Solved Google redirect virus/ask the crew

pmaffe03

Posts: 17   +0
Have followed the steps for the Preliminary Spyware Removal. Here are the results. Thank you in advance..fingers crossed!

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.22.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Pete :: PETE-PC [administrator]

3/22/2012 1:15:26 PM
mbam-log-2012-03-22 (13-15-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 269775
Time elapsed: 37 minute(s), 59 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2488 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\Temp\0.24179367839262145 (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\Temp\0.4194024586671121 (Exploit.Drop.9) -> Quarantined and deleted successfully.
C:\Windows\Temp\0.7664116825612824 (Exploit.Drop.9) -> Quarantined and deleted successfully.

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-22 21:47:05
Windows 6.1.7600
Running: Gamer.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B0CJA223\load[2].js 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6ETZLY6H\navcancl[2] 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6ETZLY6H\info_48[2] 4113 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6W14BVPA\data_sync[2].htm 26 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6W14BVPA\search[1].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6W14BVPA\iframe3[2].htm 916 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6W14BVPA\KonaGet[1].js 1282 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\ptj[2].js 188 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\pixel[1].js 906 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\pixel[2].js 906 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\get[2].png 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\01[2].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\logCA1AEABP.txt 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\beacon[6].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\beacon[7].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\freq[3].htm 395 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\screenhunter_01_jan._30_11.57[1].jpg 7686 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\screenhunter_31_dec._28_11.20[1].jpg 9266 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\olsen-superga-shoies[1].jpg 7888 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\ddcCAYA8BMY.htm 11861 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\vdaygiftsforwomen-main[1].jpg 7385 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\robert-p-010511-8[1].jpg 4871 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\robert-pattinson-011611a-4[1].jpg 4689 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\sddefault[2].jpg 21429 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\blanc-12612-story[1].jpg 6065 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\ajs[9].js 2172 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\adview[2].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\iframe3[6].htm 641 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\eventCAX2HB5S.js 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\service[3].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\main[2].css 52602 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\vehiclenav_input[1].gif 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\data[3].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\03.1.gif[1].gif 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\topSafety[1].gif 3425 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\toyota_care_cars[1].jpg 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\fastbutton[5].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\fastbutton[6].htm 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\ping[4].gif 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\logCANGL9TG.txt 0 bytes
File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\logCAWQ44QQ.txt 0 bytes
File C:\Windows\Temp\Cookies\SRDFL8B3.txt 0 bytes
File C:\Windows\Temp\Cookies\HQCORV63.txt 0 bytes
File C:\Windows\Temp\Cookies\ID63S76U.txt 0 bytes
File C:\Windows\Temp\Cookies\7JLG7OVW.txt 0 bytes
File C:\Windows\Temp\Cookies\UZ60CNSH.txt 0 bytes
File C:\Windows\Temp\Cookies\UZHBW3Q6.txt 0 bytes
File C:\Windows\Temp\Cookies\5MNTNHQQ.txt 455 bytes
File C:\Windows\Temp\Cookies\3WV7BS0V.txt 10612 bytes
File C:\Windows\Temp\Cookies\IGGWQBDT.txt 0 bytes
File C:\Windows\Temp\Cookies\M5C650PE.txt 0 bytes
File C:\Windows\Temp\Cookies\68LI30ID.txt 167 bytes
File C:\Windows\Temp\Cookies\2M3ITDTQ.txt 0 bytes
File C:\Windows\Temp\Cookies\NYRMDN93.txt 766 bytes
File C:\Windows\Temp\Cookies\84C62LF6.txt 0 bytes
File C:\Windows\Temp\Cookies\0M1M8A48.txt 328 bytes
File C:\Windows\Temp\Cookies\UHUX59IY.txt 0 bytes
File C:\Windows\Temp\Cookies\KXMO9HII.txt 825 bytes
File C:\Windows\Temp\Cookies\J6YAVRNJ.txt 2959 bytes
File C:\Windows\Temp\Cookies\R4CD5PLG.txt 285 bytes
File C:\Windows\Temp\Cookies\35E83E3X.txt 141 bytes
File C:\Windows\Temp\Cookies\392GY4WJ.txt 111 bytes
File C:\Windows\Temp\Cookies\3AS7VIPX.txt 211 bytes
File C:\Windows\Temp\Cookies\SSVJQJFJ.txt 0 bytes
File C:\Windows\Temp\Cookies\LFLSC8NP.txt 559 bytes
File C:\Windows\Temp\Cookies\76M0PI2D.txt 321 bytes
File C:\Windows\Temp\Cookies\KISZYK17.txt 92 bytes
File C:\Windows\Temp\Cookies\4Z1NTSX7.txt 0 bytes
File C:\Windows\Temp\Cookies\LW6X05VK.txt 185 bytes
File C:\Windows\Temp\Cookies\6DY04C9D.txt 167 bytes
File C:\Windows\Temp\Cookies\2HHHZC21.txt 97 bytes

---- EOF - GMER 1.0.15 ----


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Pete at 14:23:14 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2139 [GMT -4:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
StartupFolder: C:\Users\Pete\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\241636B6F46666963656 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\242555E4F4 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\2656C6B696E6E2633323 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\36570723 : DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.71.230 68.87.73.246
TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\C4F62756E6A7F63775966496 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\C4F62756E6A7F6377596649623 : DhcpNameServer = 192.168.1.1 71.243.0.12
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b7d2pwi9.default\
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-21 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120321.001_a07\IDSviA64.sys [2012-3-22 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-9-25 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-8-15 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-8-15 55296]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe [2012-3-8 138232]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-16 138360]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-22 18:00:07 20480 ------w- C:\Windows\svchost.exe
2012-03-22 17:14:11 -------- d-----w- C:\Users\Pete\AppData\Roaming\Malwarebytes
2012-03-22 17:14:01 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-22 17:14:00 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-22 17:14:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-11 15:36:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-03-11 15:33:15 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5960.tmp
2012-03-11 15:33:15 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\595F.tmp
2012-03-08 22:47:16 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symnets.sys
2012-03-08 22:47:14 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306010.008\symds64.sys
2012-03-08 22:47:14 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtspx64.sys
2012-03-08 22:47:14 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symefa64.sys
2012-03-08 22:47:13 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtsp64.sys
2012-03-08 22:47:13 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ironx64.sys
2012-03-08 22:47:13 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ccsetx64.sys
2012-03-08 22:46:06 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306010.008
.
==================== Find3M ====================
.
2012-03-08 22:47:25 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 14:25:21.75 ===============

.
 
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/25/2009 12:09:19 AM
System Uptime: 3/22/2012 1:58:04 PM (1 hours ago)
.
Motherboard: Quanta | | 306B
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 86.524 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.037 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP557: 3/11/2012 3:39:16 PM - Scheduled Checkpoint
RP558: 3/16/2012 10:14:27 AM - Windows Update
RP559: 3/18/2012 9:42:58 AM - Windows Update
RP560: 3/18/2012 11:22:16 PM - Windows Update
RP561: 3/19/2012 6:44:58 AM - Windows Update
RP562: 3/19/2012 8:46:12 PM - Windows Update
RP563: 3/21/2012 11:11:23 AM - Windows Update
RP564: 3/22/2012 9:15:10 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Activate Norton Online Backup
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Apple Application Support
Apple Software Update
Belkin Setup and Router Monitor
Bing Bar
Choice Guard
Cisco Network Magic
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.0.0.9
CyberLink DVD Suite
CyberLink YouCam
Dropbox
File Type Assistant
Free File Viewer 2011
Hewlett-Packard ACLM.NET v1.1.1.0
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP DVD Play 3.7
HP Games
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing
HP Support Assistant
HP Update
HP User Guides 0148
HP Wireless Assistant
IDT Audio
InstallIQ Updater
Itibiti RTC
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Live Search Toolbar
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
Network Magic
NOOK for PC
Norton Internet Security
Power2Go
PowerDirector
PowerRecover
Pure Networks Platform
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Video Mover
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinZip 14.0
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/22/2012 9:28:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
3/22/2012 9:07:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
3/22/2012 9:05:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c96f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032212-70902-01.
3/22/2012 9:04:46 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
3/22/2012 9:04:46 AM, Error: SRTSP [4] - Error loading virus definitions.
3/22/2012 2:05:25 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
3/21/2012 12:32:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cae03a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-46051-01.
3/21/2012 12:29:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000be (0xfffff88001af62cc, 0x15900000041c1121, 0xfffff88003e759a0, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-46145-01.
3/21/2012 12:27:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
3/21/2012 12:27:13 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/21/2012 12:27:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
3/21/2012 12:25:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002c5903a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-46394-01.
3/21/2012 12:21:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000600dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c58f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-47892-01.
3/21/2012 12:15:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000e920, 0xffffffffc000000e, 0x0000000082d98860, 0xfffff88001d241bc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-61277-01.
3/21/2012 10:53:15 PM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
3/19/2012 8:38:59 PM, Error: Service Control Manager [7022] - The Pure Networks Platform Service service hung on starting.
3/19/2012 8:31:04 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
3/18/2012 5:27:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff88006064a45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-66269-01.
3/18/2012 4:40:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000883, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c52f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-51776-01.
3/18/2012 4:29:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fb03fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-50232-01.
3/18/2012 4:26:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
3/18/2012 4:26:43 PM, Error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2012 4:23:56 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
3/18/2012 11:21:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2667402).
3/18/2012 11:21:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2665364).
3/18/2012 11:21:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2641653).
3/18/2012 11:21:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2621440).
3/18/2012 11:20:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002c6103a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-59093-01.
3/18/2012 11:14:17 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c94f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-47034-01.
3/18/2012 11:13:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AffinegyService service to connect.
3/18/2012 11:13:17 PM, Error: Service Control Manager [7000] - The AffinegyService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2012 11:12:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c5af95, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-111634-01.
3/18/2012 11:10:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c59f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-50450-01.
3/18/2012 11:07:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cb303a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-81869-01.
3/18/2012 11:05:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca2f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-48204-01.
3/18/2012 11:03:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c4cf95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-59327-01.
3/18/2012 11:01:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000070000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca8f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-47205-01.
3/18/2012 10:57:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca0f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-52650-01.
3/18/2012 10:56:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.
3/18/2012 10:52:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/18/2012 10:52:29 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2012 10:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/18/2012 10:51:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fefdd9a, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cabf95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-47751-01.
3/18/2012 10:41:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c52f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-87188-01.
3/18/2012 10:38:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
3/18/2012 10:35:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000400c001c, 0x0000000000000002, 0x0000000000000000, 0xfffff80002c8f756). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-71838-01.
3/18/2012 10:26:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fca3fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-68624-01.
3/18/2012 10:17:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002c6203a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-66160-01.
3/18/2012 10:13:42 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c9cf95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-69966-01.
3/18/2012 10:09:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002ca703a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-72166-01.
3/16/2012 10:40:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff88006091a45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031612-107469-01.
3/16/2012 10:32:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2641653).
3/16/2012 10:29:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).
3/16/2012 10:29:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2665364).
3/16/2012 10:21:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2621440).
3/15/2012 9:38:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/15/2012 6:49:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

====================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
ASW & Bookit Scans

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 09:08:21
-----------------------------
09:08:21.532 OS Version: Windows x64 6.1.7600
09:08:21.532 Number of processors: 2 586 0x170A
09:08:21.532 ComputerName: PETE-PC UserName: Pete
09:08:25.626 Initialize success
09:12:57.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:12:57.527 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
09:12:57.527 Device \Driver\atapi -> MajorFunction fffffa80054df5c4
09:12:57.537 Disk 0 MBR read successfully
09:12:57.537 Disk 0 MBR scan
09:12:57.537 Disk 0 TDL4@MBR code has been found
09:12:57.547 Disk 0 MBR hidden
09:12:57.567 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
09:12:57.617 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292632 MB offset 409600
09:12:57.687 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12412 MB offset 599719936
09:12:57.697 Disk 0 MBR [TDL4] **ROOTKIT**
09:12:57.707 Disk 0 trace - called modules:
09:12:57.707 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80054df5c4]<<
09:12:57.717 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5a060]
09:12:57.727 3 CLASSPNP.SYS[fffff8800110a43f] -> nt!IofCallDriver -> [0xfffffa80047ea1e0]
09:12:57.727 5 ACPI.sys[fffff88000f63781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800480a060]
09:12:57.737 \Driver\atapi[0xfffffa80054f08f0] -> IRP_MJ_CREATE -> 0xfffffa80054df5c4
09:12:57.747 Scan finished successfully
09:13:38.587 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
09:13:38.587 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"



Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller Pt. 1

14:48:32.0118 8472 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
14:48:34.0134 8472 ============================================================
14:48:34.0134 8472 Current date / time: 2012/03/23 14:48:34.0134
14:48:34.0134 8472 SystemInfo:
14:48:34.0134 8472
14:48:34.0134 8472 OS Version: 6.1.7600 ServicePack: 0.0
14:48:34.0134 8472 Product type: Workstation
14:48:34.0134 8472 ComputerName: PETE-PC
14:48:34.0134 8472 UserName: Pete
14:48:34.0134 8472 Windows directory: C:\Windows
14:48:34.0134 8472 System windows directory: C:\Windows
14:48:34.0134 8472 Running under WOW64
14:48:34.0134 8472 Processor architecture: Intel x64
14:48:34.0134 8472 Number of processors: 2
14:48:34.0134 8472 Page size: 0x1000
14:48:34.0134 8472 Boot type: Normal boot
14:48:34.0134 8472 ============================================================
14:48:37.0454 8472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:48:37.0464 8472 \Device\Harddisk0\DR0:
14:48:37.0464 8472 MBR used
14:48:37.0464 8472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
14:48:37.0464 8472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23B8C000
14:48:37.0464 8472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23BF0000, BlocksNum 0x183E000
14:48:37.0656 8472 Initialize success
14:48:37.0656 8472 ============================================================
14:48:48.0652 6324 ============================================================
14:48:48.0652 6324 Scan started
14:48:48.0652 6324 Mode: Manual;
14:48:48.0652 6324 ============================================================
14:48:50.0754 6324 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:48:50.0774 6324 1394ohci - ok
14:48:50.0854 6324 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:48:50.0864 6324 ACPI - ok
14:48:50.0904 6324 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:48:50.0924 6324 AcpiPmi - ok
14:48:51.0004 6324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:48:51.0014 6324 adp94xx - ok
14:48:51.0084 6324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:48:51.0084 6324 adpahci - ok
14:48:51.0114 6324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:48:51.0114 6324 adpu320 - ok
14:48:51.0154 6324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:48:51.0164 6324 AeLookupSvc - ok
14:48:51.0254 6324 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
14:48:51.0254 6324 AESTFilters - ok
14:48:51.0334 6324 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:48:51.0344 6324 AFD - ok
14:48:51.0544 6324 AffinegyService (7f1130830b3ba85921519a5616e29803) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
14:48:51.0554 6324 AffinegyService - ok
14:48:51.0644 6324 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
14:48:51.0644 6324 AgereModemAudio - ok
14:48:51.0744 6324 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
14:48:51.0784 6324 AgereSoftModem - ok
14:48:52.0034 6324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:48:52.0034 6324 agp440 - ok
14:48:52.0094 6324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:48:52.0094 6324 ALG - ok
14:48:52.0144 6324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:48:52.0144 6324 aliide - ok
14:48:52.0164 6324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:48:52.0164 6324 amdide - ok
14:48:52.0224 6324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:48:52.0224 6324 AmdK8 - ok
14:48:52.0234 6324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:48:52.0244 6324 AmdPPM - ok
14:48:52.0314 6324 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:48:52.0314 6324 amdsata - ok
14:48:52.0344 6324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:48:52.0354 6324 amdsbs - ok
14:48:52.0394 6324 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:48:52.0394 6324 amdxata - ok
14:48:52.0474 6324 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:48:52.0494 6324 AppID - ok
14:48:52.0554 6324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:48:52.0574 6324 AppIDSvc - ok
14:48:52.0604 6324 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:48:52.0604 6324 Appinfo - ok
14:48:52.0744 6324 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:48:52.0744 6324 Apple Mobile Device - ok
14:48:52.0854 6324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:48:52.0864 6324 arc - ok
14:48:52.0874 6324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:48:52.0884 6324 arcsas - ok
14:48:52.0944 6324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:48:52.0944 6324 AsyncMac - ok
14:48:52.0964 6324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:48:52.0964 6324 atapi - ok
14:48:53.0034 6324 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:48:53.0044 6324 AudioEndpointBuilder - ok
14:48:53.0054 6324 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:48:53.0054 6324 AudioSrv - ok
14:48:53.0116 6324 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:48:53.0116 6324 AxInstSV - ok
14:48:53.0186 6324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:48:53.0186 6324 b06bdrv - ok
14:48:53.0256 6324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:48:53.0256 6324 b57nd60a - ok
14:48:53.0456 6324 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
14:48:53.0456 6324 BBSvc - ok
14:48:53.0526 6324 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
14:48:53.0536 6324 BBUpdate - ok
14:48:53.0626 6324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:48:53.0636 6324 BDESVC - ok
14:48:53.0716 6324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:48:53.0726 6324 Beep - ok
14:48:53.0876 6324 Belkin Local Backup Service (299e54db3638a18e47bd3a2d2ef499f7) C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
14:48:53.0876 6324 Belkin Local Backup Service - ok
14:48:53.0926 6324 Belkin Network USB Helper (e62a04d615a8cac83601e1f07c010d3c) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
14:48:53.0926 6324 Belkin Network USB Helper - ok
14:48:54.0016 6324 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
14:48:54.0026 6324 BFE - ok
14:48:54.0276 6324 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
14:48:54.0296 6324 BHDrvx64 - ok
14:48:54.0396 6324 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
14:48:54.0416 6324 BITS - ok
14:48:54.0476 6324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:48:54.0486 6324 blbdrive - ok
14:48:54.0646 6324 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:48:54.0646 6324 Bonjour Service - ok
14:48:54.0706 6324 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:48:54.0726 6324 bowser - ok
14:48:54.0756 6324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:48:54.0756 6324 BrFiltLo - ok
14:48:54.0776 6324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:48:54.0786 6324 BrFiltUp - ok
14:48:54.0816 6324 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:48:54.0816 6324 Browser - ok
14:48:54.0856 6324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:48:54.0866 6324 Brserid - ok
14:48:54.0886 6324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:48:54.0886 6324 BrSerWdm - ok
14:48:54.0906 6324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:48:54.0906 6324 BrUsbMdm - ok
14:48:54.0926 6324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:48:54.0926 6324 BrUsbSer - ok
14:48:54.0956 6324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:48:54.0956 6324 BTHMODEM - ok
14:48:54.0976 6324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:48:54.0976 6324 bthserv - ok
14:48:55.0116 6324 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys
14:48:55.0126 6324 ccSet_NIS - ok
14:48:55.0196 6324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:48:55.0196 6324 cdfs - ok
14:48:55.0266 6324 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:48:55.0266 6324 cdrom - ok
14:48:55.0346 6324 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:48:55.0346 6324 CertPropSvc - ok
14:48:55.0366 6324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:48:55.0366 6324 circlass - ok
14:48:55.0396 6324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:48:55.0406 6324 CLFS - ok
14:48:55.0476 6324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:48:55.0486 6324 clr_optimization_v2.0.50727_32 - ok
14:48:55.0546 6324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:48:55.0546 6324 clr_optimization_v2.0.50727_64 - ok
14:48:55.0696 6324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:48:55.0716 6324 clr_optimization_v4.0.30319_32 - ok
14:48:55.0756 6324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:48:55.0766 6324 clr_optimization_v4.0.30319_64 - ok
14:48:55.0866 6324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:48:55.0866 6324 CmBatt - ok
14:48:55.0886 6324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:48:55.0886 6324 cmdide - ok
14:48:55.0946 6324 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
14:48:55.0966 6324 CNG - ok
14:48:56.0026 6324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:48:56.0036 6324 Compbatt - ok
14:48:56.0096 6324 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:48:56.0096 6324 CompositeBus - ok
14:48:56.0126 6324 COMSysApp - ok
14:48:56.0156 6324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:48:56.0156 6324 crcdisk - ok
14:48:56.0216 6324 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
14:48:56.0216 6324 CryptSvc - ok
14:48:56.0276 6324 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:48:56.0276 6324 DcomLaunch - ok
14:48:56.0316 6324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:48:56.0326 6324 defragsvc - ok
14:48:56.0376 6324 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:48:56.0376 6324 DfsC - ok
14:48:56.0436 6324 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:48:56.0436 6324 Dhcp - ok
14:48:56.0466 6324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:48:56.0486 6324 discache - ok
14:48:56.0556 6324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:48:56.0556 6324 Disk - ok
14:48:56.0626 6324 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:48:56.0626 6324 Dnscache - ok
14:48:56.0686 6324 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:48:56.0696 6324 dot3svc - ok
14:48:56.0736 6324 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:48:56.0736 6324 DPS - ok
14:48:56.0796 6324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:48:56.0796 6324 drmkaud - ok
14:48:56.0886 6324 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:48:56.0896 6324 DXGKrnl - ok
14:48:56.0976 6324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:48:56.0976 6324 EapHost - ok
14:48:57.0126 6324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:48:57.0166 6324 ebdrv - ok
14:48:57.0266 6324 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:48:57.0276 6324 eeCtrl - ok
14:48:57.0366 6324 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:48:57.0366 6324 EFS - ok
14:48:57.0456 6324 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:48:57.0466 6324 ehRecvr - ok
14:48:57.0506 6324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:48:57.0526 6324 ehSched - ok
14:48:57.0606 6324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:48:57.0616 6324 elxstor - ok
14:48:57.0746 6324 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:48:57.0746 6324 EraserUtilRebootDrv - ok
14:48:57.0776 6324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:48:57.0776 6324 ErrDev - ok
14:48:57.0856 6324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:48:57.0856 6324 EventSystem - ok
14:48:57.0896 6324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:48:57.0896 6324 exfat - ok
14:48:57.0926 6324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:48:57.0926 6324 fastfat - ok
14:48:57.0986 6324 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:48:57.0996 6324 Fax - ok
14:48:58.0026 6324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:48:58.0026 6324 fdc - ok
14:48:58.0056 6324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:48:58.0056 6324 fdPHost - ok
14:48:58.0076 6324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:48:58.0096 6324 FDResPub - ok
14:48:58.0126 6324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:48:58.0126 6324 FileInfo - ok
14:48:58.0136 6324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:48:58.0136 6324 Filetrace - ok
14:48:58.0176 6324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:48:58.0176 6324 flpydisk - ok
14:48:58.0246 6324 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:48:58.0246 6324 FltMgr - ok
14:48:58.0326 6324 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
14:48:58.0336 6324 FontCache - ok
14:48:58.0426 6324 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:48:58.0426 6324 FontCache3.0.0.0 - ok
14:48:58.0506 6324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:48:58.0506 6324 FsDepends - ok
14:48:58.0526 6324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:48:58.0526 6324 Fs_Rec - ok
14:48:58.0586 6324 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:48:58.0596 6324 fvevol - ok
14:48:58.0656 6324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:48:58.0656 6324 gagp30kx - ok
14:48:58.0766 6324 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:48:58.0776 6324 GameConsoleService - ok
14:48:58.0826 6324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:48:58.0836 6324 GEARAspiWDM - ok
14:48:58.0886 6324 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:48:58.0906 6324 gpsvc - ok
14:48:58.0946 6324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:48:58.0946 6324 hcw85cir - ok
14:48:59.0006 6324 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:48:59.0016 6324 HdAudAddService - ok
14:48:59.0076 6324 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:48:59.0096 6324 HDAudBus - ok
14:48:59.0126 6324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:48:59.0136 6324 HidBatt - ok
14:48:59.0166 6324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:48:59.0186 6324 HidBth - ok
14:48:59.0226 6324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:48:59.0226 6324 HidIr - ok
14:48:59.0356 6324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:48:59.0356 6324 hidserv - ok
14:48:59.0426 6324 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:48:59.0456 6324 HidUsb - ok
14:48:59.0496 6324 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:48:59.0496 6324 hkmsvc - ok
14:48:59.0516 6324 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:48:59.0526 6324 HomeGroupListener - ok
14:48:59.0556 6324 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:48:59.0556 6324 HomeGroupProvider - ok
14:48:59.0716 6324 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:48:59.0716 6324 HP Support Assistant Service - ok
14:48:59.0816 6324 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:48:59.0816 6324 HPDrvMntSvc.exe - ok
14:48:59.0916 6324 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:48:59.0916 6324 HpqKbFiltr - ok
14:48:59.0976 6324 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
 
TDSSKiller Pt.2

14:48:59.0986 6324 hpqwmiex - ok
14:49:00.0056 6324 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:49:00.0056 6324 HpSAMD - ok
14:49:00.0156 6324 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:49:00.0166 6324 HTTP - ok
14:49:00.0186 6324 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:49:00.0186 6324 hwpolicy - ok
14:49:00.0276 6324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:49:00.0276 6324 i8042prt - ok
14:49:00.0366 6324 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:49:00.0386 6324 iaStorV - ok
14:49:00.0516 6324 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:49:00.0526 6324 idsvc - ok
14:49:00.0756 6324 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120321.001_a07\IDSvia64.sys
14:49:00.0766 6324 IDSVia64 - ok
14:49:01.0066 6324 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:49:01.0218 6324 igfx - ok
14:49:01.0348 6324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:49:01.0348 6324 iirsp - ok
14:49:01.0398 6324 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:49:01.0408 6324 IKEEXT - ok
14:49:01.0498 6324 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
14:49:01.0498 6324 IntcHdmiAddService - ok
14:49:01.0518 6324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:49:01.0518 6324 intelide - ok
14:49:01.0578 6324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:49:01.0578 6324 intelppm - ok
14:49:01.0588 6324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:49:01.0598 6324 IPBusEnum - ok
14:49:01.0618 6324 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:49:01.0628 6324 IpFilterDriver - ok
14:49:01.0668 6324 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:49:01.0678 6324 iphlpsvc - ok
14:49:01.0698 6324 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:49:01.0708 6324 IPMIDRV - ok
14:49:01.0718 6324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:49:01.0718 6324 IPNAT - ok
14:49:01.0788 6324 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
14:49:01.0808 6324 iPod Service - ok
14:49:01.0858 6324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:49:01.0858 6324 IRENUM - ok
14:49:01.0898 6324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:49:01.0898 6324 isapnp - ok
14:49:01.0928 6324 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:49:01.0928 6324 iScsiPrt - ok
14:49:01.0978 6324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:49:01.0988 6324 kbdclass - ok
14:49:02.0038 6324 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:49:02.0038 6324 kbdhid - ok
14:49:02.0088 6324 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:49:02.0108 6324 KeyIso - ok
14:49:02.0128 6324 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
14:49:02.0168 6324 KSecDD - ok
14:49:02.0198 6324 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
14:49:02.0208 6324 KSecPkg - ok
14:49:02.0238 6324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:49:02.0238 6324 ksthunk - ok
14:49:02.0278 6324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:49:02.0288 6324 KtmRm - ok
14:49:02.0378 6324 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
14:49:02.0398 6324 LanmanServer - ok
14:49:02.0440 6324 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:49:02.0440 6324 LanmanWorkstation - ok
14:49:02.0792 6324 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:49:02.0792 6324 LightScribeService - ok
14:49:02.0882 6324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:49:02.0892 6324 lltdio - ok
14:49:02.0941 6324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:49:02.0947 6324 lltdsvc - ok
14:49:02.0969 6324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:49:02.0971 6324 lmhosts - ok
14:49:03.0034 6324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:49:03.0054 6324 LSI_FC - ok
14:49:03.0084 6324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:49:03.0094 6324 LSI_SAS - ok
14:49:03.0104 6324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:49:03.0115 6324 LSI_SAS2 - ok
14:49:03.0148 6324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:49:03.0151 6324 LSI_SCSI - ok
14:49:03.0266 6324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:49:03.0269 6324 luafv - ok
14:49:03.0386 6324 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:49:03.0416 6324 Mcx2Svc - ok
14:49:03.0456 6324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:49:03.0456 6324 megasas - ok
14:49:03.0496 6324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:49:03.0506 6324 MegaSR - ok
14:49:03.0566 6324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:49:03.0566 6324 MMCSS - ok
14:49:03.0606 6324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:49:03.0606 6324 Modem - ok
14:49:03.0656 6324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:49:03.0656 6324 monitor - ok
14:49:03.0726 6324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:49:03.0726 6324 mouclass - ok
14:49:03.0786 6324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:49:03.0786 6324 mouhid - ok
14:49:03.0806 6324 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:49:03.0806 6324 mountmgr - ok
14:49:03.0886 6324 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:49:03.0886 6324 mpio - ok
14:49:03.0941 6324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:49:03.0943 6324 mpsdrv - ok
14:49:03.0978 6324 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
14:49:03.0998 6324 MpsSvc - ok
14:49:04.0018 6324 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:49:04.0018 6324 MRxDAV - ok
14:49:04.0068 6324 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:49:04.0068 6324 mrxsmb - ok
14:49:04.0158 6324 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:49:04.0188 6324 mrxsmb10 - ok
14:49:04.0218 6324 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:49:04.0218 6324 mrxsmb20 - ok
14:49:04.0248 6324 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:49:04.0248 6324 msahci - ok
14:49:04.0298 6324 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:49:04.0298 6324 msdsm - ok
14:49:04.0328 6324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:49:04.0328 6324 MSDTC - ok
14:49:04.0398 6324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:49:04.0408 6324 Msfs - ok
14:49:04.0438 6324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:49:04.0438 6324 mshidkmdf - ok
14:49:04.0448 6324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:49:04.0448 6324 msisadrv - ok
14:49:04.0528 6324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:49:04.0538 6324 MSiSCSI - ok
14:49:04.0548 6324 msiserver - ok
14:49:04.0618 6324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:49:04.0628 6324 MSKSSRV - ok
14:49:04.0668 6324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:49:04.0668 6324 MSPCLOCK - ok
14:49:04.0678 6324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:49:04.0678 6324 MSPQM - ok
14:49:04.0728 6324 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:49:04.0738 6324 MsRPC - ok
14:49:04.0768 6324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:49:04.0768 6324 mssmbios - ok
14:49:04.0778 6324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:49:04.0778 6324 MSTEE - ok
14:49:04.0838 6324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:49:04.0838 6324 MTConfig - ok
14:49:04.0888 6324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:49:04.0898 6324 Mup - ok
14:49:04.0928 6324 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:49:04.0938 6324 napagent - ok
14:49:05.0008 6324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:49:05.0028 6324 NativeWifiP - ok
14:49:05.0208 6324 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120322.003\ENG64.SYS
14:49:05.0208 6324 NAVENG - ok
14:49:05.0298 6324 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120322.003\EX64.SYS
14:49:05.0328 6324 NAVEX15 - ok
14:49:05.0448 6324 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:49:05.0468 6324 NDIS - ok
14:49:05.0518 6324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:49:05.0548 6324 NdisCap - ok
14:49:05.0588 6324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:49:05.0588 6324 NdisTapi - ok
14:49:05.0638 6324 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:49:05.0638 6324 Ndisuio - ok
14:49:05.0658 6324 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:49:05.0668 6324 NdisWan - ok
14:49:05.0688 6324 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:49:05.0698 6324 NDProxy - ok
14:49:05.0708 6324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:49:05.0708 6324 NetBIOS - ok
14:49:05.0748 6324 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:49:05.0748 6324 NetBT - ok
14:49:05.0798 6324 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:49:05.0798 6324 Netlogon - ok
14:49:05.0878 6324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:49:05.0878 6324 Netman - ok
14:49:05.0908 6324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:49:05.0918 6324 netprofm - ok
14:49:06.0008 6324 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:49:06.0008 6324 NetTcpPortSharing - ok
14:49:06.0278 6324 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
14:49:06.0438 6324 NETw1v64 - ok
14:49:06.0758 6324 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
14:49:06.0918 6324 NETw5s64 - ok
14:49:07.0168 6324 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
14:49:07.0328 6324 netw5v64 - ok
14:49:07.0728 6324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:49:07.0738 6324 nfrd960 - ok
14:49:07.0898 6324 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
14:49:07.0908 6324 NIS - ok
14:49:07.0968 6324 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:49:07.0968 6324 NlaSvc - ok
14:49:08.0108 6324 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
14:49:08.0118 6324 nmservice - ok
14:49:08.0168 6324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:49:08.0168 6324 Npfs - ok
14:49:08.0198 6324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:49:08.0198 6324 nsi - ok
14:49:08.0208 6324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:49:08.0208 6324 nsiproxy - ok
14:49:08.0308 6324 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:49:08.0358 6324 Ntfs - ok
14:49:08.0388 6324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:49:08.0388 6324 Null - ok
14:49:08.0468 6324 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:49:08.0468 6324 nvraid - ok
14:49:08.0528 6324 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:49:08.0538 6324 nvstor - ok
14:49:08.0588 6324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:49:08.0588 6324 nv_agp - ok
14:49:08.0618 6324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:49:08.0618 6324 ohci1394 - ok
14:49:08.0728 6324 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:49:08.0728 6324 ose - ok
14:49:08.0788 6324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:49:08.0798 6324 p2pimsvc - ok
14:49:08.0838 6324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:49:08.0868 6324 p2psvc - ok
14:49:08.0938 6324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:49:08.0938 6324 Parport - ok
14:49:08.0968 6324 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:49:08.0968 6324 partmgr - ok
14:49:08.0998 6324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:49:08.0998 6324 PcaSvc - ok
14:49:09.0048 6324 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:49:09.0048 6324 pci - ok
14:49:09.0068 6324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:49:09.0068 6324 pciide - ok
14:49:09.0088 6324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:49:09.0088 6324 pcmcia - ok
14:49:09.0178 6324 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
14:49:09.0188 6324 pcouffin - ok
14:49:09.0228 6324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:49:09.0258 6324 pcw - ok
14:49:09.0308 6324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:49:09.0338 6324 PEAUTH - ok
14:49:09.0408 6324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:49:09.0408 6324 PerfHost - ok
14:49:09.0598 6324 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:49:09.0628 6324 pla - ok
14:49:09.0698 6324 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:49:09.0708 6324 PlugPlay - ok
14:49:09.0808 6324 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
14:49:09.0808 6324 pnarp - ok
14:49:09.0848 6324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:49:09.0848 6324 PNRPAutoReg - ok
14:49:09.0868 6324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:49:09.0868 6324 PNRPsvc - ok
14:49:09.0918 6324 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:49:09.0918 6324 PolicyAgent - ok
14:49:09.0948 6324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:49:09.0958 6324 Power - ok
14:49:10.0048 6324 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:49:10.0078 6324 PptpMiniport - ok
14:49:10.0128 6324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:49:10.0128 6324 Processor - ok
14:49:10.0198 6324 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
14:49:10.0208 6324 ProfSvc - ok
14:49:10.0248 6324 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:49:10.0258 6324 ProtectedStorage - ok
14:49:10.0318 6324 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:49:10.0318 6324 Psched - ok
14:49:10.0408 6324 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
14:49:10.0408 6324 purendis - ok
14:49:10.0478 6324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:49:10.0508 6324 ql2300 - ok
14:49:10.0528 6324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:49:10.0538 6324 ql40xx - ok
14:49:10.0580 6324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:49:10.0580 6324 QWAVE - ok
14:49:10.0620 6324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:49:10.0620 6324 QWAVEdrv - ok
14:49:10.0680 6324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:49:10.0680 6324 RasAcd - ok
14:49:10.0760 6324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:49:10.0770 6324 RasAgileVpn - ok
14:49:10.0790 6324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:49:10.0800 6324 RasAuto - ok
14:49:10.0820 6324 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:49:10.0820 6324 Rasl2tp - ok
14:49:10.0870 6324 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:49:10.0880 6324 RasMan - ok
14:49:10.0920 6324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:49:10.0920 6324 RasPppoe - ok
14:49:10.0960 6324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:49:10.0960 6324 RasSstp - ok
14:49:11.0000 6324 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:49:11.0010 6324 rdbss - ok
14:49:11.0050 6324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:49:11.0050 6324 rdpbus - ok
14:49:11.0080 6324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:49:11.0080 6324 RDPCDD - ok
14:49:11.0190 6324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:49:11.0190 6324 RDPENCDD - ok
14:49:11.0210 6324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:49:11.0210 6324 RDPREFMP - ok
14:49:11.0270 6324 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:49:11.0280 6324 RDPWD - ok
14:49:11.0340 6324 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:49:11.0340 6324 rdyboost - ok
14:49:11.0370 6324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:49:11.0380 6324 RemoteAccess - ok
14:49:11.0410 6324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:49:11.0430 6324 RemoteRegistry - ok
14:49:11.0560 6324 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
14:49:11.0560 6324 RichVideo - ok
14:49:11.0702 6324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:49:11.0712 6324 RpcEptMapper - ok
14:49:11.0732 6324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:49:11.0732 6324 RpcLocator - ok
14:49:11.0802 6324 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:49:11.0812 6324 RpcSs - ok
14:49:11.0892 6324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:49:11.0902 6324 rspndr - ok
14:49:11.0942 6324 RSUSBSTOR - ok
14:49:11.0992 6324 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:49:11.0992 6324 RTL8167 - ok
14:49:12.0032 6324 RtsUIR - ok
14:49:12.0072 6324 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:49:12.0072 6324 SamSs - ok
14:49:12.0122 6324 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:49:12.0142 6324 sbp2port - ok
14:49:12.0192 6324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:49:12.0202 6324 SCardSvr - ok
14:49:12.0232 6324 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:49:12.0242 6324 scfilter - ok
14:49:12.0332 6324 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:49:12.0352 6324 Schedule - ok
14:49:12.0392 6324 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:49:12.0392 6324 SCPolicySvc - ok
14:49:12.0422 6324 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
14:49:12.0422 6324 sdbus - ok
14:49:12.0472 6324 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:49:12.0472 6324 SDRSVC - ok
14:49:12.0522 6324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:49:12.0532 6324 secdrv - ok
14:49:12.0542 6324 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:49:12.0542 6324 seclogon - ok
14:49:12.0562 6324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:49:12.0562 6324 SENS - ok
14:49:12.0612 6324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:49:12.0642 6324 SensrSvc - ok
14:49:12.0682 6324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:49:12.0682 6324 Serenum - ok
14:49:12.0722 6324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:49:12.0812 6324 Serial - ok
14:49:12.0872 6324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:49:12.0872 6324 sermouse - ok
14:49:12.0912 6324 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:49:12.0912 6324 SessionEnv - ok
14:49:12.0942 6324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:49:12.0952 6324 sffdisk - ok
14:49:12.0962 6324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:49:12.0972 6324 sffp_mmc - ok
14:49:12.0982 6324 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:49:12.0982 6324 sffp_sd - ok
14:49:13.0000 6324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:49:13.0001 6324 sfloppy - ok
14:49:13.0064 6324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:49:13.0074 6324 SharedAccess - ok
14:49:13.0104 6324 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:49:13.0114 6324 ShellHWDetection - ok
14:49:13.0174 6324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:49:13.0184 6324 SiSRaid2 - ok
14:49:13.0274 6324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:49:13.0274 6324 SiSRaid4 - ok
14:49:13.0334 6324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:49:13.0334 6324 Smb - ok
14:49:13.0404 6324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:49:13.0404 6324 SNMPTRAP - ok
14:49:13.0424 6324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:49:13.0434 6324 spldr - ok
14:49:13.0494 6324 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:49:13.0504 6324 Spooler - ok
14:49:13.0604 6324 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:49:13.0674 6324 sppsvc - ok
14:49:13.0774 6324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:49:13.0774 6324 sppuinotify - ok
14:49:13.0944 6324 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306010.008\SRTSP64.SYS
14:49:13.0954 6324 SRTSP - ok
14:49:13.0984 6324 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306010.008\SRTSPX64.SYS
14:49:14.0004 6324 SRTSPX - ok
14:49:14.0054 6324 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:49:14.0054 6324 srv - ok
14:49:14.0084 6324 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:49:14.0114 6324 srv2 - ok
14:49:14.0194 6324 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:49:14.0194 6324 SrvHsfHDA - ok
14:49:14.0264 6324 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:49:14.0284 6324 SrvHsfV92 - ok
14:49:14.0314 6324 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:49:14.0324 6324 SrvHsfWinac - ok
14:49:14.0384 6324 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:49:14.0404 6324 srvnet - ok
14:49:14.0594 6324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:49:14.0594 6324 SSDPSRV - ok
14:49:14.0614 6324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:49:14.0624 6324 SstpSvc - ok
14:49:14.0724 6324 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
14:49:14.0724 6324 STacSV - ok
14:49:14.0764 6324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:49:14.0764 6324 stexstor - ok
14:49:14.0854 6324 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
14:49:14.0864 6324 STHDA - ok
14:49:14.0934 6324 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:49:14.0944 6324 stisvc - ok
14:49:14.0974 6324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:49:14.0974 6324 swenum - ok
14:49:15.0024 6324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:49:15.0034 6324 swprv - ok
14:49:15.0094 6324 sxuptp (52eb25bd8ab4e331028c48b178441b36) C:\Windows\system32\DRIVERS\sxuptp.sys
14:49:15.0094 6324 sxuptp - ok
14:49:15.0244 6324 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS
14:49:15.0254 6324 SymDS - ok
14:49:15.0324 6324 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS
14:49:15.0344 6324 SymEFA - ok
14:49:15.0474 6324 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:49:15.0474 6324 SymEvent - ok
14:49:15.0524 6324 SYMFW - ok
14:49:15.0574 6324 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS
14:49:15.0574 6324 SymIRON - ok
14:49:15.0594 6324 SYMNDISV - ok
14:49:15.0674 6324 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS
14:49:15.0684 6324 SymNetS - ok
14:49:15.0734 6324 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
14:49:15.0754 6324 SynTP - ok
14:49:15.0874 6324 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:49:15.0894 6324 SysMain - ok
14:49:15.0914 6324 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:49:15.0914 6324 TabletInputService - ok
14:49:15.0934 6324 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:49:15.0944 6324 TapiSrv - ok
14:49:15.0954 6324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:49:15.0954 6324 TBS - ok
14:49:16.0094 6324 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
14:49:16.0114 6324 Tcpip - ok
14:49:16.0174 6324 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
14:49:16.0184 6324 TCPIP6 - ok
14:49:16.0314 6324 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:49:16.0324 6324 tcpipreg - ok
14:49:16.0384 6324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:49:16.0404 6324 TDPIPE - ok
14:49:16.0454 6324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:49:16.0464 6324 TDTCP - ok
14:49:16.0524 6324 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:49:16.0544 6324 tdx - ok
14:49:16.0584 6324 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:49:16.0584 6324 TermDD - ok
14:49:16.0644 6324 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:49:16.0654 6324 TermService - ok
14:49:16.0684 6324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:49:16.0694 6324 Themes - ok
14:49:16.0724 6324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:49:16.0724 6324 THREADORDER - ok
14:49:16.0754 6324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:49:16.0764 6324 TrkWks - ok
14:49:16.0824 6324 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:49:16.0824 6324 TrustedInstaller - ok
14:49:16.0894 6324 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:49:16.0894 6324 tssecsrv - ok
14:49:16.0964 6324 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:49:16.0964 6324 tunnel - ok
14:49:17.0004 6324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:49:17.0014 6324 uagp35 - ok
14:49:17.0054 6324 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:49:17.0054 6324 udfs - ok
14:49:17.0124 6324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:49:17.0134 6324 UI0Detect - ok
14:49:17.0174 6324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:49:17.0174 6324 uliagpkx - ok
14:49:17.0234 6324 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:49:17.0234 6324 umbus - ok
14:49:17.0264 6324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:49:17.0264 6324 UmPass - ok
14:49:17.0304 6324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:49:17.0304 6324 upnphost - ok
14:49:17.0384 6324 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
14:49:17.0386 6324 USBAAPL64 - ok
14:49:17.0436 6324 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:49:17.0436 6324 usbccgp - ok
14:49:17.0446 6324 USBCCID - ok
14:49:17.0536 6324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:49:17.0546 6324 usbcir - ok
14:49:17.0576 6324 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:49:17.0576 6324 usbehci - ok
14:49:17.0656 6324 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:49:17.0656 6324 usbhub - ok
14:49:17.0757 6324 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
14:49:17.0760 6324 usbohci - ok
14:49:17.0828 6324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:49:17.0828 6324 usbprint - ok
14:49:17.0888 6324 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
14:49:17.0888 6324 USBSTOR - ok
14:49:17.0928 6324 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:49:17.0938 6324 usbuhci - ok
14:49:17.0978 6324 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
14:49:17.0978 6324 usbvideo - ok
14:49:18.0018 6324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:49:18.0018 6324 UxSms - ok
14:49:18.0058 6324 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:49:18.0068 6324 VaultSvc - ok
14:49:18.0148 6324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:49:18.0178 6324 vdrvroot - ok
14:49:18.0228 6324 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:49:18.0238 6324 vds - ok
14:49:18.0278 6324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:49:18.0278 6324 vga - ok
14:49:18.0298 6324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:49:18.0308 6324 VgaSave - ok
14:49:18.0428 6324 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:49:18.0458 6324 vhdmp - ok
14:49:18.0508 6324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:49:18.0508 6324 viaide - ok
14:49:18.0558 6324 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:49:18.0558 6324 volmgr - ok
14:49:18.0598 6324 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:49:18.0608 6324 volmgrx - ok
14:49:18.0648 6324 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:49:18.0658 6324 volsnap - ok
14:49:18.0758 6324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:49:18.0768 6324 vsmraid - ok
14:49:18.0888 6324 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:49:18.0918 6324 VSS - ok
14:49:18.0961 6324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:49:18.0963 6324 vwifibus - ok
14:49:18.0980 6324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:49:18.0980 6324 vwififlt - ok
14:49:19.0050 6324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:49:19.0060 6324 vwifimp - ok
14:49:19.0120 6324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:49:19.0120 6324 W32Time - ok
14:49:19.0160 6324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:49:19.0160 6324 WacomPen - ok
14:49:19.0250 6324 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:49:19.0260 6324 WANARP - ok
14:49:19.0260 6324 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:49:19.0260 6324 Wanarpv6 - ok
14:49:19.0350 6324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:49:19.0370 6324 WatAdminSvc - ok
14:49:19.0420 6324 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:49:19.0480 6324 wbengine - ok
14:49:19.0510 6324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:49:19.0520 6324 WbioSrvc - ok
14:49:19.0570 6324 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:49:19.0580 6324 wcncsvc - ok
14:49:19.0590 6324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:49:19.0590 6324 WcsPlugInService - ok
14:49:19.0650 6324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:49:19.0660 6324 Wd - ok
14:49:19.0731 6324 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
14:49:19.0733 6324 WDC_SAM - ok
14:49:19.0852 6324 WDDMService (fa24fbe15a8036387ecc013d06094f3d) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:49:19.0862 6324 WDDMService - ok
14:49:19.0902 6324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:49:19.0902 6324 Wdf01000 - ok
14:49:19.0942 6324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:49:19.0942 6324 WdiServiceHost - ok
14:49:19.0952 6324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:49:19.0952 6324 WdiSystemHost - ok
14:49:20.0062 6324 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
14:49:20.0072 6324 WDSmartWareBackgroundService - ok
14:49:20.0122 6324 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:49:20.0132 6324 WebClient - ok
14:49:20.0162 6324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:49:20.0162 6324 Wecsvc - ok
14:49:20.0192 6324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:49:20.0202 6324 wercplsupport - ok
14:49:20.0262 6324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:49:20.0262 6324 WerSvc - ok
14:49:20.0392 6324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:49:20.0392 6324 WfpLwf - ok
14:49:20.0412 6324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:49:20.0412 6324 WIMMount - ok
14:49:20.0452 6324 WinDefend - ok
14:49:20.0462 6324 WinHttpAutoProxySvc - ok
14:49:20.0542 6324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:49:20.0542 6324 Winmgmt - ok
14:49:20.0632 6324 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:49:20.0672 6324 WinRM - ok
14:49:20.0792 6324 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
14:49:20.0792 6324 WinUsb - ok
14:49:20.0912 6324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:49:20.0922 6324 Wlansvc - ok
14:49:21.0002 6324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:49:21.0002 6324 WmiAcpi - ok
14:49:21.0072 6324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:49:21.0072 6324 wmiApSrv - ok
14:49:21.0132 6324 WMPNetworkSvc - ok
14:49:21.0162 6324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:49:21.0172 6324 WPCSvc - ok
14:49:21.0202 6324 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:49:21.0202 6324 WPDBusEnum - ok
14:49:21.0252 6324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:49:21.0262 6324 ws2ifsl - ok
14:49:21.0312 6324 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
14:49:21.0322 6324 wscsvc - ok
14:49:21.0332 6324 WSearch - ok
14:49:21.0432 6324 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
14:49:21.0462 6324 wuauserv - ok
14:49:21.0532 6324 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:49:21.0532 6324 WudfPf - ok
14:49:21.0592 6324 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:49:21.0602 6324 WUDFRd - ok
14:49:21.0662 6324 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:49:21.0662 6324 wudfsvc - ok
14:49:21.0682 6324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:49:21.0692 6324 WwanSvc - ok
14:49:21.0832 6324 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:49:21.0842 6324 YahooAUService - ok
14:49:21.0954 6324 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
14:49:21.0964 6324 yukonw7 - ok
14:49:21.0994 6324 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0
14:49:22.0014 6324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:49:22.0014 6324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:49:22.0044 6324 Boot (0x1200) (225aa7a6ba6831578e38239923fa9a38) \Device\Harddisk0\DR0\Partition0
14:49:22.0044 6324 \Device\Harddisk0\DR0\Partition0 - ok
14:49:22.0064 6324 Boot (0x1200) (8654605c2d41b796c55d16a20c52a0bf) \Device\Harddisk0\DR0\Partition1
14:49:22.0064 6324 \Device\Harddisk0\DR0\Partition1 - ok
14:49:22.0094 6324 Boot (0x1200) (297054cc668050dae986b12ed9c0112e) \Device\Harddisk0\DR0\Partition2
14:49:22.0094 6324 \Device\Harddisk0\DR0\Partition2 - ok
14:49:22.0094 6324 ============================================================
14:49:22.0094 6324 Scan finished
14:49:22.0094 6324 ============================================================
14:49:22.0114 1676 Detected object count: 1
14:49:22.0114 1676 Actual detected object count: 1
14:49:42.0428 1676 \Device\Harddisk0\DR0\# - copied to quarantine
14:49:42.0428 1676 \Device\Harddisk0\DR0 - copied to quarantine
14:49:42.0504 1676 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:49:42.0504 1676 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:49:42.0504 1676 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:49:42.0514 1676 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:49:42.0524 1676 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:49:42.0534 1676 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:49:42.0534 1676 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:49:42.0534 1676 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:49:42.0534 1676 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:49:42.0544 1676 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:49:42.0544 1676 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:49:42.0544 1676 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:49:42.0564 1676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:49:42.0564 1676 \Device\Harddisk0\DR0 - ok
14:49:45.0034 1676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:50:11.0859 9072 Deinitialize success
 
New aswMBR log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 23:28:31
-----------------------------
23:28:31.588 OS Version: Windows x64 6.1.7600
23:28:31.588 Number of processors: 2 586 0x170A
23:28:31.588 ComputerName: PETE-PC UserName: Pete
23:28:33.585 Initialize success
23:32:33.477 AVAST engine defs: 12032302
23:33:57.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:33:57.889 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
23:33:57.905 Disk 0 MBR read successfully
23:33:57.905 Disk 0 MBR scan
23:33:57.920 Disk 0 unknown MBR code
23:33:57.936 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:33:57.951 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292632 MB offset 409600
23:33:57.983 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12412 MB offset 599719936
23:33:58.029 Disk 0 scanning C:\Windows\system32\drivers
23:34:09.324 Service scanning
23:34:37.201 Modules scanning
23:34:37.201 Disk 0 trace - called modules:
23:34:37.248 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:34:37.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c78060]
23:34:37.763 3 CLASSPNP.SYS[fffff8800106b43f] -> nt!IofCallDriver -> [0xfffffa80046e91e0]
23:34:37.778 5 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004709060]
23:34:39.369 AVAST engine scan C:\Windows
23:34:43.160 AVAST engine scan C:\Windows\system32
23:38:00.516 AVAST engine scan C:\Windows\system32\drivers
23:38:16.007 AVAST engine scan C:\Users\Pete
23:58:43.252 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
23:58:43.267 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR2.txt"
 
Good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
COMPLETE aswMBR

Oops, apparently it wasn't done scanning when I posted it the first time. This is the complete scan. Should I continue with the ComboFix download? Thanks again.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 23:28:31
-----------------------------
23:28:31.588 OS Version: Windows x64 6.1.7600
23:28:31.588 Number of processors: 2 586 0x170A
23:28:31.588 ComputerName: PETE-PC UserName: Pete
23:28:33.585 Initialize success
23:32:33.477 AVAST engine defs: 12032302
23:33:57.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:33:57.889 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
23:33:57.905 Disk 0 MBR read successfully
23:33:57.905 Disk 0 MBR scan
23:33:57.920 Disk 0 unknown MBR code
23:33:57.936 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:33:57.951 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292632 MB offset 409600
23:33:57.983 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12412 MB offset 599719936
23:33:58.029 Disk 0 scanning C:\Windows\system32\drivers
23:34:09.324 Service scanning
23:34:37.201 Modules scanning
23:34:37.201 Disk 0 trace - called modules:
23:34:37.248 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:34:37.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c78060]
23:34:37.763 3 CLASSPNP.SYS[fffff8800106b43f] -> nt!IofCallDriver -> [0xfffffa80046e91e0]
23:34:37.778 5 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004709060]
23:34:39.369 AVAST engine scan C:\Windows
23:34:43.160 AVAST engine scan C:\Windows\system32
23:38:00.516 AVAST engine scan C:\Windows\system32\drivers
23:38:16.007 AVAST engine scan C:\Users\Pete
23:58:43.252 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
23:58:43.267 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR2.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 23:28:31
-----------------------------
23:28:31.588 OS Version: Windows x64 6.1.7600
23:28:31.588 Number of processors: 2 586 0x170A
23:28:31.588 ComputerName: PETE-PC UserName: Pete
23:28:33.585 Initialize success
23:32:33.477 AVAST engine defs: 12032302
23:33:57.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:33:57.889 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
23:33:57.905 Disk 0 MBR read successfully
23:33:57.905 Disk 0 MBR scan
23:33:57.920 Disk 0 unknown MBR code
23:33:57.936 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:33:57.951 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292632 MB offset 409600
23:33:57.983 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12412 MB offset 599719936
23:33:58.029 Disk 0 scanning C:\Windows\system32\drivers
23:34:09.324 Service scanning
23:34:37.201 Modules scanning
23:34:37.201 Disk 0 trace - called modules:
23:34:37.248 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:34:37.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c78060]
23:34:37.763 3 CLASSPNP.SYS[fffff8800106b43f] -> nt!IofCallDriver -> [0xfffffa80046e91e0]
23:34:37.778 5 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004709060]
23:34:39.369 AVAST engine scan C:\Windows
23:34:43.160 AVAST engine scan C:\Windows\system32
23:38:00.516 AVAST engine scan C:\Windows\system32\drivers
23:38:16.007 AVAST engine scan C:\Users\Pete
23:58:43.252 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
23:58:43.267 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR2.txt"
00:01:17.388 File: C:\Users\Pete\AppData\Local\Temp\iqu_bootstrap.exe **INFECTED** Win32:Adware-gen [Adw]
00:24:01.523 AVAST engine scan C:\ProgramData
00:25:07.075 File: C:\ProgramData\Microsoft\Windows\DRM\595F.tmp **INFECTED** Win32:Malware-gen
00:25:07.153 File: C:\ProgramData\Microsoft\Windows\DRM\5960.tmp **INFECTED** Win32:Malware-gen
00:28:01.514 Scan finished successfully
00:28:40.904 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
00:28:40.951 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR2.txt"
 
ComboFix Scan Results

ComboFix 12-03-22.01 - Pete 03/24/2012 22:01:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2240 [GMT -4:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pete\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Pete\AppData\Roaming\inst.exe
c:\users\Pete\AppData\Roaming\vso_ts_preview.xml
c:\users\Pete\Documents\~WRL0004.tmp
c:\users\Pete\Documents\~WRL0172.tmp
c:\users\Pete\Documents\~WRL0739.tmp
c:\users\Pete\Documents\~WRL1266.tmp
c:\users\Pete\Documents\~WRL1610.tmp
c:\users\Pete\Documents\~WRL1731.tmp
c:\users\Pete\Documents\~WRL1906.tmp
c:\users\Pete\Documents\~WRL1933.tmp
c:\users\Pete\Documents\~WRL1981.tmp
c:\users\Pete\Documents\~WRL2037.tmp
c:\users\Pete\Documents\~WRL2442.tmp
c:\users\Pete\Documents\~WRL2940.tmp
c:\users\Pete\Documents\~WRL3228.tmp
c:\users\Pete\Documents\~WRL3234.tmp
c:\users\Pete\Documents\~WRL3301.tmp
c:\windows\svchost.exe
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-23 19:12 . 2012-03-24 14:26 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-23 18:49 . 2012-03-23 18:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\users\Pete\AppData\Roaming\Malwarebytes
2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\programdata\Malwarebytes
2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-22 17:14 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 13:25 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-22 13:25 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-22 13:25 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-22 13:25 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-22 13:25 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-22 13:25 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-22 13:25 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-22 13:25 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-22 13:25 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-22 13:25 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-22 13:25 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-22 13:24 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-22 13:24 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-22 13:24 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-22 13:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-22 13:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-22 13:22 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 13:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 12:29 . 2012-03-13 12:29 -------- d-----w- c:\windows\Sun
2012-03-11 15:36 . 2012-03-11 15:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-03-11 15:33 . 2012-03-11 15:33 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5960.tmp
2012-03-11 15:33 . 2012-03-11 15:33 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\595F.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 19:13 . 2009-12-25 05:15 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-04 09:58 . 2012-02-15 17:13 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 17:13 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 17:13 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 17:13 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 17:13 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-16 138360]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-21 19:24]
.
2012-03-11 c:\windows\Tasks\HPCeeScheduleForPete.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-11 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-11 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-11 365592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b7d2pwi9.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe
Notify-WgaLogon - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
.
**************************************************************************
.
Completion time: 2012-03-24 22:32:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 02:32
.
Pre-Run: 107,554,312,192 bytes free
Post-Run: 111,143,747,584 bytes free
.
- - End Of File - - 25E55025CE2E09B9B602FE8E2CA856AB
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\programdata\Microsoft\Windows\DRM\595F.tmp
c:\programdata\Microsoft\Windows\DRM\5960.tmp

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix Problem

I disabled both the Norton Smart Firewall and Anti-virus Auto Protect and when I try to run ComboFix a screen pops up saying that Norton Internet Security is still active. Should I still run ComboFix? Thanks.
 
ComboFix Text

ComboFix 12-03-22.01 - Pete 03/25/2012 14:05:09.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2459 [GMT -4:00]
Running from: c:\users\Pete\Downloads\ComboFix.exe
Command switches used :: c:\users\Pete\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\595F.tmp"
"c:\programdata\Microsoft\Windows\DRM\5960.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\595F.tmp
c:\programdata\Microsoft\Windows\DRM\5960.tmp
c:\users\Pete\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 18:16 . 2012-03-25 18:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-25 18:16 . 2012-03-25 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 19:12 . 2012-03-24 14:26 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-23 18:49 . 2012-03-23 18:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\users\Pete\AppData\Roaming\Malwarebytes
2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\programdata\Malwarebytes
2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-22 17:14 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 13:25 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-22 13:25 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-22 13:25 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-22 13:25 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-22 13:25 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-22 13:25 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-22 13:25 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-22 13:25 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-22 13:25 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-22 13:25 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-22 13:25 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-22 13:24 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-22 13:24 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-22 13:24 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-22 13:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-22 13:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-22 13:22 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-22 13:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 12:29 . 2012-03-13 12:29 -------- d-----w- c:\windows\Sun
2012-03-11 15:36 . 2012-03-11 15:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 19:13 . 2009-12-25 05:15 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-04 09:58 . 2012-02-15 17:13 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-15 17:13 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-03 06:24 . 2012-02-15 17:13 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-01-03 05:44 . 2012-02-15 17:13 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 17:13 499200 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-25_02.24.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-03-25 18:20 64284 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-26 04:03 . 2012-03-25 18:20 18006 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1916331481-360642775-170214888-1000_UserData.bin
+ 2012-03-25 18:18 . 2012-03-25 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-25 02:22 . 2012-03-25 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-25 18:18 . 2012-03-25 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-25 02:22 . 2012-03-25 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-27 23:40 . 2012-03-25 16:39 279722 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-03-25 02:21 301888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-25 18:17 301888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-18 14:00 . 2012-03-25 18:17 302656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1916331481-360642775-170214888-1000-8192.dat
- 2012-03-18 14:00 . 2012-03-25 02:21 302656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1916331481-360642775-170214888-1000-8192.dat
+ 2012-03-18 14:00 . 2012-03-25 18:17 7586404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1916331481-360642775-170214888-1000-4096.dat
- 2009-07-14 02:34 . 2012-03-25 01:59 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-25 13:10 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-16 138360]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-21 19:24]
.
2012-03-11 c:\windows\Tasks\HPCeeScheduleForPete.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-11 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-11 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-11 365592]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b7d2pwi9.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
.
**************************************************************************
.
Completion time: 2012-03-25 14:40:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 18:40
ComboFix2.txt 2012-03-25 02:33
.
Pre-Run: 111,411,621,888 bytes free
Post-Run: 111,047,184,384 bytes free
.
- - End Of File - - 1249891514A0B92945D35B81D3B481A3
 
Looks good :)

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Scan Pt. 1

I am now able to use google without being redirect to another site. When I completed the OTL scan, I did not get an Extras text. Thank you for the help!

OTL logfile created on: 3/25/2012 4:29:26 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Pete\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 55.92% Memory free
7.81 Gb Paging File | 6.12 Gb Available in Paging File | 78.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.77 Gb Total Space | 104.64 Gb Free Space | 36.62% Space Free | Partition Type: NTFS
Drive D: | 12.12 Gb Total Space | 2.04 Gb Free Space | 16.80% Space Free | Partition Type: NTFS

Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/25 15:28:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe
PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe
PRC - [2011/08/09 17:02:04 | 001,176,064 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/11 18:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2010/06/17 19:59:39 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
PRC - [2009/04/07 17:37:30 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/04/07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/02/22 11:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 11:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 11:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/04/07 16:39:32 | 000,394,752 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/04/07 16:39:32 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/17 18:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV:64bit: - [2009/10/14 15:31:44 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/23 15:13:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/01/17 18:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/01/17 18:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/01/17 18:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/01/17 18:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/01/17 18:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/07/25 22:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/03/04 19:55:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/02/11 14:56:09 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010/02/11 14:56:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/20 19:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:64bit: - [2009/07/14 19:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/22 16:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/07 16:33:08 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/04/07 16:33:06 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/02/13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/03/25 08:59:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120324.019\ex64.sys -- (NAVEX15)
DRV - [2012/03/25 08:59:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120324.019\eng64.sys -- (NAVENG)
DRV - [2012/03/15 03:28:52 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120323.002\IDSviA64.sys -- (IDSVia64)
DRV - [2012/03/02 14:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/02/16 14:25:14 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/04 23:37:14 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE:64bit: - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/15 03:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/03/22 12:55:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/03/25 14:21:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/17 08:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/25 09:01:00 | 000,000,000 | ---D | M]

[2010/06/17 19:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
[2012/03/21 12:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b7d2pwi9.default\extensions
[2011/10/24 22:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/08/15 03:00:31 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN

O1 HOSTS File: ([2012/03/25 14:18:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-1916331481-360642775-170214888-1000..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1916331481-360642775-170214888-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1916331481-360642775-170214888-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/25 14:40:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/25 14:18:53 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/24 21:59:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/24 21:59:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/24 21:59:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/24 21:59:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/24 21:54:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/23 14:49:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/22 13:14:11 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Roaming\Malwarebytes
[2012/03/22 13:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/22 13:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/22 13:14:00 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/22 13:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/13 08:29:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/11 11:36:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

========== Files - Modified Within 30 Days ==========

[2012/03/25 15:29:08 | 000,013,193 | ---- | M] () -- C:\Users\Pete\Desktop\OTL - Shortcut.lnk
[2012/03/25 14:27:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 14:27:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/25 14:19:13 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/03/25 14:18:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/25 14:18:35 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/03/25 14:18:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/25 14:18:07 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/25 13:54:33 | 000,013,328 | ---- | M] () -- C:\Users\Pete\Desktop\ComboFix - Shortcut.lnk
[2012/03/24 10:28:01 | 000,002,420 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/03/24 10:27:22 | 002,073,028 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB
[2012/03/24 10:27:00 | 852,618,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/24 00:28:40 | 000,000,512 | ---- | M] () -- C:\Users\Pete\Desktop\MBR.dat
[2012/03/23 15:13:18 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/23 15:13:18 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/23 15:13:18 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/23 14:54:52 | 000,340,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/23 14:48:09 | 002,047,211 | ---- | M] () -- C:\Users\Pete\Desktop\tdsskiller.zip
[2012/03/23 09:19:58 | 000,044,607 | ---- | M] () -- C:\Users\Pete\Desktop\bootkit_remover.zip
[2012/03/22 14:13:30 | 000,302,592 | ---- | M] () -- C:\Users\Pete\Desktop\Gamer.exe
[2012/03/22 14:06:26 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/22 14:06:26 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/22 14:06:26 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/22 13:14:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/21 17:51:03 | 000,013,132 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\wklnhst.dat
[2012/03/20 00:26:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\isolate.ini
[2012/03/16 15:09:03 | 000,000,993 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/16 15:09:02 | 000,001,013 | ---- | M] () -- C:\Users\Pete\Desktop\Dropbox.lnk
[2012/03/16 15:06:23 | 000,001,437 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/16 10:29:26 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/03/16 10:26:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/16 10:26:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/13 09:58:04 | 000,111,616 | ---- | M] () -- C:\Users\Pete\Documents\HalloweenTrivia.wps
[2012/03/11 11:35:37 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
[2012/02/27 15:28:33 | 000,047,601 | ---- | M] () -- C:\Users\Pete\Documents\resume12.rtf

========== Files Created - No Company Name ==========

[2012/03/25 15:29:07 | 000,013,193 | ---- | C] () -- C:\Users\Pete\Desktop\OTL - Shortcut.lnk
[2012/03/25 13:54:32 | 000,013,328 | ---- | C] () -- C:\Users\Pete\Desktop\ComboFix - Shortcut.lnk
[2012/03/24 21:59:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/24 21:59:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/24 21:59:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/24 21:59:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/24 21:59:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/23 14:46:38 | 002,047,211 | ---- | C] () -- C:\Users\Pete\Desktop\tdsskiller.zip
[2012/03/23 09:19:58 | 000,044,607 | ---- | C] () -- C:\Users\Pete\Desktop\bootkit_remover.zip
[2012/03/23 09:13:38 | 000,000,512 | ---- | C] () -- C:\Users\Pete\Desktop\MBR.dat
[2012/03/22 14:13:30 | 000,302,592 | ---- | C] () -- C:\Users\Pete\Desktop\Gamer.exe
[2012/03/22 13:14:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/16 10:29:26 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/03/16 10:26:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/16 10:26:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/27 15:28:33 | 000,047,601 | ---- | C] () -- C:\Users\Pete\Documents\resume12.rtf
[2011/03/18 22:35:31 | 000,001,854 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\GhostObjGAFix.xml
[2010/08/25 12:31:29 | 000,007,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 08:41:16 | 000,667,136 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2010/08/03 08:41:15 | 000,414,208 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe
[2010/08/03 08:41:15 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll

========== LOP Check ==========

[2011/08/03 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Barnes & Noble
[2011/11/07 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/25 14:19:37 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Dropbox
[2012/03/22 12:55:13 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\FreeFileViewer
[2010/01/04 13:18:22 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Template
[2012/03/16 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\uTorrent
[2010/03/11 01:32:33 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Vso
[2009/12/30 00:01:29 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Western Digital
[2012/03/25 14:18:35 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2011/08/11 10:52:28 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2012/03/25 14:40:28 | 000,023,450 | ---- | M] () -- C:\ComboFix.txt
[2011/06/17 23:16:19 | 000,001,854 | ---- | M] () -- C:\GhostObjGAFix.xml
[2012/03/25 14:18:07 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/11 15:13:01 | 000,000,087 | ---- | M] () -- C:\hpqlb.log
[2012/03/25 14:18:16 | 4193,177,600 | -HS- | M] () -- C:\pagefile.sys
[2012/03/23 14:50:11 | 000,133,010 | ---- | M] () -- C:\TDSSKiller.2.7.22.0_23.03.2012_14.48.32_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 16:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/02/06 22:03:18 | 000,307,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2011/09/04 13:33:43 | 000,001,718 | -HS- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\LastFlashConfig.wfc

< %PROGRAMFILES%\*.* >
[2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/16 15:06:23 | 000,000,221 | -HS- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/22 14:13:30 | 000,302,592 | ---- | M] () -- C:\Users\Pete\Desktop\Gamer.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/25 14:18:35 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/03/11 11:35:37 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
[2012/03/25 14:18:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/08/11 10:52:28 | 000,032,610 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/19 15:05:35 | 000,000,402 | -HS- | M] () -- C:\Users\Pete\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/03/25 14:19:13 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/03/24 14:26:44 | 000,000,188 | ---- | M] () -- C:\ProgramData\HPWALog.txt
[2009/09/25 04:47:48 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/08/15 02:50:03 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/09/25 04:47:11 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/08/15 02:45:25 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/09/25 04:46:31 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/09/25 04:47:33 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/08/15 02:43:54 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/08/15 02:49:34 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/09/25 04:47:57 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
OTL Scan Pt. 2

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

====================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL Scan

Continue with the remaining scans?

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1916331481-360642775-170214888-1000\Software\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Pete
->Temp folder emptied: 361635 bytes
->Temporary Internet Files folder emptied: 196937239 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 82768052 bytes
->Flash cache emptied: 309306 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78352 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 267.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Pete
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Pete
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03252012_172334

Files\Folders moved on Reboot...
C:\Users\Pete\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOKZJEX4\dpsync[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOKZJEX4\dpsync[2].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOKZJEX4\dpsync[3].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOKZJEX4\xd_proxy[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6RINIGX\comments[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6RINIGX\EditMessageLight[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6RINIGX\getAds[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6RINIGX\RteFrame_16.2.4514.0219[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VQTQ05R3\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VQTQ05R3\InboxLight[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VQTQ05R3\Messenger[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V8R9IREA\xmlProxy[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\01[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\1332710324[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\index[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\PugTracker[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\tweet_button.1332442903[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MEFT9QD1\acb[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F7J0OGSR\LocalStorage[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJNZ9MX7\resourcespreload[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJNZ9MX7\topic179047-2[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B0CJA223\adloader[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7EN10A6U\resourcespreload[2].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7EN10A6U\tim-tebow-jets-mark-sanchez-press-conference[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7EN10A6U\tt[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4Z1KKNLW\fastbutton[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4Z1KKNLW\like[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZL8HFUN\WebIMPop[1].htm moved successfully.
C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
 
Remaining Scans

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Java(TM) 6 Update 31
Adobe Flash Player ( 10.1.53.64) Flash Player Out of Date!
Mozilla Firefox (3.6.3) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````


Farbar Service Scanner Version: 01-03-2012
Ran by Pete (administrator) on 25-03-2012 at 20:09:05
Running from "C:\Users\Pete\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 13:13] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\595F.tmp.vir Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\5960.tmp.vir Win64/Olmarik.AD trojan cleaned by deleting - quarantined
 
Back