB668D5DB11680BE892B
     
  14. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    C:\ProgramData\Microsoft\Windows\DRM\5F8B.tmp Win64/Olmarik.AD trojan
    C:\ProgramData\Microsoft\Windows\DRM\5F8C.tmp Win64/Olmarik.AD trojan
    C:\ProgramData\Microsoft\Windows\DRM\D7E8.tmp Win64/Olmarik.AH trojan
    C:\ProgramData\Microsoft\Windows\DRM\D7E9.tmp Win64/Olmarik.AH trojan
    C:\Users\All Users\Microsoft\Windows\DRM\5F8B.tmp Win64/Olmarik.AD trojan
    C:\Users\All Users\Microsoft\Windows\DRM\5F8C.tmp Win64/Olmarik.AD trojan
    C:\Users\All Users\Microsoft\Windows\DRM\D7E8.tmp Win64/Olmarik.AH trojan
    C:\Users\All Users\Microsoft\Windows\DRM\D7E9.tmp Win64/Olmarik.AH trojan
    C:\Users\Bunzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5db45511-321429fc Java/Exploit.CVE-2011-3544.AU trojan
    C:\Users\Bunzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a955edb-47a6d0bc a variant of Java/TrojanDownloader.Agent.NDJ trojan
    C:\Users\Bunzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\c393949-4342236c a variant of Java/TrojanDownloader.Agent.NDJ trojan
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Be sure you updated Java as instructed> there is malware in the Java cache.

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\ProgramData\Microsoft\Windows\DRM\5F8B.tmp 
      C:\ProgramData\Microsoft\Windows\DRM\5F8C.tmp 
      C:\ProgramData\Microsoft\Windows\DRM\D7E8.tmp 
      C:\ProgramData\Microsoft\Windows\DRM\D7E9.tmp 
      C:\Users\All Users\Microsoft\Windows\DRM\5F8B.tmp 
      C:\Users\All Users\Microsoft\Windows\DRM\5F8C.tmp 
      C:\Users\All Users\Microsoft\Windows\DRM\D7E8.tmp 
      C:\Users\All Users\Microsoft\Windows\DRM\D7E9.tmp 
      C:\Users\Bunzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5db45511-321429fc 
      C:\Users\Bunzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a955edb-47a6d0bc 
      C:\Users\Bunzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\c393949-4342236c 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    KillAll::
    File::
    c:\programdata\Microsoft\Windows\DRM\D7E9.tmp
    c:\programdata\Microsoft\Windows\DRM\D7E8.tmp
    c:\programdata\Microsoft\Windows\DRM\5F8C.tmp
    c:\programdata\Microsoft\Windows\DRM\5F8B.tmp
    c:\users\Bunzo\AppData\Local\Temp\021404~1.EXE
    C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini 
    Folder::
    c:\users\Bunzo\AppData\Local\CrashDumps
    DDS::
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Clearjavacache::
    Driver::
    0214041331405665mcinstcleanup
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    From Combofix directions
    Your header in Combofix:
    AV: Norton 360 *Disabled
    FW: Norton 360 *Enabled
    SP: Norton 360 *Enabled
    ====================================
    FYI: DRM> Short for digital rights management, is a system for protecting the copyrights of data circulated via the Internet or other digital media by enabling secure distribution and/or disabling illegal distribution of the data

    Attempting to get media by avoiding the DRM can result also in malware. For instance, one of the DRM tmp files being removed is D7E9.TMP is Cloaked Malware seen to perform the following behavior:
    • The Process is packed and/or encrypted using a software packing process
    • Found on infected systems and resists interrogation by security products.
     
  16. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    Java updated...now working way down list.

    All processes killed
    ========== FILES ==========
    C:\ProgramData\Microsoft\Windows\DRM\5F8B.tmp moved successfully.
    C:\ProgramData\Microsoft\Windows\DRM\5F8C.tmp moved successfully.
    C:\ProgramData\Microsoft\Windows\DRM\D7E8.tmp moved successfully.
    C:\ProgramData\Microsoft\Windows\DRM\D7E9.tmp moved successfully.
    File/Folder C:\Users\All Users\Microsoft\Windows\DRM\5F8B.tmp not found.
    File/Folder C:\Users\All Users\Microsoft\Windows\DRM\5F8C.tmp not found.
    File/Folder C:\Users\All Users\Microsoft\Windows\DRM\D7E8.tmp not found.
    File/Folder C:\Users\All Users\Microsoft\Windows\DRM\D7E9.tmp not found.
    C:\Users\Bunzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5db45511-321429fc moved successfully.
    C:\Users\Bunzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a955edb-47a6d0bc moved successfully.
    C:\Users\Bunzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\c393949-4342236c moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bunzo
    ->Temp folder emptied: 1515484 bytes
    ->Temporary Internet Files folder emptied: 18661731 bytes
    ->Java cache emptied: 7474 bytes
    ->Flash cache emptied: 728 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 59948465 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101800 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 77.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 04082012_183445

    Files moved on Reboot...
    C:\Users\Bunzo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\temp\fla422A.tmp moved successfully.
    C:\Windows\temp\fla7BB4.tmp moved successfully.
    C:\Windows\temp\fla93EC.tmp moved successfully.
    C:\Windows\temp\fla9C01.tmp moved successfully.
    C:\Windows\temp\flaAF3C.tmp moved successfully.

    Registry entries deleted on Reboot...
     
  17. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    ComboFix 12-04-08.01 - Bunzo 04/09/2012 2:09.7.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5943.4610 [GMT -7:00]
    Running from: c:\users\Bunzo\Desktop\ComboFix.exe
    Command switches used :: c:\users\Bunzo\Desktop\CFScript.txt
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\progra~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini"
    "c:\programdata\Microsoft\Windows\DRM\5F8B.tmp"
    "c:\programdata\Microsoft\Windows\DRM\5F8C.tmp"
    "c:\programdata\Microsoft\Windows\DRM\D7E8.tmp"
    "c:\programdata\Microsoft\Windows\DRM\D7E9.tmp"
    "c:\users\Bunzo\AppData\Local\Temp\021404~1.EXE"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-09 09:14 . 2012-04-09 09:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-09 02:06 . 2012-04-09 02:06 -------- d-----w- c:\windows\Sun
    2012-04-09 01:34 . 2012-04-09 01:34 -------- d-----w- C:\_OTM
    2012-04-09 01:32 . 2012-04-09 01:32 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-04-08 03:51 . 2012-04-08 03:51 -------- d-----w- c:\program files (x86)\ESET
    2012-04-05 19:24 . 2012-04-05 19:25 -------- d-----w- C:\HiJackThis
    2012-04-03 22:43 . 2012-04-03 22:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-03 22:36 . 2012-04-03 22:36 -------- d-----w- c:\users\Bunzo\AppData\Roaming\Malwarebytes
    2012-04-03 22:36 . 2012-04-03 22:36 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-03 22:36 . 2012-04-03 22:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-03 22:36 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-28 00:58 . 2012-03-28 00:58 -------- d-----w- c:\users\Bunzo\My Backup Files
    2012-03-23 22:00 . 2012-03-23 22:00 -------- d-----w- c:\windows\system32\Macromed
    2012-03-16 07:28 . 2012-03-16 07:28 -------- d-----w- c:\program files\iTunes
    2012-03-16 07:28 . 2012-03-16 07:28 -------- d-----w- c:\program files (x86)\iTunes
    2012-03-16 07:28 . 2012-03-16 07:28 -------- d-----w- c:\program files\iPod
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-03-16 07:25 . 2012-03-16 07:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-03-13 21:58 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-03-13 21:58 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-13 21:58 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-13 21:58 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-13 21:58 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-13 21:58 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-13 21:58 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-13 21:58 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2012-03-13 21:58 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-03-13 21:58 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-03-13 21:58 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-03-13 21:57 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-13 21:57 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-13 21:57 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-13 21:57 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-13 21:57 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-13 21:57 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 21:57 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-10 19:43 . 2012-03-10 19:43 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2012-03-10 18:58 . 2012-03-24 01:17 -------- d-----w- c:\program files\Symantec
    2012-03-10 18:58 . 2012-03-24 01:17 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-03-10 18:58 . 2012-03-10 18:58 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2012-03-10 18:57 . 2012-03-29 10:17 -------- d-----w- c:\windows\system32\drivers\N360x64
    2012-03-10 18:57 . 2012-03-10 18:57 -------- d-----w- c:\program files (x86)\Norton 360
    2012-03-10 18:53 . 2012-03-10 18:53 -------- d-----w- c:\program files (x86)\NortonInstaller
    2012-03-10 18:50 . 2012-04-08 01:32 -------- d-----w- c:\programdata\Norton
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-09 01:31 . 2010-12-01 07:49 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-04-03 22:43 . 2012-01-15 07:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-09_04.42.09 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-09 08:18 . 2012-04-09 08:18 58235 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\UserCache.bin
    + 2012-04-09 07:00 . 2012-04-09 08:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040920120410\index.dat
    + 2012-04-09 07:00 . 2012-04-09 06:53 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012040220120409\index.dat
    - 2012-03-10 10:39 . 2012-04-09 01:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2012-03-10 10:39 . 2012-04-09 08:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
    + 2010-12-01 08:14 . 2012-04-09 06:53 27668 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2012-04-09 09:05 27716 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2012-01-07 07:32 . 2012-04-09 09:07 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-01-07 07:32 . 2012-04-09 04:27 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-04-09 01:40 . 2012-04-09 04:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-04-09 01:40 . 2012-04-09 09:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 04:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-09 09:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-01-07 15:59 . 2012-04-09 01:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-01-07 15:59 . 2012-04-09 09:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-01-07 15:59 . 2012-04-09 01:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2012-01-07 15:59 . 2012-04-09 09:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2012-01-07 15:59 . 2012-04-09 01:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-01-07 15:59 . 2012-04-09 09:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-01-07 12:14 . 2012-04-09 09:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-01-07 12:14 . 2012-04-09 04:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2012-01-07 12:14 . 2012-04-09 04:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-01-07 12:14 . 2012-04-09 09:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-01-08 10:56 . 2012-04-09 09:05 8100 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4107103901-2604638022-3598755104-1001_UserData.bin
    + 2012-04-09 09:15 . 2012-04-09 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-09 04:41 . 2012-04-09 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-09 04:41 . 2012-04-09 04:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2012-04-09 09:15 . 2012-04-09 09:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-01-08 10:54 . 2012-04-09 01:59 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2012-01-08 10:54 . 2012-04-09 08:09 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2009-07-14 04:54 . 2012-04-09 09:16 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-04-09 04:42 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 02:36 . 2012-04-09 09:07 624384 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-04-09 02:02 624384 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2012-04-09 02:02 106502 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2012-04-09 09:07 106502 c:\windows\system32\perfc009.dat
    + 2009-07-14 04:54 . 2012-04-09 09:15 3883008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-04-09 04:42 3883008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-04-09 09:15 1163264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 02:34 . 2012-04-09 02:55 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-04-09 07:05 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-01-27 237568]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\users\Bunzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 253600]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-17 1157240]
    S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120406.002\IDSvia64.sys [2012-03-28 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe [2012-01-17 138232]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-09 138360]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 22:43]
    .
    2012-01-09 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
    .
    2012-04-08 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060832]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.1.2.10\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\\.\globalroot\systemroot\svchost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-09 02:19:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-09 09:19
    ComboFix2.txt 2012-04-09 06:55
    ComboFix3.txt 2012-04-09 04:45
    ComboFix4.txt 2012-04-08 02:25
    .
    Pre-Run: 938,967,240,704 bytes free
    Post-Run: 938,946,240,512 bytes free
    .
    - - End Of File - - C83B636F11EE1911730F830DC9E9897F
     
  18. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11.GBNABI
    ----- EOF -----
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, looks like we need to dig out rootkit.

    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result. Save the log and post in next reply.
    • A reboot is required after disinfection.
    ======================================
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

    Please let me know if the redirecting stops.
     
  20. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    11:16:37.0360 9592 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    11:16:38.0218 9592 ============================================================
    11:16:38.0218 9592 Current date / time: 2012/04/12 11:16:38.0218
    11:16:38.0218 9592 SystemInfo:
    11:16:38.0218 9592
    11:16:38.0218 9592 OS Version: 6.1.7600 ServicePack: 0.0
    11:16:38.0218 9592 Product type: Workstation
    11:16:38.0218 9592 ComputerName: BUNZO-PC
    11:16:38.0218 9592 UserName: Bunzo
    11:16:38.0218 9592 Windows directory: C:\Windows
    11:16:38.0218 9592 System windows directory: C:\Windows
    11:16:38.0218 9592 Running under WOW64
    11:16:38.0218 9592 Processor architecture: Intel x64
    11:16:38.0218 9592 Number of processors: 4
    11:16:38.0218 9592 Page size: 0x1000
    11:16:38.0218 9592 Boot type: Normal boot
    11:16:38.0218 9592 ============================================================
    11:16:39.0747 9592 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    11:16:39.0810 9592 Drive \Device\Harddisk1\DR1 - Size: 0xEB400000 (3.68 Gb), SectorSize: 0x200, Cylinders: 0x1DF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    11:16:39.0810 9592 \Device\Harddisk0\DR0:
    11:16:39.0810 9592 MBR used
    11:16:39.0810 9592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x16E3000
    11:16:39.0810 9592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x16F7000, BlocksNum 0x7300F000
    11:16:39.0810 9592 \Device\Harddisk1\DR1:
    11:16:39.0810 9592 MBR used
    11:16:39.0810 9592 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x758000
    11:16:39.0841 9592 Initialize success
    11:16:39.0841 9592 ============================================================
    11:16:41.0885 3876 ============================================================
    11:16:41.0885 3876 Scan started
    11:16:41.0885 3876 Mode: Manual;
    11:16:41.0885 3876 ============================================================
    11:16:43.0351 3876 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
    11:16:43.0367 3876 1394ohci - ok
    11:16:43.0398 3876 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    11:16:43.0398 3876 ACPI - ok
    11:16:43.0429 3876 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    11:16:43.0429 3876 AcpiPmi - ok
    11:16:43.0554 3876 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    11:16:43.0554 3876 AdobeFlashPlayerUpdateSvc - ok
    11:16:43.0601 3876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    11:16:43.0601 3876 adp94xx - ok
    11:16:43.0616 3876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    11:16:43.0632 3876 adpahci - ok
    11:16:43.0647 3876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    11:16:43.0647 3876 adpu320 - ok
    11:16:43.0710 3876 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    11:16:43.0710 3876 AeLookupSvc - ok
    11:16:43.0757 3876 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    11:16:43.0772 3876 AFD - ok
    11:16:43.0788 3876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    11:16:43.0788 3876 agp440 - ok
    11:16:43.0835 3876 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    11:16:43.0835 3876 ALG - ok
    11:16:43.0850 3876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    11:16:43.0850 3876 aliide - ok
    11:16:43.0866 3876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    11:16:43.0866 3876 amdide - ok
    11:16:43.0897 3876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    11:16:43.0897 3876 AmdK8 - ok
    11:16:43.0897 3876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    11:16:43.0897 3876 AmdPPM - ok
    11:16:43.0944 3876 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    11:16:43.0944 3876 amdsata - ok
    11:16:43.0959 3876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    11:16:43.0959 3876 amdsbs - ok
    11:16:43.0991 3876 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    11:16:43.0991 3876 amdxata - ok
    11:16:44.0022 3876 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    11:16:44.0053 3876 AppID - ok
    11:16:44.0084 3876 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    11:16:44.0084 3876 AppIDSvc - ok
    11:16:44.0115 3876 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    11:16:44.0115 3876 Appinfo - ok
    11:16:44.0240 3876 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    11:16:44.0240 3876 Apple Mobile Device - ok
    11:16:44.0256 3876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    11:16:44.0256 3876 arc - ok
    11:16:44.0271 3876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    11:16:44.0271 3876 arcsas - ok
    11:16:44.0287 3876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    11:16:44.0287 3876 AsyncMac - ok
    11:16:44.0303 3876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    11:16:44.0303 3876 atapi - ok
    11:16:44.0334 3876 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    11:16:44.0334 3876 AudioEndpointBuilder - ok
    11:16:44.0349 3876 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    11:16:44.0349 3876 AudioSrv - ok
    11:16:44.0381 3876 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    11:16:44.0381 3876 AxInstSV - ok
    11:16:44.0396 3876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    11:16:44.0396 3876 b06bdrv - ok
    11:16:44.0443 3876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    11:16:44.0459 3876 b57nd60a - ok
    11:16:44.0490 3876 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    11:16:44.0490 3876 BDESVC - ok
    11:16:44.0521 3876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    11:16:44.0521 3876 Beep - ok
    11:16:44.0552 3876 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    11:16:44.0568 3876 BFE - ok
    11:16:44.0880 3876 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120402.001\BHDrvx64.sys
    11:16:44.0911 3876 BHDrvx64 - ok
    11:16:44.0942 3876 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
    11:16:44.0958 3876 BITS - ok
    11:16:44.0973 3876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    11:16:44.0973 3876 blbdrive - ok
    11:16:45.0036 3876 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    11:16:45.0051 3876 Bonjour Service - ok
    11:16:45.0098 3876 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    11:16:45.0098 3876 bowser - ok
    11:16:45.0114 3876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    11:16:45.0114 3876 BrFiltLo - ok
    11:16:45.0129 3876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    11:16:45.0129 3876 BrFiltUp - ok
    11:16:45.0176 3876 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    11:16:45.0176 3876 BridgeMP - ok
    11:16:45.0207 3876 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    11:16:45.0207 3876 Browser - ok
    11:16:45.0223 3876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    11:16:45.0239 3876 Brserid - ok
    11:16:45.0254 3876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    11:16:45.0254 3876 BrSerWdm - ok
    11:16:45.0270 3876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    11:16:45.0270 3876 BrUsbMdm - ok
    11:16:45.0285 3876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    11:16:45.0285 3876 BrUsbSer - ok
    11:16:45.0317 3876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    11:16:45.0317 3876 BTHMODEM - ok
    11:16:45.0348 3876 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    11:16:45.0348 3876 bthserv - ok
    11:16:45.0363 3876 catchme - ok
    11:16:45.0410 3876 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\N360x64\0601020.00A\ccSetx64.sys
    11:16:45.0410 3876 ccSet_N360 - ok
    11:16:45.0473 3876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    11:16:45.0473 3876 cdfs - ok
    11:16:45.0504 3876 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    11:16:45.0504 3876 cdrom - ok
    11:16:45.0519 3876 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    11:16:45.0519 3876 CertPropSvc - ok
    11:16:45.0551 3876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    11:16:45.0551 3876 circlass - ok
    11:16:45.0582 3876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    11:16:45.0582 3876 CLFS - ok
    11:16:45.0629 3876 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    11:16:45.0644 3876 clr_optimization_v2.0.50727_32 - ok
    11:16:45.0675 3876 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    11:16:45.0675 3876 clr_optimization_v2.0.50727_64 - ok
    11:16:45.0722 3876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    11:16:45.0738 3876 clr_optimization_v4.0.30319_32 - ok
    11:16:45.0785 3876 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    11:16:45.0785 3876 clr_optimization_v4.0.30319_64 - ok
    11:16:45.0831 3876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    11:16:45.0831 3876 CmBatt - ok
    11:16:45.0831 3876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    11:16:45.0831 3876 cmdide - ok
    11:16:45.0863 3876 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    11:16:45.0878 3876 CNG - ok
    11:16:45.0894 3876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    11:16:45.0894 3876 Compbatt - ok
    11:16:45.0909 3876 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    11:16:45.0909 3876 CompositeBus - ok
    11:16:45.0925 3876 COMSysApp - ok
    11:16:45.0941 3876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    11:16:45.0941 3876 crcdisk - ok
    11:16:45.0956 3876 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    11:16:45.0956 3876 CryptSvc - ok
    11:16:46.0097 3876 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    11:16:46.0097 3876 cvhsvc - ok
    11:16:46.0175 3876 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    11:16:46.0190 3876 DcomLaunch - ok
    11:16:46.0221 3876 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    11:16:46.0221 3876 defragsvc - ok
    11:16:46.0253 3876 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    11:16:46.0253 3876 DfsC - ok
    11:16:46.0315 3876 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    11:16:46.0315 3876 Dhcp - ok
    11:16:46.0331 3876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    11:16:46.0331 3876 discache - ok
    11:16:46.0377 3876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    11:16:46.0377 3876 Disk - ok
    11:16:46.0409 3876 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    11:16:46.0409 3876 Dnscache - ok
    11:16:46.0471 3876 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
    11:16:46.0471 3876 DockLoginService - ok
    11:16:46.0487 3876 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    11:16:46.0487 3876 dot3svc - ok
    11:16:46.0549 3876 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    11:16:46.0549 3876 DPS - ok
    11:16:46.0580 3876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    11:16:46.0580 3876 drmkaud - ok
    11:16:46.0611 3876 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    11:16:46.0627 3876 DXGKrnl - ok
    11:16:46.0643 3876 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    11:16:46.0643 3876 EapHost - ok
    11:16:46.0705 3876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    11:16:46.0752 3876 ebdrv - ok
    11:16:46.0783 3876 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    11:16:46.0799 3876 eeCtrl - ok
    11:16:46.0830 3876 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    11:16:46.0830 3876 EFS - ok
    11:16:46.0892 3876 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    11:16:46.0892 3876 ehRecvr - ok
    11:16:46.0923 3876 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    11:16:46.0923 3876 ehSched - ok
    11:16:46.0955 3876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    11:16:46.0955 3876 elxstor - ok
    11:16:47.0001 3876 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    11:16:47.0001 3876 EraserUtilRebootDrv - ok
    11:16:47.0017 3876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    11:16:47.0017 3876 ErrDev - ok
    11:16:47.0048 3876 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    11:16:47.0064 3876 EventSystem - ok
    11:16:47.0095 3876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    11:16:47.0095 3876 exfat - ok
    11:16:47.0126 3876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    11:16:47.0126 3876 fastfat - ok
    11:16:47.0157 3876 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    11:16:47.0173 3876 Fax - ok
    11:16:47.0204 3876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    11:16:47.0204 3876 fdc - ok
    11:16:47.0204 3876 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    11:16:47.0220 3876 fdPHost - ok
    11:16:47.0220 3876 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    11:16:47.0235 3876 FDResPub - ok
    11:16:47.0251 3876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    11:16:47.0251 3876 FileInfo - ok
    11:16:47.0267 3876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    11:16:47.0267 3876 Filetrace - ok
    11:16:47.0282 3876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    11:16:47.0282 3876 flpydisk - ok
    11:16:47.0298 3876 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    11:16:47.0313 3876 FltMgr - ok
    11:16:47.0345 3876 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
    11:16:47.0345 3876 FontCache - ok
    11:16:47.0438 3876 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    11:16:47.0438 3876 FontCache3.0.0.0 - ok
    11:16:47.0469 3876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    11:16:47.0485 3876 FsDepends - ok
    11:16:47.0501 3876 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
    11:16:47.0501 3876 Fs_Rec - ok
    11:16:47.0532 3876 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    11:16:47.0547 3876 fvevol - ok
    11:16:47.0563 3876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    11:16:47.0563 3876 gagp30kx - ok
    11:16:47.0657 3876 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
    11:16:47.0657 3876 GameConsoleService - ok
    11:16:47.0735 3876 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    11:16:47.0735 3876 GEARAspiWDM - ok
    11:16:47.0781 3876 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    11:16:47.0781 3876 GoToAssist - ok
    11:16:47.0813 3876 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    11:16:47.0813 3876 gpsvc - ok
    11:16:47.0844 3876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    11:16:47.0844 3876 hcw85cir - ok
    11:16:47.0875 3876 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    11:16:47.0875 3876 HDAudBus - ok
    11:16:47.0906 3876 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    11:16:47.0906 3876 HECIx64 - ok
    11:16:47.0906 3876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    11:16:47.0922 3876 HidBatt - ok
    11:16:47.0937 3876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    11:16:47.0937 3876 HidBth - ok
    11:16:47.0953 3876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    11:16:47.0953 3876 HidIr - ok
    11:16:47.0969 3876 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
    11:16:47.0969 3876 hidserv - ok
    11:16:48.0000 3876 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    11:16:48.0000 3876 HidUsb - ok
    11:16:48.0015 3876 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    11:16:48.0015 3876 hkmsvc - ok
    11:16:48.0062 3876 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    11:16:48.0062 3876 HomeGroupListener - ok
    11:16:48.0093 3876 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    11:16:48.0093 3876 HomeGroupProvider - ok
    11:16:48.0109 3876 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    11:16:48.0109 3876 HpSAMD - ok
    11:16:48.0140 3876 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    11:16:48.0156 3876 HTTP - ok
    11:16:48.0171 3876 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    11:16:48.0171 3876 hwpolicy - ok
    11:16:48.0203 3876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    11:16:48.0203 3876 i8042prt - ok
    11:16:48.0249 3876 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    11:16:48.0249 3876 iaStorV - ok
    11:16:48.0296 3876 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    11:16:48.0296 3876 idsvc - ok
    11:16:48.0515 3876 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120411.001\IDSvia64.sys
    11:16:48.0530 3876 IDSVia64 - ok
    11:16:48.0702 3876 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
    11:16:48.0811 3876 igfx - ok
    11:16:48.0827 3876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    11:16:48.0827 3876 iirsp - ok
    11:16:48.0873 3876 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    11:16:48.0889 3876 IKEEXT - ok
    11:16:48.0905 3876 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
    11:16:48.0905 3876 Impcd - ok
    11:16:48.0983 3876 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\Windows\system32\drivers\RTKVHD64.sys
    11:16:49.0014 3876 IntcAzAudAddService - ok
    11:16:49.0029 3876 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
    11:16:49.0045 3876 IntcDAud - ok
    11:16:49.0061 3876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    11:16:49.0061 3876 intelide - ok
    11:16:49.0092 3876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    11:16:49.0092 3876 intelppm - ok
    11:16:49.0139 3876 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    11:16:49.0139 3876 IPBusEnum - ok
    11:16:49.0154 3876 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    11:16:49.0154 3876 IpFilterDriver - ok
    11:16:49.0170 3876 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    11:16:49.0185 3876 iphlpsvc - ok
    11:16:49.0217 3876 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    11:16:49.0217 3876 IPMIDRV - ok
    11:16:49.0248 3876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    11:16:49.0263 3876 IPNAT - ok
    11:16:49.0341 3876 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
    11:16:49.0357 3876 iPod Service - ok
    11:16:49.0404 3876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    11:16:49.0404 3876 IRENUM - ok
    11:16:49.0404 3876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    11:16:49.0404 3876 isapnp - ok
    11:16:49.0435 3876 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    11:16:49.0451 3876 iScsiPrt - ok
    11:16:49.0497 3876 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
    11:16:49.0513 3876 k57nd60a - ok
    11:16:49.0529 3876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    11:16:49.0544 3876 kbdclass - ok
    11:16:49.0544 3876 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    11:16:49.0544 3876 kbdhid - ok
    11:16:49.0591 3876 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:16:49.0591 3876 KeyIso - ok
    11:16:49.0638 3876 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    11:16:49.0638 3876 KSecDD - ok
    11:16:49.0653 3876 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    11:16:49.0669 3876 KSecPkg - ok
    11:16:49.0685 3876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    11:16:49.0685 3876 ksthunk - ok
    11:16:49.0716 3876 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    11:16:49.0716 3876 KtmRm - ok
    11:16:49.0747 3876 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
    11:16:49.0747 3876 LanmanServer - ok
    11:16:49.0778 3876 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    11:16:49.0778 3876 LanmanWorkstation - ok
    11:16:49.0809 3876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    11:16:49.0809 3876 lltdio - ok
    11:16:49.0841 3876 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    11:16:49.0841 3876 lltdsvc - ok
    11:16:49.0856 3876 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    11:16:49.0856 3876 lmhosts - ok
    11:16:49.0887 3876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    11:16:49.0919 3876 LSI_FC - ok
    11:16:49.0934 3876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    11:16:49.0934 3876 LSI_SAS - ok
    11:16:49.0965 3876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    11:16:49.0965 3876 LSI_SAS2 - ok
    11:16:49.0997 3876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    11:16:49.0997 3876 LSI_SCSI - ok
    11:16:50.0012 3876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    11:16:50.0012 3876 luafv - ok
    11:16:50.0075 3876 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    11:16:50.0075 3876 MBAMProtector - ok
    11:16:50.0121 3876 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    11:16:50.0121 3876 MBAMService - ok
    11:16:50.0137 3876 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    11:16:50.0153 3876 Mcx2Svc - ok
    11:16:50.0184 3876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    11:16:50.0184 3876 megasas - ok
    11:16:50.0231 3876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    11:16:50.0231 3876 MegaSR - ok
    11:16:50.0246 3876 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:16:50.0246 3876 MMCSS - ok
    11:16:50.0277 3876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    11:16:50.0277 3876 Modem - ok
    11:16:50.0324 3876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    11:16:50.0324 3876 monitor - ok
    11:16:50.0340 3876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    11:16:50.0340 3876 mouclass - ok
    11:16:50.0371 3876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    11:16:50.0371 3876 mouhid - ok
    11:16:50.0402 3876 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    11:16:50.0402 3876 mountmgr - ok
    11:16:50.0418 3876 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    11:16:50.0418 3876 mpio - ok
    11:16:50.0433 3876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    11:16:50.0449 3876 mpsdrv - ok
    11:16:50.0480 3876 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    11:16:50.0480 3876 MpsSvc - ok
    11:16:50.0511 3876 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    11:16:50.0511 3876 MRxDAV - ok
    11:16:50.0558 3876 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    11:16:50.0558 3876 mrxsmb - ok
    11:16:50.0589 3876 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    11:16:50.0589 3876 mrxsmb10 - ok
    11:16:50.0605 3876 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    11:16:50.0605 3876 mrxsmb20 - ok
    11:16:50.0621 3876 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
    11:16:50.0636 3876 msahci - ok
    11:16:50.0652 3876 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    11:16:50.0652 3876 msdsm - ok
    11:16:50.0667 3876 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    11:16:50.0667 3876 MSDTC - ok
    11:16:50.0699 3876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    11:16:50.0699 3876 Msfs - ok
    11:16:50.0714 3876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    11:16:50.0714 3876 mshidkmdf - ok
    11:16:50.0730 3876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    11:16:50.0730 3876 msisadrv - ok
    11:16:50.0761 3876 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    11:16:50.0761 3876 MSiSCSI - ok
    11:16:50.0777 3876 msiserver - ok
    11:16:50.0808 3876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    11:16:50.0808 3876 MSKSSRV - ok
    11:16:50.0823 3876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    11:16:50.0823 3876 MSPCLOCK - ok
    11:16:50.0823 3876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    11:16:50.0823 3876 MSPQM - ok
    11:16:50.0855 3876 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    11:16:50.0855 3876 MsRPC - ok
    11:16:50.0870 3876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    11:16:50.0870 3876 mssmbios - ok
    11:16:50.0886 3876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    11:16:50.0886 3876 MSTEE - ok
    11:16:50.0901 3876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    11:16:50.0901 3876 MTConfig - ok
    11:16:50.0917 3876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    11:16:50.0917 3876 Mup - ok
    11:16:50.0995 3876 N360 (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe
    11:16:51.0011 3876 N360 - ok
    11:16:51.0042 3876 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    11:16:51.0042 3876 napagent - ok
    11:16:51.0073 3876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    11:16:51.0073 3876 NativeWifiP - ok
    11:16:51.0229 3876 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120412.001\ENG64.SYS
    11:16:51.0229 3876 NAVENG - ok
    11:16:51.0276 3876 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120412.001\EX64.SYS
    11:16:51.0291 3876 NAVEX15 - ok
    11:16:51.0323 3876 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    11:16:51.0338 3876 NDIS - ok
    11:16:51.0369 3876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    11:16:51.0369 3876 NdisCap - ok
    11:16:51.0385 3876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    11:16:51.0401 3876 NdisTapi - ok
    11:16:51.0416 3876 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    11:16:51.0416 3876 Ndisuio - ok
    11:16:51.0432 3876 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    11:16:51.0432 3876 NdisWan - ok
    11:16:51.0447 3876 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    11:16:51.0447 3876 NDProxy - ok
    11:16:51.0463 3876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    11:16:51.0463 3876 NetBIOS - ok
    11:16:51.0479 3876 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    11:16:51.0494 3876 NetBT - ok
    11:16:51.0541 3876 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:16:51.0541 3876 Netlogon - ok
    11:16:51.0588 3876 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    11:16:51.0603 3876 Netman - ok
    11:16:51.0619 3876 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    11:16:51.0635 3876 netprofm - ok
    11:16:51.0713 3876 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
     
  21. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    11:16:51.0713 3876 NetTcpPortSharing - ok
    11:16:51.0775 3876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    11:16:51.0775 3876 nfrd960 - ok
    11:16:51.0791 3876 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    11:16:51.0806 3876 NlaSvc - ok
    11:16:51.0822 3876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    11:16:51.0822 3876 Npfs - ok
    11:16:51.0837 3876 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    11:16:51.0837 3876 nsi - ok
    11:16:51.0853 3876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    11:16:51.0853 3876 nsiproxy - ok
    11:16:51.0900 3876 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    11:16:51.0915 3876 Ntfs - ok
    11:16:51.0931 3876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    11:16:51.0931 3876 Null - ok
    11:16:51.0947 3876 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    11:16:51.0947 3876 nvraid - ok
    11:16:51.0993 3876 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    11:16:52.0009 3876 nvstor - ok
    11:16:52.0025 3876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    11:16:52.0025 3876 nv_agp - ok
    11:16:52.0040 3876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    11:16:52.0040 3876 ohci1394 - ok
    11:16:52.0196 3876 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    11:16:52.0196 3876 ose - ok
    11:16:52.0368 3876 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    11:16:52.0430 3876 osppsvc - ok
    11:16:52.0446 3876 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:16:52.0446 3876 p2pimsvc - ok
    11:16:52.0461 3876 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    11:16:52.0477 3876 p2psvc - ok
    11:16:52.0493 3876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    11:16:52.0493 3876 Parport - ok
    11:16:52.0508 3876 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    11:16:52.0508 3876 partmgr - ok
    11:16:52.0539 3876 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    11:16:52.0539 3876 PcaSvc - ok
    11:16:52.0617 3876 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
    11:16:52.0617 3876 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
    11:16:52.0649 3876 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    11:16:52.0649 3876 pci - ok
    11:16:52.0664 3876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    11:16:52.0664 3876 pciide - ok
    11:16:52.0711 3876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    11:16:52.0711 3876 pcmcia - ok
    11:16:52.0727 3876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    11:16:52.0727 3876 pcw - ok
    11:16:52.0758 3876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    11:16:52.0758 3876 PEAUTH - ok
    11:16:52.0836 3876 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    11:16:52.0836 3876 PerfHost - ok
    11:16:52.0883 3876 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    11:16:52.0898 3876 pla - ok
    11:16:52.0929 3876 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    11:16:52.0945 3876 PlugPlay - ok
    11:16:52.0976 3876 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    11:16:52.0976 3876 PNRPAutoReg - ok
    11:16:52.0992 3876 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    11:16:52.0992 3876 PNRPsvc - ok
    11:16:53.0023 3876 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    11:16:53.0039 3876 PolicyAgent - ok
    11:16:53.0070 3876 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    11:16:53.0070 3876 Power - ok
    11:16:53.0132 3876 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    11:16:53.0132 3876 PptpMiniport - ok
    11:16:53.0148 3876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    11:16:53.0148 3876 Processor - ok
    11:16:53.0179 3876 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    11:16:53.0179 3876 ProfSvc - ok
    11:16:53.0210 3876 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:16:53.0210 3876 ProtectedStorage - ok
    11:16:53.0226 3876 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    11:16:53.0226 3876 Psched - ok
    11:16:53.0257 3876 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    11:16:53.0257 3876 PxHlpa64 - ok
    11:16:53.0335 3876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    11:16:53.0351 3876 ql2300 - ok
    11:16:53.0351 3876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    11:16:53.0366 3876 ql40xx - ok
    11:16:53.0382 3876 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    11:16:53.0382 3876 QWAVE - ok
    11:16:53.0397 3876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    11:16:53.0397 3876 QWAVEdrv - ok
    11:16:53.0413 3876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    11:16:53.0413 3876 RasAcd - ok
    11:16:53.0460 3876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    11:16:53.0460 3876 RasAgileVpn - ok
    11:16:53.0475 3876 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    11:16:53.0475 3876 RasAuto - ok
    11:16:53.0491 3876 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    11:16:53.0491 3876 Rasl2tp - ok
    11:16:53.0522 3876 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    11:16:53.0538 3876 RasMan - ok
    11:16:53.0553 3876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    11:16:53.0553 3876 RasPppoe - ok
    11:16:53.0569 3876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    11:16:53.0569 3876 RasSstp - ok
    11:16:53.0600 3876 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    11:16:53.0600 3876 rdbss - ok
    11:16:53.0616 3876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    11:16:53.0616 3876 rdpbus - ok
    11:16:53.0647 3876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    11:16:53.0647 3876 RDPCDD - ok
    11:16:53.0694 3876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    11:16:53.0694 3876 RDPENCDD - ok
    11:16:53.0709 3876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    11:16:53.0709 3876 RDPREFMP - ok
    11:16:53.0725 3876 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
    11:16:53.0741 3876 RDPWD - ok
    11:16:53.0772 3876 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    11:16:53.0772 3876 rdyboost - ok
    11:16:53.0787 3876 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    11:16:53.0803 3876 RemoteAccess - ok
    11:16:53.0819 3876 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    11:16:53.0819 3876 RemoteRegistry - ok
    11:16:53.0834 3876 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    11:16:53.0834 3876 RpcEptMapper - ok
    11:16:53.0865 3876 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    11:16:53.0865 3876 RpcLocator - ok
    11:16:53.0897 3876 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    11:16:53.0897 3876 RpcSs - ok
    11:16:53.0928 3876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    11:16:53.0928 3876 rspndr - ok
    11:16:53.0928 3876 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:16:53.0928 3876 SamSs - ok
    11:16:53.0943 3876 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    11:16:53.0959 3876 sbp2port - ok
    11:16:53.0975 3876 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    11:16:53.0975 3876 SCardSvr - ok
    11:16:54.0006 3876 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    11:16:54.0006 3876 scfilter - ok
    11:16:54.0053 3876 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    11:16:54.0068 3876 Schedule - ok
    11:16:54.0099 3876 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    11:16:54.0099 3876 SCPolicySvc - ok
    11:16:54.0099 3876 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    11:16:54.0115 3876 SDRSVC - ok
    11:16:54.0131 3876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    11:16:54.0131 3876 secdrv - ok
    11:16:54.0146 3876 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    11:16:54.0146 3876 seclogon - ok
    11:16:54.0162 3876 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
    11:16:54.0162 3876 SENS - ok
    11:16:54.0177 3876 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    11:16:54.0177 3876 SensrSvc - ok
    11:16:54.0177 3876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    11:16:54.0177 3876 Serenum - ok
    11:16:54.0224 3876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    11:16:54.0224 3876 Serial - ok
    11:16:54.0240 3876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    11:16:54.0240 3876 sermouse - ok
    11:16:54.0255 3876 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    11:16:54.0271 3876 SessionEnv - ok
    11:16:54.0287 3876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    11:16:54.0287 3876 sffdisk - ok
    11:16:54.0302 3876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    11:16:54.0302 3876 sffp_mmc - ok
    11:16:54.0333 3876 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    11:16:54.0333 3876 sffp_sd - ok
    11:16:54.0349 3876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    11:16:54.0349 3876 sfloppy - ok
    11:16:54.0411 3876 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
    11:16:54.0411 3876 Sftfs - ok
    11:16:54.0536 3876 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    11:16:54.0536 3876 sftlist - ok
    11:16:54.0567 3876 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    11:16:54.0583 3876 Sftplay - ok
    11:16:54.0599 3876 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    11:16:54.0599 3876 Sftredir - ok
    11:16:54.0645 3876 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    11:16:54.0645 3876 SftService - ok
    11:16:54.0661 3876 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    11:16:54.0661 3876 Sftvol - ok
    11:16:54.0677 3876 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    11:16:54.0677 3876 sftvsa - ok
    11:16:54.0755 3876 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    11:16:54.0755 3876 SharedAccess - ok
    11:16:54.0801 3876 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    11:16:54.0801 3876 ShellHWDetection - ok
    11:16:54.0848 3876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    11:16:54.0848 3876 SiSRaid2 - ok
    11:16:54.0864 3876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    11:16:54.0879 3876 SiSRaid4 - ok
    11:16:54.0911 3876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    11:16:54.0911 3876 Smb - ok
    11:16:54.0957 3876 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    11:16:54.0957 3876 SNMPTRAP - ok
    11:16:54.0973 3876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    11:16:54.0973 3876 spldr - ok
    11:16:55.0004 3876 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    11:16:55.0020 3876 Spooler - ok
    11:16:55.0098 3876 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    11:16:55.0113 3876 sppsvc - ok
    11:16:55.0129 3876 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    11:16:55.0145 3876 sppuinotify - ok
    11:16:55.0223 3876 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\N360x64\0601020.00A\SRTSP64.SYS
    11:16:55.0238 3876 SRTSP - ok
    11:16:55.0254 3876 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\N360x64\0601020.00A\SRTSPX64.SYS
    11:16:55.0254 3876 SRTSPX - ok
    11:16:55.0332 3876 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    11:16:55.0332 3876 srv - ok
    11:16:55.0363 3876 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    11:16:55.0363 3876 srv2 - ok
    11:16:55.0379 3876 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    11:16:55.0394 3876 srvnet - ok
    11:16:55.0441 3876 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    11:16:55.0441 3876 SSDPSRV - ok
    11:16:55.0457 3876 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    11:16:55.0472 3876 SstpSvc - ok
    11:16:55.0488 3876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    11:16:55.0488 3876 stexstor - ok
    11:16:55.0519 3876 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    11:16:55.0535 3876 stisvc - ok
    11:16:55.0550 3876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    11:16:55.0550 3876 swenum - ok
    11:16:55.0566 3876 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    11:16:55.0566 3876 swprv - ok
    11:16:55.0597 3876 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMDS64.SYS
    11:16:55.0597 3876 SymDS - ok
    11:16:55.0628 3876 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\N360x64\0601020.00A\SYMEFA64.SYS
    11:16:55.0644 3876 SymEFA - ok
    11:16:55.0691 3876 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    11:16:55.0691 3876 SymEvent - ok
    11:16:55.0706 3876 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\N360x64\0601020.00A\Ironx64.SYS
    11:16:55.0706 3876 SymIRON - ok
    11:16:55.0737 3876 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\N360x64\0601020.00A\SYMNETS.SYS
    11:16:55.0737 3876 SymNetS - ok
    11:16:55.0800 3876 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    11:16:55.0815 3876 SysMain - ok
    11:16:55.0878 3876 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    11:16:55.0878 3876 TabletInputService - ok
    11:16:55.0893 3876 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    11:16:55.0909 3876 TapiSrv - ok
    11:16:55.0925 3876 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    11:16:55.0925 3876 TBS - ok
    11:16:55.0987 3876 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
    11:16:56.0003 3876 Tcpip - ok
    11:16:56.0034 3876 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
    11:16:56.0034 3876 TCPIP6 - ok
    11:16:56.0065 3876 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    11:16:56.0065 3876 tcpipreg - ok
    11:16:56.0065 3876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    11:16:56.0081 3876 TDPIPE - ok
    11:16:56.0096 3876 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
    11:16:56.0096 3876 TDTCP - ok
    11:16:56.0127 3876 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    11:16:56.0127 3876 tdx - ok
    11:16:56.0143 3876 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    11:16:56.0143 3876 TermDD - ok
    11:16:56.0174 3876 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    11:16:56.0190 3876 TermService - ok
    11:16:56.0205 3876 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    11:16:56.0205 3876 Themes - ok
    11:16:56.0237 3876 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    11:16:56.0237 3876 THREADORDER - ok
    11:16:56.0252 3876 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    11:16:56.0252 3876 TrkWks - ok
    11:16:56.0299 3876 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    11:16:56.0299 3876 TrustedInstaller - ok
    11:16:56.0315 3876 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    11:16:56.0315 3876 tssecsrv - ok
    11:16:56.0377 3876 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    11:16:56.0377 3876 tunnel - ok
    11:16:56.0408 3876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    11:16:56.0408 3876 uagp35 - ok
    11:16:56.0439 3876 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
    11:16:56.0439 3876 udfs - ok
    11:16:56.0455 3876 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    11:16:56.0455 3876 UI0Detect - ok
    11:16:56.0471 3876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    11:16:56.0471 3876 uliagpkx - ok
    11:16:56.0502 3876 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    11:16:56.0502 3876 umbus - ok
    11:16:56.0549 3876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    11:16:56.0549 3876 UmPass - ok
    11:16:56.0564 3876 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    11:16:56.0580 3876 upnphost - ok
    11:16:56.0611 3876 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    11:16:56.0611 3876 USBAAPL64 - ok
    11:16:56.0673 3876 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\drivers\usbccgp.sys
    11:16:56.0673 3876 usbccgp - ok
    11:16:56.0705 3876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    11:16:56.0705 3876 usbcir - ok
    11:16:56.0736 3876 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
    11:16:56.0736 3876 usbehci - ok
    11:16:56.0751 3876 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
    11:16:56.0767 3876 usbhub - ok
    11:16:56.0783 3876 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
    11:16:56.0798 3876 usbohci - ok
    11:16:56.0814 3876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    11:16:56.0814 3876 usbprint - ok
    11:16:56.0845 3876 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    11:16:56.0845 3876 USBSTOR - ok
    11:16:56.0861 3876 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
    11:16:56.0861 3876 usbuhci - ok
    11:16:56.0907 3876 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    11:16:56.0907 3876 UxSms - ok
    11:16:56.0939 3876 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    11:16:56.0939 3876 VaultSvc - ok
    11:16:56.0954 3876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    11:16:56.0954 3876 vdrvroot - ok
    11:16:56.0985 3876 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    11:16:57.0001 3876 vds - ok
    11:16:57.0001 3876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    11:16:57.0017 3876 vga - ok
    11:16:57.0017 3876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    11:16:57.0017 3876 VgaSave - ok
    11:16:57.0032 3876 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    11:16:57.0048 3876 vhdmp - ok
    11:16:57.0048 3876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    11:16:57.0048 3876 viaide - ok
    11:16:57.0063 3876 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    11:16:57.0063 3876 volmgr - ok
    11:16:57.0079 3876 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    11:16:57.0079 3876 volmgrx - ok
    11:16:57.0095 3876 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    11:16:57.0110 3876 volsnap - ok
    11:16:57.0126 3876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    11:16:57.0126 3876 vsmraid - ok
    11:16:57.0173 3876 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    11:16:57.0204 3876 VSS - ok
    11:16:57.0219 3876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    11:16:57.0219 3876 vwifibus - ok
    11:16:57.0251 3876 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    11:16:57.0251 3876 W32Time - ok
    11:16:57.0266 3876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    11:16:57.0266 3876 WacomPen - ok
    11:16:57.0282 3876 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    11:16:57.0282 3876 WANARP - ok
    11:16:57.0297 3876 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    11:16:57.0297 3876 Wanarpv6 - ok
    11:16:57.0360 3876 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    11:16:57.0391 3876 WatAdminSvc - ok
    11:16:57.0422 3876 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    11:16:57.0438 3876 wbengine - ok
    11:16:57.0453 3876 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    11:16:57.0453 3876 WbioSrvc - ok
    11:16:57.0500 3876 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    11:16:57.0500 3876 wcncsvc - ok
    11:16:57.0531 3876 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    11:16:57.0531 3876 WcsPlugInService - ok
    11:16:57.0563 3876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    11:16:57.0563 3876 Wd - ok
    11:16:57.0578 3876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    11:16:57.0594 3876 Wdf01000 - ok
    11:16:57.0609 3876 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:16:57.0609 3876 WdiServiceHost - ok
    11:16:57.0625 3876 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    11:16:57.0625 3876 WdiSystemHost - ok
    11:16:57.0641 3876 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    11:16:57.0656 3876 WebClient - ok
    11:16:57.0672 3876 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    11:16:57.0672 3876 Wecsvc - ok
    11:16:57.0687 3876 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    11:16:57.0703 3876 wercplsupport - ok
    11:16:57.0719 3876 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    11:16:57.0734 3876 WerSvc - ok
    11:16:57.0781 3876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    11:16:57.0781 3876 WfpLwf - ok
    11:16:57.0812 3876 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    11:16:57.0812 3876 WimFltr - ok
    11:16:57.0828 3876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    11:16:57.0828 3876 WIMMount - ok
    11:16:57.0890 3876 WinDefend - ok
    11:16:57.0906 3876 WinHttpAutoProxySvc - ok
    11:16:57.0953 3876 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    11:16:57.0953 3876 Winmgmt - ok
    11:16:58.0031 3876 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    11:16:58.0046 3876 WinRM - ok
    11:16:58.0077 3876 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    11:16:58.0093 3876 Wlansvc - ok
    11:16:58.0109 3876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    11:16:58.0109 3876 WmiAcpi - ok
    11:16:58.0124 3876 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    11:16:58.0124 3876 wmiApSrv - ok
    11:16:58.0140 3876 WMPNetworkSvc - ok
    11:16:58.0155 3876 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    11:16:58.0155 3876 WPCSvc - ok
    11:16:58.0171 3876 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    11:16:58.0171 3876 WPDBusEnum - ok
    11:16:58.0187 3876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    11:16:58.0187 3876 ws2ifsl - ok
    11:16:58.0233 3876 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
    11:16:58.0233 3876 wscsvc - ok
    11:16:58.0233 3876 WSearch - ok
    11:16:58.0296 3876 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
    11:16:58.0311 3876 wuauserv - ok
    11:16:58.0327 3876 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
    11:16:58.0327 3876 WudfPf - ok
    11:16:58.0343 3876 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
    11:16:58.0358 3876 WUDFRd - ok
    11:16:58.0358 3876 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
    11:16:58.0374 3876 wudfsvc - ok
    11:16:58.0389 3876 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    11:16:58.0389 3876 WwanSvc - ok
    11:16:58.0405 3876 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
    11:16:58.0436 3876 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    11:16:58.0436 3876 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    11:16:58.0436 3876 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
    11:16:58.0452 3876 \Device\Harddisk1\DR1 - ok
    11:16:58.0499 3876 Boot (0x1200) (542185cd21be6a01c7a95fed473983f9) \Device\Harddisk0\DR0\Partition0
    11:16:58.0499 3876 \Device\Harddisk0\DR0\Partition0 - ok
    11:16:58.0499 3876 Boot (0x1200) (7debc66004e9259fd95ef6c980112d15) \Device\Harddisk0\DR0\Partition1
    11:16:58.0499 3876 \Device\Harddisk0\DR0\Partition1 - ok
    11:16:58.0514 3876 Boot (0x1200) (47e8d020bfac03a6a412efa409623db4) \Device\Harddisk1\DR1\Partition0
    11:16:58.0514 3876 \Device\Harddisk1\DR1\Partition0 - ok
    11:16:58.0514 3876 ============================================================
    11:16:58.0514 3876 Scan finished
    11:16:58.0514 3876 ============================================================
    11:16:58.0514 8776 Detected object count: 1
    11:16:58.0514 8776 Actual detected object count: 1
    11:20:21.0080 8776 \Device\Harddisk0\DR0\# - copied to quarantine
    11:20:21.0080 8776 \Device\Harddisk0\DR0 - copied to quarantine
    11:20:21.0096 8776 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    11:20:21.0112 8776 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    11:20:21.0112 8776 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    11:20:21.0112 8776 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    11:20:21.0112 8776 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    11:20:21.0112 8776 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    11:20:21.0127 8776 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    11:20:21.0127 8776 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    11:20:21.0127 8776 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    11:20:21.0127 8776 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    11:20:21.0127 8776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Quarantine
    11:20:38.0114 2580 Deinitialize success
     
  22. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    OTL logfile created on: 4/12/2012 11:39:12 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Bunzo\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.80 Gb Total Physical Memory | 3.90 Gb Available Physical Memory | 67.12% Memory free
    11.61 Gb Paging File | 9.68 Gb Available in Paging File | 83.40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.03 Gb Total Space | 874.55 Gb Free Space | 95.06% Space Free | Partition Type: NTFS
    Drive E: | 3.67 Gb Total Space | 2.48 Gb Free Space | 67.49% Space Free | Partition Type: FAT32

    Computer Name: BUNZO-PC | User Name: Bunzo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Bunzo\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
    PRC - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    PRC - \\.\globalroot\systemroot\svchost.exe ()
    PRC - \\.\globalroot\systemroot\svchost.exe ()
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e0dbdfca9d4a65b1189481a168295866\System.Web.Services.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll ()
    MOD - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ccSvcHst.exe (Symantec Corporation)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (SymEvent) -- C:\WINDOWS\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (USBAAPL64) -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (MBAMProtector) -- C:\WINDOWS\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (SymEFA) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\symefa64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSP) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\srtsp64.sys (Symantec Corporation)
    DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\srtspx64.sys (Symantec Corporation)
    DRV:64bit: - (SymNetS) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\symnets.sys (Symantec Corporation)
    DRV:64bit: - (SymIRON) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\ironx64.sys (Symantec Corporation)
    DRV:64bit: - (ccSet_N360) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\ccsetx64.sys (Symantec Corporation)
    DRV:64bit: - (Sftvol) -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (SymDS) -- C:\WINDOWS\SysNative\drivers\N360x64\0601020.00A\symds64.sys (Symantec Corporation)
    DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
    DRV:64bit: - (igfx) -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (Impcd) -- C:\WINDOWS\SysNative\drivers\Impcd.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) Intel(R) -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (HECIx64) Intel(R) -- C:\WINDOWS\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120412.001\ex64.sys (Symantec Corporation)
    DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20120412.001\eng64.sys (Symantec Corporation)
    DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20120402.001\BHDrvx64.sys (Symantec Corporation)
    DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20120411.001\IDSviA64.sys (Symantec Corporation)
    DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
    DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
    DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FB65D59D-11E3-4B4A-9D27-03BAE8AF5437}
    IE:64bit: - HKLM\..\SearchScopes\{FB65D59D-11E3-4B4A-9D27-03BAE8AF5437}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {131F6E71-FE59-4B41-B118-AD8080ACBFA7}
    IE - HKLM\..\SearchScopes\{131F6E71-FE59-4B41-B118-AD8080ACBFA7}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
    IE - HKCU\..\SearchScopes,DefaultScope = {131F6E71-FE59-4B41-B118-AD8080ACBFA7}
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=retail&geo=US&ver=6
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/03/10 11:58:42 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/04/12 11:26:19 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2012/04/09 02:16:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.1.2.10\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
    O4 - HKCU..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
    O4 - Startup: C:\Users\Bunzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79A954A8-DEA2-4DB4-8360-614D0F94867D}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/12 11:34:21 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Bunzo\Desktop\OTL.exe
    [2012/04/12 11:20:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/04/12 11:14:44 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\Desktop\tdsskiller
    [2012/04/09 02:19:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/04/09 02:16:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/04/09 02:08:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/08 19:06:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/04/08 18:46:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/08 18:46:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/08 18:41:40 | 004,452,952 | R--- | C] (Swearware) -- C:\Users\Bunzo\Desktop\ComboFix.exe
    [2012/04/08 18:34:45 | 000,000,000 | ---D | C] -- C:\_OTM
    [2012/04/08 18:33:43 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Bunzo\Desktop\OTM.exe
    [2012/04/08 18:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/04/07 20:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/04/07 19:12:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/07 19:10:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/05 12:24:17 | 000,000,000 | ---D | C] -- C:\HiJackThis
    [2012/04/03 15:38:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Bunzo\Desktop\dds.scr
    [2012/04/03 15:36:42 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\AppData\Roaming\Malwarebytes
    [2012/04/03 15:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/04/03 15:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/04/03 15:36:35 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/04/03 15:36:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/04/03 15:35:40 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bunzo\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/03/27 18:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2012/03/27 17:58:39 | 000,000,000 | ---D | C] -- C:\Users\Bunzo\My Backup Files
    [2012/03/23 15:00:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/03/16 00:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/03/16 00:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/03/16 00:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/03/16 00:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/03/16 00:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

    ========== Files - Modified Within 30 Days ==========

    [2012/04/12 11:34:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/12 11:34:26 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/12 11:34:22 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Bunzo\Desktop\OTL.exe
    [2012/04/12 11:30:23 | 000,727,246 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/04/12 11:30:23 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/04/12 11:30:23 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/04/12 11:26:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/12 11:26:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/12 11:25:52 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/12 11:14:12 | 002,052,353 | ---- | M] () -- C:\Users\Bunzo\Desktop\tdsskiller.zip
    [2012/04/12 03:00:33 | 001,612,281 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\Cat.DB
    [2012/04/11 18:40:43 | 000,008,942 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\VT20120410.034
    [2012/04/11 15:01:23 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/04/09 15:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/04/09 02:16:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/04/08 23:42:40 | 000,458,240 | ---- | M] () -- C:\Users\Bunzo\Desktop\CKScanner.exe
    [2012/04/08 18:41:40 | 004,452,952 | R--- | M] (Swearware) -- C:\Users\Bunzo\Desktop\ComboFix.exe
    [2012/04/08 18:33:48 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Bunzo\Desktop\OTM.exe
    [2012/04/05 12:24:34 | 000,305,771 | ---- | M] () -- C:\Users\Bunzo\Desktop\HijackThis.zip
    [2012/04/05 12:19:58 | 000,879,714 | ---- | M] () -- C:\Users\Bunzo\Desktop\SecurityCheck.exe
    [2012/04/03 15:42:53 | 000,000,717 | -H-- | M] () -- C:\IPH.PH
    [2012/04/03 15:42:40 | 000,002,024 | ---- | M] () -- C:\Users\Bunzo\Desktop\Retry AIM Installation.lnk
    [2012/04/03 15:38:50 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Bunzo\Desktop\dds.scr
    [2012/04/03 15:36:37 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/03 15:35:52 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bunzo\Desktop\mbam-setup-1.60.1.1000.exe
    [2012/04/03 15:32:33 | 003,393,054 | ---- | M] () -- C:\Users\Bunzo\Desktop\untitled.bmp
    [2012/03/29 03:17:10 | 000,002,312 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2012/03/29 03:00:44 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/23 18:17:10 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/03/23 18:17:10 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/03/23 18:17:10 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/03/19 21:42:46 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0601020.00A\isolate.ini
    [2012/03/16 00:28:12 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/03/16 00:25:39 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/03/14 03:17:04 | 000,356,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/04/12 11:14:09 | 002,052,353 | ---- | C] () -- C:\Users\Bunzo\Desktop\tdsskiller.zip
    [2012/04/08 23:42:38 | 000,458,240 | ---- | C] () -- C:\Users\Bunzo\Desktop\CKScanner.exe
    [2012/04/08 18:46:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/08 18:46:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/08 18:46:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/08 18:46:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/07 19:12:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/05 12:24:33 | 000,305,771 | ---- | C] () -- C:\Users\Bunzo\Desktop\HijackThis.zip
    [2012/04/05 12:19:55 | 000,879,714 | ---- | C] () -- C:\Users\Bunzo\Desktop\SecurityCheck.exe
    [2012/04/03 15:43:10 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/03 15:42:39 | 000,002,024 | ---- | C] () -- C:\Users\Bunzo\Desktop\Retry AIM Installation.lnk
    [2012/04/03 15:36:37 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/04/03 15:32:33 | 003,393,054 | ---- | C] () -- C:\Users\Bunzo\Desktop\untitled.bmp
    [2012/03/27 18:02:31 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/03/16 00:28:12 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/03/16 00:25:39 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/12/01 02:14:48 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2010/12/01 02:14:48 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/12/01 02:14:48 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010/12/01 02:14:46 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2010/12/01 02:14:43 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

    ========== LOP Check ==========

    [2012/01/18 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Bunzo\AppData\Roaming\acccore
    [2012/01/09 16:00:01 | 000,000,000 | ---D | M] -- C:\Users\Bunzo\AppData\Roaming\PCDr
    [2012/03/27 18:03:25 | 000,000,000 | ---D | M] -- C:\Users\Bunzo\AppData\Roaming\SoftGrid Client
    [2012/03/27 18:03:23 | 000,000,000 | ---D | M] -- C:\Users\Bunzo\AppData\Roaming\TP
    [2012/04/09 15:00:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2009/07/13 22:08:49 | 000,009,100 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/04/11 15:01:23 | 000,000,422 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2010/12/01 02:35:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\WINDOWS\ERDNT\cache86\explorer.exe
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\WINDOWS\explorer.exe
    [2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
    [2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
    [2010/12/01 02:35:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\WINDOWS\SysWOW64\explorer.exe
    [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/12/01 02:35:37 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
    [2010/12/01 02:35:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/12/01 02:35:50 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
    [2010/12/01 02:35:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
    [2010/12/01 02:35:50 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
    [2010/12/01 02:35:43 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
    [2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
    [2010/12/01 02:35:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
    [2010/12/01 02:35:37 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
    [2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
    [2010/12/01 02:35:43 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
    [2010/12/01 02:35:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\ERDNT\cache86\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\SysWOW64\userinit.exe
    [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\ERDNT\cache64\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
    [2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2010/12/01 02:35:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2010/12/01 02:35:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\WINDOWS\ERDNT\cache64\winlogon.exe
    [2010/12/01 02:35:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
    [2010/12/01 02:35:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

    < %systemroot%\*. /mp /s >

    < End of report >
     
  23. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    OTL Extras logfile created on: 4/12/2012 11:39:12 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Bunzo\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.80 Gb Total Physical Memory | 3.90 Gb Available Physical Memory | 67.12% Memory free
    11.61 Gb Paging File | 9.68 Gb Available in Paging File | 83.40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.03 Gb Total Space | 874.55 Gb Free Space | 95.06% Space Free | Partition Type: NTFS
    Drive E: | 3.67 Gb Total Space | 2.48 Gb Free Space | 67.49% Space Free | Partition Type: FAT32

    Computer Name: BUNZO-PC | User Name: Bunzo | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
    "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "CCleaner" = CCleaner
    "Dell Support Center" = Dell Support Center
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DBA8B9E1-C6FF-4624-9598-73D3B41A0905}" = Microsoft Digital Image Pro 9
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "AIM_7" = AIM 7
    "Dell Dock" = Dell Dock
    "ESET Online Scanner" = ESET Online Scanner v3
    "GoToAssist" = GoToAssist 8.0.0.514
    "InstallShield_{23B4636C-A780-4FEB-B4C9-A2564E9B9F7C}" = Multimedia Card Reader
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "N360" = Norton 360
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "PictureIt_POD_v9" = Microsoft Digital Image Library 9
    "PictureIt_v9" = Microsoft Digital Image Pro 9
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinLiveSuite_Wave3" = Windows Live Essentials

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  24. Tweez23

    Tweez23 TS Rookie Topic Starter Posts: 41

    Redirect seems to have stopped but malware bytes keeps popping up that an attack is trying to occur from a malicious site and says svc.host.exe
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Your thread got caught between the site upgrade and my recent internet up and down problems- sorry.

    If Malwarebytes is protecting you from malware trying to access the system, it's doing it's job. But you will need to clarify this entry>
    svc.host.exe. Are you sure it's not svchost.exe and are you sure it's not something from within the system trying to access the internet instead?

    Are you seeing an IP when Mbam blocks? If so, please let me know what it is.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...