Google redirect virus/ask the crew

Solved
By pmaffe03
Mar 22, 2012
  1. Have followed the steps for the Preliminary Spyware Removal. Here are the results. Thank you in advance..fingers crossed!

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.22.03

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Pete :: PETE-PC [administrator]

    3/22/2012 1:15:26 PM
    mbam-log-2012-03-22 (13-15-26).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 269775
    Time elapsed: 37 minute(s), 59 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 2488 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Windows\Temp\0.24179367839262145 (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    C:\Windows\Temp\0.4194024586671121 (Exploit.Drop.9) -> Quarantined and deleted successfully.
    C:\Windows\Temp\0.7664116825612824 (Exploit.Drop.9) -> Quarantined and deleted successfully.

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-22 21:47:05
    Windows 6.1.7600
    Running: Gamer.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B0CJA223\load[2].js 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6ETZLY6H\navcancl[2] 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6ETZLY6H\info_48[2] 4113 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6W14BVPA\data_sync[2].htm 26 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6W14BVPA\search[1].htm 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6W14BVPA\iframe3[2].htm 916 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\6W14BVPA\KonaGet[1].js 1282 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\ptj[2].js 188 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\pixel[1].js 906 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\pixel[2].js 906 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\get[2].png 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\01[2].htm 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\74OI1N7I\logCA1AEABP.txt 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\beacon[6].htm 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\beacon[7].htm 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\freq[3].htm 395 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\screenhunter_01_jan._30_11.57[1].jpg 7686 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\screenhunter_31_dec._28_11.20[1].jpg 9266 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\olsen-superga-shoies[1].jpg 7888 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\ddcCAYA8BMY.htm 11861 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\vdaygiftsforwomen-main[1].jpg 7385 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\robert-p-010511-8[1].jpg 4871 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\robert-pattinson-011611a-4[1].jpg 4689 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\sddefault[2].jpg 21429 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\blanc-12612-story[1].jpg 6065 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\ajs[9].js 2172 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\adview[2].htm 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\iframe3[6].htm 641 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\ST2EFVYL\eventCAX2HB5S.js 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\service[3].htm 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\main[2].css 52602 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\vehiclenav_input[1].gif 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\data[3].htm 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\03.1.gif[1].gif 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\topSafety[1].gif 3425 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\WP66U38Z\toyota_care_cars[1].jpg 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\fastbutton[5].htm 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\fastbutton[6].htm 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\ping[4].gif 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\logCANGL9TG.txt 0 bytes
    File C:\Windows\Temp\Temporary Internet Files\Content.IE5\EHYSVJUW\logCAWQ44QQ.txt 0 bytes
    File C:\Windows\Temp\Cookies\SRDFL8B3.txt 0 bytes
    File C:\Windows\Temp\Cookies\HQCORV63.txt 0 bytes
    File C:\Windows\Temp\Cookies\ID63S76U.txt 0 bytes
    File C:\Windows\Temp\Cookies\7JLG7OVW.txt 0 bytes
    File C:\Windows\Temp\Cookies\UZ60CNSH.txt 0 bytes
    File C:\Windows\Temp\Cookies\UZHBW3Q6.txt 0 bytes
    File C:\Windows\Temp\Cookies\5MNTNHQQ.txt 455 bytes
    File C:\Windows\Temp\Cookies\3WV7BS0V.txt 10612 bytes
    File C:\Windows\Temp\Cookies\IGGWQBDT.txt 0 bytes
    File C:\Windows\Temp\Cookies\M5C650PE.txt 0 bytes
    File C:\Windows\Temp\Cookies\68LI30ID.txt 167 bytes
    File C:\Windows\Temp\Cookies\2M3ITDTQ.txt 0 bytes
    File C:\Windows\Temp\Cookies\NYRMDN93.txt 766 bytes
    File C:\Windows\Temp\Cookies\84C62LF6.txt 0 bytes
    File C:\Windows\Temp\Cookies\0M1M8A48.txt 328 bytes
    File C:\Windows\Temp\Cookies\UHUX59IY.txt 0 bytes
    File C:\Windows\Temp\Cookies\KXMO9HII.txt 825 bytes
    File C:\Windows\Temp\Cookies\J6YAVRNJ.txt 2959 bytes
    File C:\Windows\Temp\Cookies\R4CD5PLG.txt 285 bytes
    File C:\Windows\Temp\Cookies\35E83E3X.txt 141 bytes
    File C:\Windows\Temp\Cookies\392GY4WJ.txt 111 bytes
    File C:\Windows\Temp\Cookies\3AS7VIPX.txt 211 bytes
    File C:\Windows\Temp\Cookies\SSVJQJFJ.txt 0 bytes
    File C:\Windows\Temp\Cookies\LFLSC8NP.txt 559 bytes
    File C:\Windows\Temp\Cookies\76M0PI2D.txt 321 bytes
    File C:\Windows\Temp\Cookies\KISZYK17.txt 92 bytes
    File C:\Windows\Temp\Cookies\4Z1NTSX7.txt 0 bytes
    File C:\Windows\Temp\Cookies\LW6X05VK.txt 185 bytes
    File C:\Windows\Temp\Cookies\6DY04C9D.txt 167 bytes
    File C:\Windows\Temp\Cookies\2HHHZC21.txt 97 bytes

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Pete at 14:23:14 on 2012-03-22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2139 [GMT -4:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\HP\QuickPlay\QPService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
    mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
    StartupFolder: C:\Users\Pete\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    uPolicies-system: WallpaperStyle = 2
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\241636B6F46666963656 : DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\242555E4F4 : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\2656C6B696E6E2633323 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\36570723 : DhcpNameServer = 68.87.71.230 68.87.73.246
    TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\4497E65687 : DhcpNameServer = 192.168.2.1 68.87.71.230 68.87.73.246
    TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\C4F62756E6A7F63775966496 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}\C4F62756E6A7F6377596649623 : DhcpNameServer = 192.168.1.1 71.243.0.12
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO-X64: HelloWorldBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b7d2pwi9.default\
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
    FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-21 1157240]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120321.001_a07\IDSviA64.sys [2012-3-22 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306010.008\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-9-25 89600]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-8-15 181760]
    R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2011-8-15 55296]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccsvchst.exe [2012-3-8 138232]
    R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-16 138360]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 sxuptp;SXUPTP Driver;C:\Windows\system32\DRIVERS\sxuptp.sys --> C:\Windows\system32\DRIVERS\sxuptp.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-22 18:00:07 20480 ------w- C:\Windows\svchost.exe
    2012-03-22 17:14:11 -------- d-----w- C:\Users\Pete\AppData\Roaming\Malwarebytes
    2012-03-22 17:14:01 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-22 17:14:00 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-22 17:14:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-11 15:36:59 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-03-11 15:33:15 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5960.tmp
    2012-03-11 15:33:15 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\595F.tmp
    2012-03-08 22:47:16 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symnets.sys
    2012-03-08 22:47:14 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306010.008\symds64.sys
    2012-03-08 22:47:14 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtspx64.sys
    2012-03-08 22:47:14 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\symefa64.sys
    2012-03-08 22:47:13 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\srtsp64.sys
    2012-03-08 22:47:13 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ironx64.sys
    2012-03-08 22:47:13 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306010.008\ccsetx64.sys
    2012-03-08 22:46:06 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306010.008
    .
    ==================== Find3M ====================
    .
    2012-03-08 22:47:25 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 14:25:21.75 ===============

    .
  2. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/25/2009 12:09:19 AM
    System Uptime: 3/22/2012 1:58:04 PM (1 hours ago)
    .
    Motherboard: Quanta | | 306B
    Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | CPU | 2200/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 86.524 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 2.037 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP557: 3/11/2012 3:39:16 PM - Scheduled Checkpoint
    RP558: 3/16/2012 10:14:27 AM - Windows Update
    RP559: 3/18/2012 9:42:58 AM - Windows Update
    RP560: 3/18/2012 11:22:16 PM - Windows Update
    RP561: 3/19/2012 6:44:58 AM - Windows Update
    RP562: 3/19/2012 8:46:12 PM - Windows Update
    RP563: 3/21/2012 11:11:23 AM - Windows Update
    RP564: 3/22/2012 9:15:10 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    Acrobat.com
    Activate Norton Online Backup
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.1 MUI
    Apple Application Support
    Apple Software Update
    Belkin Setup and Router Monitor
    Bing Bar
    Choice Guard
    Cisco Network Magic
    Compatibility Pack for the 2007 Office system
    ConvertXtoDVD 3.0.0.9
    CyberLink DVD Suite
    CyberLink YouCam
    Dropbox
    File Type Assistant
    Free File Viewer 2011
    Hewlett-Packard ACLM.NET v1.1.1.0
    Homepage Protection
    HP Advisor
    HP Customer Experience Enhancements
    HP DVD Play 3.7
    HP Games
    HP Quick Launch Buttons
    HP Setup
    HP Smart Web Printing
    HP Support Assistant
    HP Update
    HP User Guides 0148
    HP Wireless Assistant
    IDT Audio
    InstallIQ Updater
    Itibiti RTC
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft Live Search Toolbar
    Microsoft Office Standard Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox (3.6.3)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    Network Magic
    NOOK for PC
    Norton Internet Security
    Power2Go
    PowerDirector
    PowerRecover
    Pure Networks Platform
    QLBCASL
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Video Mover
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinZip 14.0
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/22/2012 9:28:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2639308).
    3/22/2012 9:07:07 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
    3/22/2012 9:05:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c96f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032212-70902-01.
    3/22/2012 9:04:46 AM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
    3/22/2012 9:04:46 AM, Error: SRTSP [4] - Error loading virus definitions.
    3/22/2012 2:05:25 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    3/21/2012 12:32:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cae03a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-46051-01.
    3/21/2012 12:29:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000be (0xfffff88001af62cc, 0x15900000041c1121, 0xfffff88003e759a0, 0x000000000000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-46145-01.
    3/21/2012 12:27:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
    3/21/2012 12:27:13 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/21/2012 12:27:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
    3/21/2012 12:25:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002c5903a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-46394-01.
    3/21/2012 12:21:34 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000600dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c58f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-47892-01.
    3/21/2012 12:15:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff6fc4000e920, 0xffffffffc000000e, 0x0000000082d98860, 0xfffff88001d241bc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 032112-61277-01.
    3/21/2012 10:53:15 PM, Error: Service Control Manager [7034] - The Pure Networks Platform Service service terminated unexpectedly. It has done this 1 time(s).
    3/19/2012 8:38:59 PM, Error: Service Control Manager [7022] - The Pure Networks Platform Service service hung on starting.
    3/19/2012 8:31:04 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    3/18/2012 5:27:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff88006064a45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-66269-01.
    3/18/2012 4:40:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000883, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c52f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-51776-01.
    3/18/2012 4:29:54 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fb03fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-50232-01.
    3/18/2012 4:26:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.
    3/18/2012 4:26:43 PM, Error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/18/2012 4:23:56 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    3/18/2012 11:21:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2667402).
    3/18/2012 11:21:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2665364).
    3/18/2012 11:21:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2641653).
    3/18/2012 11:21:36 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 for x64-based Systems (KB2621440).
    3/18/2012 11:20:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002c6103a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-59093-01.
    3/18/2012 11:14:17 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c94f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-47034-01.
    3/18/2012 11:13:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AffinegyService service to connect.
    3/18/2012 11:13:17 PM, Error: Service Control Manager [7000] - The AffinegyService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/18/2012 11:12:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c5af95, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-111634-01.
    3/18/2012 11:10:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c59f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-50450-01.
    3/18/2012 11:07:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cb303a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-81869-01.
    3/18/2012 11:05:55 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca2f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-48204-01.
    3/18/2012 11:03:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c4cf95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-59327-01.
    3/18/2012 11:01:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000070000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca8f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-47205-01.
    3/18/2012 10:57:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ca0f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-52650-01.
    3/18/2012 10:56:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD SmartWare Background Service service to connect.
    3/18/2012 10:52:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    3/18/2012 10:52:29 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/18/2012 10:52:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/18/2012 10:51:06 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fefdd9a, 0x0000000000000002, 0x0000000000000001, 0xfffff80002cabf95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-47751-01.
    3/18/2012 10:41:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c52f95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-87188-01.
    3/18/2012 10:38:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    3/18/2012 10:35:38 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000400c001c, 0x0000000000000002, 0x0000000000000000, 0xfffff80002c8f756). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-71838-01.
    3/18/2012 10:26:19 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002fca3fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-68624-01.
    3/18/2012 10:17:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002c6203a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-66160-01.
    3/18/2012 10:13:42 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002c9cf95). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-69966-01.
    3/18/2012 10:09:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002ca703a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031812-72166-01.
    3/16/2012 10:40:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff88006091a45). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 031612-107469-01.
    3/16/2012 10:32:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2641653).
    3/16/2012 10:29:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).
    3/16/2012 10:29:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2665364).
    3/16/2012 10:21:06 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2621440).
    3/15/2012 9:38:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    3/15/2012 6:49:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
    .
    ==== End Of File ===========================
  3. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ====================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  4. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    ASW & Bookit Scans

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-23 09:08:21
    -----------------------------
    09:08:21.532 OS Version: Windows x64 6.1.7600
    09:08:21.532 Number of processors: 2 586 0x170A
    09:08:21.532 ComputerName: PETE-PC UserName: Pete
    09:08:25.626 Initialize success
    09:12:57.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    09:12:57.527 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
    09:12:57.527 Device \Driver\atapi -> MajorFunction fffffa80054df5c4
    09:12:57.537 Disk 0 MBR read successfully
    09:12:57.537 Disk 0 MBR scan
    09:12:57.537 Disk 0 TDL4@MBR code has been found
    09:12:57.547 Disk 0 MBR hidden
    09:12:57.567 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    09:12:57.617 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292632 MB offset 409600
    09:12:57.687 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12412 MB offset 599719936
    09:12:57.697 Disk 0 MBR [TDL4] **ROOTKIT**
    09:12:57.707 Disk 0 trace - called modules:
    09:12:57.707 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80054df5c4]<<
    09:12:57.717 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5a060]
    09:12:57.727 3 CLASSPNP.SYS[fffff8800110a43f] -> nt!IofCallDriver -> [0xfffffa80047ea1e0]
    09:12:57.727 5 ACPI.sys[fffff88000f63781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800480a060]
    09:12:57.737 \Driver\atapi[0xfffffa80054f08f0] -> IRP_MJ_CREATE -> 0xfffffa80054df5c4
    09:12:57.747 Scan finished successfully
    09:13:38.587 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
    09:13:38.587 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR.txt"



    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  5. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  6. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    TDSSKiller Pt. 1

    14:48:32.0118 8472 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
    14:48:34.0134 8472 ============================================================
    14:48:34.0134 8472 Current date / time: 2012/03/23 14:48:34.0134
    14:48:34.0134 8472 SystemInfo:
    14:48:34.0134 8472
    14:48:34.0134 8472 OS Version: 6.1.7600 ServicePack: 0.0
    14:48:34.0134 8472 Product type: Workstation
    14:48:34.0134 8472 ComputerName: PETE-PC
    14:48:34.0134 8472 UserName: Pete
    14:48:34.0134 8472 Windows directory: C:\Windows
    14:48:34.0134 8472 System windows directory: C:\Windows
    14:48:34.0134 8472 Running under WOW64
    14:48:34.0134 8472 Processor architecture: Intel x64
    14:48:34.0134 8472 Number of processors: 2
    14:48:34.0134 8472 Page size: 0x1000
    14:48:34.0134 8472 Boot type: Normal boot
    14:48:34.0134 8472 ============================================================
    14:48:37.0454 8472 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    14:48:37.0464 8472 \Device\Harddisk0\DR0:
    14:48:37.0464 8472 MBR used
    14:48:37.0464 8472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    14:48:37.0464 8472 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23B8C000
    14:48:37.0464 8472 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23BF0000, BlocksNum 0x183E000
    14:48:37.0656 8472 Initialize success
    14:48:37.0656 8472 ============================================================
    14:48:48.0652 6324 ============================================================
    14:48:48.0652 6324 Scan started
    14:48:48.0652 6324 Mode: Manual;
    14:48:48.0652 6324 ============================================================
    14:48:50.0754 6324 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    14:48:50.0774 6324 1394ohci - ok
    14:48:50.0854 6324 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    14:48:50.0864 6324 ACPI - ok
    14:48:50.0904 6324 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    14:48:50.0924 6324 AcpiPmi - ok
    14:48:51.0004 6324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    14:48:51.0014 6324 adp94xx - ok
    14:48:51.0084 6324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    14:48:51.0084 6324 adpahci - ok
    14:48:51.0114 6324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    14:48:51.0114 6324 adpu320 - ok
    14:48:51.0154 6324 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    14:48:51.0164 6324 AeLookupSvc - ok
    14:48:51.0254 6324 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    14:48:51.0254 6324 AESTFilters - ok
    14:48:51.0334 6324 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    14:48:51.0344 6324 AFD - ok
    14:48:51.0544 6324 AffinegyService (7f1130830b3ba85921519a5616e29803) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    14:48:51.0554 6324 AffinegyService - ok
    14:48:51.0644 6324 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
    14:48:51.0644 6324 AgereModemAudio - ok
    14:48:51.0744 6324 AgereSoftModem (af4748ef93416159459769a24a0053af) C:\Windows\system32\DRIVERS\agrsm64.sys
    14:48:51.0784 6324 AgereSoftModem - ok
    14:48:52.0034 6324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    14:48:52.0034 6324 agp440 - ok
    14:48:52.0094 6324 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    14:48:52.0094 6324 ALG - ok
    14:48:52.0144 6324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    14:48:52.0144 6324 aliide - ok
    14:48:52.0164 6324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    14:48:52.0164 6324 amdide - ok
    14:48:52.0224 6324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    14:48:52.0224 6324 AmdK8 - ok
    14:48:52.0234 6324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    14:48:52.0244 6324 AmdPPM - ok
    14:48:52.0314 6324 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    14:48:52.0314 6324 amdsata - ok
    14:48:52.0344 6324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    14:48:52.0354 6324 amdsbs - ok
    14:48:52.0394 6324 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    14:48:52.0394 6324 amdxata - ok
    14:48:52.0474 6324 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    14:48:52.0494 6324 AppID - ok
    14:48:52.0554 6324 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    14:48:52.0574 6324 AppIDSvc - ok
    14:48:52.0604 6324 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    14:48:52.0604 6324 Appinfo - ok
    14:48:52.0744 6324 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    14:48:52.0744 6324 Apple Mobile Device - ok
    14:48:52.0854 6324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    14:48:52.0864 6324 arc - ok
    14:48:52.0874 6324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    14:48:52.0884 6324 arcsas - ok
    14:48:52.0944 6324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:48:52.0944 6324 AsyncMac - ok
    14:48:52.0964 6324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    14:48:52.0964 6324 atapi - ok
    14:48:53.0034 6324 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    14:48:53.0044 6324 AudioEndpointBuilder - ok
    14:48:53.0054 6324 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
    14:48:53.0054 6324 AudioSrv - ok
    14:48:53.0116 6324 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
    14:48:53.0116 6324 AxInstSV - ok
    14:48:53.0186 6324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    14:48:53.0186 6324 b06bdrv - ok
    14:48:53.0256 6324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:48:53.0256 6324 b57nd60a - ok
    14:48:53.0456 6324 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    14:48:53.0456 6324 BBSvc - ok
    14:48:53.0526 6324 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    14:48:53.0536 6324 BBUpdate - ok
    14:48:53.0626 6324 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    14:48:53.0636 6324 BDESVC - ok
    14:48:53.0716 6324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    14:48:53.0726 6324 Beep - ok
    14:48:53.0876 6324 Belkin Local Backup Service (299e54db3638a18e47bd3a2d2ef499f7) C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    14:48:53.0876 6324 Belkin Local Backup Service - ok
    14:48:53.0926 6324 Belkin Network USB Helper (e62a04d615a8cac83601e1f07c010d3c) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    14:48:53.0926 6324 Belkin Network USB Helper - ok
    14:48:54.0016 6324 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
    14:48:54.0026 6324 BFE - ok
    14:48:54.0276 6324 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
    14:48:54.0296 6324 BHDrvx64 - ok
    14:48:54.0396 6324 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
    14:48:54.0416 6324 BITS - ok
    14:48:54.0476 6324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    14:48:54.0486 6324 blbdrive - ok
    14:48:54.0646 6324 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    14:48:54.0646 6324 Bonjour Service - ok
    14:48:54.0706 6324 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    14:48:54.0726 6324 bowser - ok
    14:48:54.0756 6324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:48:54.0756 6324 BrFiltLo - ok
    14:48:54.0776 6324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:48:54.0786 6324 BrFiltUp - ok
    14:48:54.0816 6324 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
    14:48:54.0816 6324 Browser - ok
    14:48:54.0856 6324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    14:48:54.0866 6324 Brserid - ok
    14:48:54.0886 6324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    14:48:54.0886 6324 BrSerWdm - ok
    14:48:54.0906 6324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:48:54.0906 6324 BrUsbMdm - ok
    14:48:54.0926 6324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    14:48:54.0926 6324 BrUsbSer - ok
    14:48:54.0956 6324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    14:48:54.0956 6324 BTHMODEM - ok
    14:48:54.0976 6324 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    14:48:54.0976 6324 bthserv - ok
    14:48:55.0116 6324 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306010.008\ccSetx64.sys
    14:48:55.0126 6324 ccSet_NIS - ok
    14:48:55.0196 6324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:48:55.0196 6324 cdfs - ok
    14:48:55.0266 6324 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    14:48:55.0266 6324 cdrom - ok
    14:48:55.0346 6324 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    14:48:55.0346 6324 CertPropSvc - ok
    14:48:55.0366 6324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    14:48:55.0366 6324 circlass - ok
    14:48:55.0396 6324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    14:48:55.0406 6324 CLFS - ok
    14:48:55.0476 6324 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:48:55.0486 6324 clr_optimization_v2.0.50727_32 - ok
    14:48:55.0546 6324 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    14:48:55.0546 6324 clr_optimization_v2.0.50727_64 - ok
    14:48:55.0696 6324 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:48:55.0716 6324 clr_optimization_v4.0.30319_32 - ok
    14:48:55.0756 6324 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    14:48:55.0766 6324 clr_optimization_v4.0.30319_64 - ok
    14:48:55.0866 6324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:48:55.0866 6324 CmBatt - ok
    14:48:55.0886 6324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    14:48:55.0886 6324 cmdide - ok
    14:48:55.0946 6324 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    14:48:55.0966 6324 CNG - ok
    14:48:56.0026 6324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    14:48:56.0036 6324 Compbatt - ok
    14:48:56.0096 6324 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    14:48:56.0096 6324 CompositeBus - ok
    14:48:56.0126 6324 COMSysApp - ok
    14:48:56.0156 6324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    14:48:56.0156 6324 crcdisk - ok
    14:48:56.0216 6324 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
    14:48:56.0216 6324 CryptSvc - ok
    14:48:56.0276 6324 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    14:48:56.0276 6324 DcomLaunch - ok
    14:48:56.0316 6324 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    14:48:56.0326 6324 defragsvc - ok
    14:48:56.0376 6324 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    14:48:56.0376 6324 DfsC - ok
    14:48:56.0436 6324 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
    14:48:56.0436 6324 Dhcp - ok
    14:48:56.0466 6324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    14:48:56.0486 6324 discache - ok
    14:48:56.0556 6324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    14:48:56.0556 6324 Disk - ok
    14:48:56.0626 6324 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
    14:48:56.0626 6324 Dnscache - ok
    14:48:56.0686 6324 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
    14:48:56.0696 6324 dot3svc - ok
    14:48:56.0736 6324 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
    14:48:56.0736 6324 DPS - ok
    14:48:56.0796 6324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    14:48:56.0796 6324 drmkaud - ok
    14:48:56.0886 6324 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    14:48:56.0896 6324 DXGKrnl - ok
    14:48:56.0976 6324 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    14:48:56.0976 6324 EapHost - ok
    14:48:57.0126 6324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    14:48:57.0166 6324 ebdrv - ok
    14:48:57.0266 6324 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    14:48:57.0276 6324 eeCtrl - ok
    14:48:57.0366 6324 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
    14:48:57.0366 6324 EFS - ok
    14:48:57.0456 6324 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
    14:48:57.0466 6324 ehRecvr - ok
    14:48:57.0506 6324 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    14:48:57.0526 6324 ehSched - ok
    14:48:57.0606 6324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    14:48:57.0616 6324 elxstor - ok
    14:48:57.0746 6324 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    14:48:57.0746 6324 EraserUtilRebootDrv - ok
    14:48:57.0776 6324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    14:48:57.0776 6324 ErrDev - ok
    14:48:57.0856 6324 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    14:48:57.0856 6324 EventSystem - ok
    14:48:57.0896 6324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    14:48:57.0896 6324 exfat - ok
    14:48:57.0926 6324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    14:48:57.0926 6324 fastfat - ok
    14:48:57.0986 6324 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
    14:48:57.0996 6324 Fax - ok
    14:48:58.0026 6324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    14:48:58.0026 6324 fdc - ok
    14:48:58.0056 6324 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    14:48:58.0056 6324 fdPHost - ok
    14:48:58.0076 6324 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    14:48:58.0096 6324 FDResPub - ok
    14:48:58.0126 6324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    14:48:58.0126 6324 FileInfo - ok
    14:48:58.0136 6324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    14:48:58.0136 6324 Filetrace - ok
    14:48:58.0176 6324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:48:58.0176 6324 flpydisk - ok
    14:48:58.0246 6324 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    14:48:58.0246 6324 FltMgr - ok
    14:48:58.0326 6324 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
    14:48:58.0336 6324 FontCache - ok
    14:48:58.0426 6324 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    14:48:58.0426 6324 FontCache3.0.0.0 - ok
    14:48:58.0506 6324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    14:48:58.0506 6324 FsDepends - ok
    14:48:58.0526 6324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    14:48:58.0526 6324 Fs_Rec - ok
    14:48:58.0586 6324 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    14:48:58.0596 6324 fvevol - ok
    14:48:58.0656 6324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:48:58.0656 6324 gagp30kx - ok
    14:48:58.0766 6324 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    14:48:58.0776 6324 GameConsoleService - ok
    14:48:58.0826 6324 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    14:48:58.0836 6324 GEARAspiWDM - ok
    14:48:58.0886 6324 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
    14:48:58.0906 6324 gpsvc - ok
    14:48:58.0946 6324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    14:48:58.0946 6324 hcw85cir - ok
    14:48:59.0006 6324 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    14:48:59.0016 6324 HdAudAddService - ok
    14:48:59.0076 6324 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    14:48:59.0096 6324 HDAudBus - ok
    14:48:59.0126 6324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    14:48:59.0136 6324 HidBatt - ok
    14:48:59.0166 6324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    14:48:59.0186 6324 HidBth - ok
    14:48:59.0226 6324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    14:48:59.0226 6324 HidIr - ok
    14:48:59.0356 6324 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    14:48:59.0356 6324 hidserv - ok
    14:48:59.0426 6324 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    14:48:59.0456 6324 HidUsb - ok
    14:48:59.0496 6324 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
    14:48:59.0496 6324 hkmsvc - ok
    14:48:59.0516 6324 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
    14:48:59.0526 6324 HomeGroupListener - ok
    14:48:59.0556 6324 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
    14:48:59.0556 6324 HomeGroupProvider - ok
    14:48:59.0716 6324 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    14:48:59.0716 6324 HP Support Assistant Service - ok
    14:48:59.0816 6324 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    14:48:59.0816 6324 HPDrvMntSvc.exe - ok
    14:48:59.0916 6324 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    14:48:59.0916 6324 HpqKbFiltr - ok
    14:48:59.0976 6324 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
  7. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    TDSSKiller Pt.2

    14:48:59.0986 6324 hpqwmiex - ok
    14:49:00.0056 6324 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    14:49:00.0056 6324 HpSAMD - ok
    14:49:00.0156 6324 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    14:49:00.0166 6324 HTTP - ok
    14:49:00.0186 6324 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    14:49:00.0186 6324 hwpolicy - ok
    14:49:00.0276 6324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    14:49:00.0276 6324 i8042prt - ok
    14:49:00.0366 6324 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    14:49:00.0386 6324 iaStorV - ok
    14:49:00.0516 6324 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    14:49:00.0526 6324 idsvc - ok
    14:49:00.0756 6324 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120321.001_a07\IDSvia64.sys
    14:49:00.0766 6324 IDSVia64 - ok
    14:49:01.0066 6324 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
    14:49:01.0218 6324 igfx - ok
    14:49:01.0348 6324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    14:49:01.0348 6324 iirsp - ok
    14:49:01.0398 6324 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
    14:49:01.0408 6324 IKEEXT - ok
    14:49:01.0498 6324 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
    14:49:01.0498 6324 IntcHdmiAddService - ok
    14:49:01.0518 6324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    14:49:01.0518 6324 intelide - ok
    14:49:01.0578 6324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    14:49:01.0578 6324 intelppm - ok
    14:49:01.0588 6324 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    14:49:01.0598 6324 IPBusEnum - ok
    14:49:01.0618 6324 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:49:01.0628 6324 IpFilterDriver - ok
    14:49:01.0668 6324 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
    14:49:01.0678 6324 iphlpsvc - ok
    14:49:01.0698 6324 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    14:49:01.0708 6324 IPMIDRV - ok
    14:49:01.0718 6324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    14:49:01.0718 6324 IPNAT - ok
    14:49:01.0788 6324 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
    14:49:01.0808 6324 iPod Service - ok
    14:49:01.0858 6324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    14:49:01.0858 6324 IRENUM - ok
    14:49:01.0898 6324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    14:49:01.0898 6324 isapnp - ok
    14:49:01.0928 6324 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    14:49:01.0928 6324 iScsiPrt - ok
    14:49:01.0978 6324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:49:01.0988 6324 kbdclass - ok
    14:49:02.0038 6324 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    14:49:02.0038 6324 kbdhid - ok
    14:49:02.0088 6324 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    14:49:02.0108 6324 KeyIso - ok
    14:49:02.0128 6324 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    14:49:02.0168 6324 KSecDD - ok
    14:49:02.0198 6324 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    14:49:02.0208 6324 KSecPkg - ok
    14:49:02.0238 6324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    14:49:02.0238 6324 ksthunk - ok
    14:49:02.0278 6324 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    14:49:02.0288 6324 KtmRm - ok
    14:49:02.0378 6324 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
    14:49:02.0398 6324 LanmanServer - ok
    14:49:02.0440 6324 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
    14:49:02.0440 6324 LanmanWorkstation - ok
    14:49:02.0792 6324 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    14:49:02.0792 6324 LightScribeService - ok
    14:49:02.0882 6324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    14:49:02.0892 6324 lltdio - ok
    14:49:02.0941 6324 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    14:49:02.0947 6324 lltdsvc - ok
    14:49:02.0969 6324 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    14:49:02.0971 6324 lmhosts - ok
    14:49:03.0034 6324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:49:03.0054 6324 LSI_FC - ok
    14:49:03.0084 6324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:49:03.0094 6324 LSI_SAS - ok
    14:49:03.0104 6324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:49:03.0115 6324 LSI_SAS2 - ok
    14:49:03.0148 6324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:49:03.0151 6324 LSI_SCSI - ok
    14:49:03.0266 6324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    14:49:03.0269 6324 luafv - ok
    14:49:03.0386 6324 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
    14:49:03.0416 6324 Mcx2Svc - ok
    14:49:03.0456 6324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    14:49:03.0456 6324 megasas - ok
    14:49:03.0496 6324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    14:49:03.0506 6324 MegaSR - ok
    14:49:03.0566 6324 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    14:49:03.0566 6324 MMCSS - ok
    14:49:03.0606 6324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    14:49:03.0606 6324 Modem - ok
    14:49:03.0656 6324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    14:49:03.0656 6324 monitor - ok
    14:49:03.0726 6324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    14:49:03.0726 6324 mouclass - ok
    14:49:03.0786 6324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    14:49:03.0786 6324 mouhid - ok
    14:49:03.0806 6324 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    14:49:03.0806 6324 mountmgr - ok
    14:49:03.0886 6324 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    14:49:03.0886 6324 mpio - ok
    14:49:03.0941 6324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    14:49:03.0943 6324 mpsdrv - ok
    14:49:03.0978 6324 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
    14:49:03.0998 6324 MpsSvc - ok
    14:49:04.0018 6324 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    14:49:04.0018 6324 MRxDAV - ok
    14:49:04.0068 6324 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:49:04.0068 6324 mrxsmb - ok
    14:49:04.0158 6324 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:49:04.0188 6324 mrxsmb10 - ok
    14:49:04.0218 6324 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:49:04.0218 6324 mrxsmb20 - ok
    14:49:04.0248 6324 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    14:49:04.0248 6324 msahci - ok
    14:49:04.0298 6324 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    14:49:04.0298 6324 msdsm - ok
    14:49:04.0328 6324 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    14:49:04.0328 6324 MSDTC - ok
    14:49:04.0398 6324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    14:49:04.0408 6324 Msfs - ok
    14:49:04.0438 6324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    14:49:04.0438 6324 mshidkmdf - ok
    14:49:04.0448 6324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    14:49:04.0448 6324 msisadrv - ok
    14:49:04.0528 6324 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    14:49:04.0538 6324 MSiSCSI - ok
    14:49:04.0548 6324 msiserver - ok
    14:49:04.0618 6324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    14:49:04.0628 6324 MSKSSRV - ok
    14:49:04.0668 6324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:49:04.0668 6324 MSPCLOCK - ok
    14:49:04.0678 6324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    14:49:04.0678 6324 MSPQM - ok
    14:49:04.0728 6324 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    14:49:04.0738 6324 MsRPC - ok
    14:49:04.0768 6324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    14:49:04.0768 6324 mssmbios - ok
    14:49:04.0778 6324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    14:49:04.0778 6324 MSTEE - ok
    14:49:04.0838 6324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    14:49:04.0838 6324 MTConfig - ok
    14:49:04.0888 6324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    14:49:04.0898 6324 Mup - ok
    14:49:04.0928 6324 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
    14:49:04.0938 6324 napagent - ok
    14:49:05.0008 6324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    14:49:05.0028 6324 NativeWifiP - ok
    14:49:05.0208 6324 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120322.003\ENG64.SYS
    14:49:05.0208 6324 NAVENG - ok
    14:49:05.0298 6324 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120322.003\EX64.SYS
    14:49:05.0328 6324 NAVEX15 - ok
    14:49:05.0448 6324 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    14:49:05.0468 6324 NDIS - ok
    14:49:05.0518 6324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    14:49:05.0548 6324 NdisCap - ok
    14:49:05.0588 6324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    14:49:05.0588 6324 NdisTapi - ok
    14:49:05.0638 6324 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    14:49:05.0638 6324 Ndisuio - ok
    14:49:05.0658 6324 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    14:49:05.0668 6324 NdisWan - ok
    14:49:05.0688 6324 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    14:49:05.0698 6324 NDProxy - ok
    14:49:05.0708 6324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    14:49:05.0708 6324 NetBIOS - ok
    14:49:05.0748 6324 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    14:49:05.0748 6324 NetBT - ok
    14:49:05.0798 6324 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    14:49:05.0798 6324 Netlogon - ok
    14:49:05.0878 6324 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    14:49:05.0878 6324 Netman - ok
    14:49:05.0908 6324 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    14:49:05.0918 6324 netprofm - ok
    14:49:06.0008 6324 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    14:49:06.0008 6324 NetTcpPortSharing - ok
    14:49:06.0278 6324 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
    14:49:06.0438 6324 NETw1v64 - ok
    14:49:06.0758 6324 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
    14:49:06.0918 6324 NETw5s64 - ok
    14:49:07.0168 6324 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    14:49:07.0328 6324 netw5v64 - ok
    14:49:07.0728 6324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    14:49:07.0738 6324 nfrd960 - ok
    14:49:07.0898 6324 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
    14:49:07.0908 6324 NIS - ok
    14:49:07.0968 6324 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
    14:49:07.0968 6324 NlaSvc - ok
    14:49:08.0108 6324 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    14:49:08.0118 6324 nmservice - ok
    14:49:08.0168 6324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    14:49:08.0168 6324 Npfs - ok
    14:49:08.0198 6324 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    14:49:08.0198 6324 nsi - ok
    14:49:08.0208 6324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    14:49:08.0208 6324 nsiproxy - ok
    14:49:08.0308 6324 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    14:49:08.0358 6324 Ntfs - ok
    14:49:08.0388 6324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    14:49:08.0388 6324 Null - ok
    14:49:08.0468 6324 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    14:49:08.0468 6324 nvraid - ok
    14:49:08.0528 6324 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    14:49:08.0538 6324 nvstor - ok
    14:49:08.0588 6324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    14:49:08.0588 6324 nv_agp - ok
    14:49:08.0618 6324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    14:49:08.0618 6324 ohci1394 - ok
    14:49:08.0728 6324 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:49:08.0728 6324 ose - ok
    14:49:08.0788 6324 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    14:49:08.0798 6324 p2pimsvc - ok
    14:49:08.0838 6324 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    14:49:08.0868 6324 p2psvc - ok
    14:49:08.0938 6324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    14:49:08.0938 6324 Parport - ok
    14:49:08.0968 6324 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    14:49:08.0968 6324 partmgr - ok
    14:49:08.0998 6324 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    14:49:08.0998 6324 PcaSvc - ok
    14:49:09.0048 6324 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    14:49:09.0048 6324 pci - ok
    14:49:09.0068 6324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    14:49:09.0068 6324 pciide - ok
    14:49:09.0088 6324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    14:49:09.0088 6324 pcmcia - ok
    14:49:09.0178 6324 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
    14:49:09.0188 6324 pcouffin - ok
    14:49:09.0228 6324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    14:49:09.0258 6324 pcw - ok
    14:49:09.0308 6324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    14:49:09.0338 6324 PEAUTH - ok
    14:49:09.0408 6324 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    14:49:09.0408 6324 PerfHost - ok
    14:49:09.0598 6324 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
    14:49:09.0628 6324 pla - ok
    14:49:09.0698 6324 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
    14:49:09.0708 6324 PlugPlay - ok
    14:49:09.0808 6324 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
    14:49:09.0808 6324 pnarp - ok
    14:49:09.0848 6324 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    14:49:09.0848 6324 PNRPAutoReg - ok
    14:49:09.0868 6324 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    14:49:09.0868 6324 PNRPsvc - ok
    14:49:09.0918 6324 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
    14:49:09.0918 6324 PolicyAgent - ok
    14:49:09.0948 6324 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    14:49:09.0958 6324 Power - ok
    14:49:10.0048 6324 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    14:49:10.0078 6324 PptpMiniport - ok
    14:49:10.0128 6324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    14:49:10.0128 6324 Processor - ok
    14:49:10.0198 6324 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
    14:49:10.0208 6324 ProfSvc - ok
    14:49:10.0248 6324 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    14:49:10.0258 6324 ProtectedStorage - ok
    14:49:10.0318 6324 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    14:49:10.0318 6324 Psched - ok
    14:49:10.0408 6324 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
    14:49:10.0408 6324 purendis - ok
    14:49:10.0478 6324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    14:49:10.0508 6324 ql2300 - ok
    14:49:10.0528 6324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    14:49:10.0538 6324 ql40xx - ok
    14:49:10.0580 6324 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    14:49:10.0580 6324 QWAVE - ok
    14:49:10.0620 6324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    14:49:10.0620 6324 QWAVEdrv - ok
    14:49:10.0680 6324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    14:49:10.0680 6324 RasAcd - ok
    14:49:10.0760 6324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:49:10.0770 6324 RasAgileVpn - ok
    14:49:10.0790 6324 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    14:49:10.0800 6324 RasAuto - ok
    14:49:10.0820 6324 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:49:10.0820 6324 Rasl2tp - ok
    14:49:10.0870 6324 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
    14:49:10.0880 6324 RasMan - ok
    14:49:10.0920 6324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:49:10.0920 6324 RasPppoe - ok
    14:49:10.0960 6324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    14:49:10.0960 6324 RasSstp - ok
    14:49:11.0000 6324 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    14:49:11.0010 6324 rdbss - ok
    14:49:11.0050 6324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    14:49:11.0050 6324 rdpbus - ok
    14:49:11.0080 6324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:49:11.0080 6324 RDPCDD - ok
    14:49:11.0190 6324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    14:49:11.0190 6324 RDPENCDD - ok
    14:49:11.0210 6324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    14:49:11.0210 6324 RDPREFMP - ok
    14:49:11.0270 6324 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    14:49:11.0280 6324 RDPWD - ok
    14:49:11.0340 6324 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    14:49:11.0340 6324 rdyboost - ok
    14:49:11.0370 6324 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    14:49:11.0380 6324 RemoteAccess - ok
    14:49:11.0410 6324 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    14:49:11.0430 6324 RemoteRegistry - ok
    14:49:11.0560 6324 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    14:49:11.0560 6324 RichVideo - ok
    14:49:11.0702 6324 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    14:49:11.0712 6324 RpcEptMapper - ok
    14:49:11.0732 6324 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    14:49:11.0732 6324 RpcLocator - ok
    14:49:11.0802 6324 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
    14:49:11.0812 6324 RpcSs - ok
    14:49:11.0892 6324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    14:49:11.0902 6324 rspndr - ok
    14:49:11.0942 6324 RSUSBSTOR - ok
    14:49:11.0992 6324 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
    14:49:11.0992 6324 RTL8167 - ok
    14:49:12.0032 6324 RtsUIR - ok
    14:49:12.0072 6324 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    14:49:12.0072 6324 SamSs - ok
    14:49:12.0122 6324 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    14:49:12.0142 6324 sbp2port - ok
    14:49:12.0192 6324 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    14:49:12.0202 6324 SCardSvr - ok
    14:49:12.0232 6324 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    14:49:12.0242 6324 scfilter - ok
    14:49:12.0332 6324 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
    14:49:12.0352 6324 Schedule - ok
    14:49:12.0392 6324 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
    14:49:12.0392 6324 SCPolicySvc - ok
    14:49:12.0422 6324 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
    14:49:12.0422 6324 sdbus - ok
    14:49:12.0472 6324 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
    14:49:12.0472 6324 SDRSVC - ok
    14:49:12.0522 6324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    14:49:12.0532 6324 secdrv - ok
    14:49:12.0542 6324 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
    14:49:12.0542 6324 seclogon - ok
    14:49:12.0562 6324 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    14:49:12.0562 6324 SENS - ok
    14:49:12.0612 6324 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    14:49:12.0642 6324 SensrSvc - ok
    14:49:12.0682 6324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    14:49:12.0682 6324 Serenum - ok
    14:49:12.0722 6324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    14:49:12.0812 6324 Serial - ok
    14:49:12.0872 6324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    14:49:12.0872 6324 sermouse - ok
    14:49:12.0912 6324 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
    14:49:12.0912 6324 SessionEnv - ok
    14:49:12.0942 6324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    14:49:12.0952 6324 sffdisk - ok
    14:49:12.0962 6324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    14:49:12.0972 6324 sffp_mmc - ok
    14:49:12.0982 6324 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    14:49:12.0982 6324 sffp_sd - ok
    14:49:13.0000 6324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    14:49:13.0001 6324 sfloppy - ok
    14:49:13.0064 6324 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    14:49:13.0074 6324 SharedAccess - ok
    14:49:13.0104 6324 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
    14:49:13.0114 6324 ShellHWDetection - ok
    14:49:13.0174 6324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:49:13.0184 6324 SiSRaid2 - ok
    14:49:13.0274 6324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    14:49:13.0274 6324 SiSRaid4 - ok
    14:49:13.0334 6324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    14:49:13.0334 6324 Smb - ok
    14:49:13.0404 6324 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    14:49:13.0404 6324 SNMPTRAP - ok
    14:49:13.0424 6324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    14:49:13.0434 6324 spldr - ok
    14:49:13.0494 6324 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
    14:49:13.0504 6324 Spooler - ok
    14:49:13.0604 6324 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
    14:49:13.0674 6324 sppsvc - ok
    14:49:13.0774 6324 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    14:49:13.0774 6324 sppuinotify - ok
    14:49:13.0944 6324 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306010.008\SRTSP64.SYS
    14:49:13.0954 6324 SRTSP - ok
    14:49:13.0984 6324 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306010.008\SRTSPX64.SYS
    14:49:14.0004 6324 SRTSPX - ok
    14:49:14.0054 6324 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    14:49:14.0054 6324 srv - ok
    14:49:14.0084 6324 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    14:49:14.0114 6324 srv2 - ok
    14:49:14.0194 6324 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    14:49:14.0194 6324 SrvHsfHDA - ok
    14:49:14.0264 6324 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    14:49:14.0284 6324 SrvHsfV92 - ok
    14:49:14.0314 6324 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    14:49:14.0324 6324 SrvHsfWinac - ok
    14:49:14.0384 6324 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    14:49:14.0404 6324 srvnet - ok
    14:49:14.0594 6324 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    14:49:14.0594 6324 SSDPSRV - ok
    14:49:14.0614 6324 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    14:49:14.0624 6324 SstpSvc - ok
    14:49:14.0724 6324 STacSV (810199dcc3bdc38304d7d649992ea7bc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    14:49:14.0724 6324 STacSV - ok
    14:49:14.0764 6324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    14:49:14.0764 6324 stexstor - ok
    14:49:14.0854 6324 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
    14:49:14.0864 6324 STHDA - ok
    14:49:14.0934 6324 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
    14:49:14.0944 6324 stisvc - ok
    14:49:14.0974 6324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    14:49:14.0974 6324 swenum - ok
    14:49:15.0024 6324 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    14:49:15.0034 6324 swprv - ok
    14:49:15.0094 6324 sxuptp (52eb25bd8ab4e331028c48b178441b36) C:\Windows\system32\DRIVERS\sxuptp.sys
    14:49:15.0094 6324 sxuptp - ok
    14:49:15.0244 6324 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306010.008\SYMDS64.SYS
    14:49:15.0254 6324 SymDS - ok
    14:49:15.0324 6324 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306010.008\SYMEFA64.SYS
    14:49:15.0344 6324 SymEFA - ok
    14:49:15.0474 6324 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    14:49:15.0474 6324 SymEvent - ok
    14:49:15.0524 6324 SYMFW - ok
    14:49:15.0574 6324 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306010.008\Ironx64.SYS
    14:49:15.0574 6324 SymIRON - ok
    14:49:15.0594 6324 SYMNDISV - ok
    14:49:15.0674 6324 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306010.008\SYMNETS.SYS
    14:49:15.0684 6324 SymNetS - ok
    14:49:15.0734 6324 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\Windows\system32\DRIVERS\SynTP.sys
    14:49:15.0754 6324 SynTP - ok
    14:49:15.0874 6324 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
    14:49:15.0894 6324 SysMain - ok
    14:49:15.0914 6324 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
    14:49:15.0914 6324 TabletInputService - ok
    14:49:15.0934 6324 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
    14:49:15.0944 6324 TapiSrv - ok
    14:49:15.0954 6324 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    14:49:15.0954 6324 TBS - ok
    14:49:16.0094 6324 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
    14:49:16.0114 6324 Tcpip - ok
    14:49:16.0174 6324 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
    14:49:16.0184 6324 TCPIP6 - ok
    14:49:16.0314 6324 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    14:49:16.0324 6324 tcpipreg - ok
    14:49:16.0384 6324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    14:49:16.0404 6324 TDPIPE - ok
    14:49:16.0454 6324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    14:49:16.0464 6324 TDTCP - ok
    14:49:16.0524 6324 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    14:49:16.0544 6324 tdx - ok
    14:49:16.0584 6324 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    14:49:16.0584 6324 TermDD - ok
    14:49:16.0644 6324 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
    14:49:16.0654 6324 TermService - ok
    14:49:16.0684 6324 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    14:49:16.0694 6324 Themes - ok
    14:49:16.0724 6324 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    14:49:16.0724 6324 THREADORDER - ok
    14:49:16.0754 6324 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    14:49:16.0764 6324 TrkWks - ok
    14:49:16.0824 6324 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
    14:49:16.0824 6324 TrustedInstaller - ok
    14:49:16.0894 6324 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:49:16.0894 6324 tssecsrv - ok
    14:49:16.0964 6324 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    14:49:16.0964 6324 tunnel - ok
    14:49:17.0004 6324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    14:49:17.0014 6324 uagp35 - ok
    14:49:17.0054 6324 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    14:49:17.0054 6324 udfs - ok
    14:49:17.0124 6324 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    14:49:17.0134 6324 UI0Detect - ok
    14:49:17.0174 6324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    14:49:17.0174 6324 uliagpkx - ok
    14:49:17.0234 6324 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    14:49:17.0234 6324 umbus - ok
    14:49:17.0264 6324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    14:49:17.0264 6324 UmPass - ok
    14:49:17.0304 6324 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    14:49:17.0304 6324 upnphost - ok
    14:49:17.0384 6324 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    14:49:17.0386 6324 USBAAPL64 - ok
    14:49:17.0436 6324 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:49:17.0436 6324 usbccgp - ok
    14:49:17.0446 6324 USBCCID - ok
    14:49:17.0536 6324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    14:49:17.0546 6324 usbcir - ok
    14:49:17.0576 6324 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
    14:49:17.0576 6324 usbehci - ok
    14:49:17.0656 6324 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
    14:49:17.0656 6324 usbhub - ok
    14:49:17.0757 6324 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
    14:49:17.0760 6324 usbohci - ok
    14:49:17.0828 6324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    14:49:17.0828 6324 usbprint - ok
    14:49:17.0888 6324 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
    14:49:17.0888 6324 USBSTOR - ok
    14:49:17.0928 6324 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
    14:49:17.0938 6324 usbuhci - ok
    14:49:17.0978 6324 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    14:49:17.0978 6324 usbvideo - ok
    14:49:18.0018 6324 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    14:49:18.0018 6324 UxSms - ok
    14:49:18.0058 6324 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
    14:49:18.0068 6324 VaultSvc - ok
    14:49:18.0148 6324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    14:49:18.0178 6324 vdrvroot - ok
    14:49:18.0228 6324 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
    14:49:18.0238 6324 vds - ok
    14:49:18.0278 6324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:49:18.0278 6324 vga - ok
    14:49:18.0298 6324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    14:49:18.0308 6324 VgaSave - ok
    14:49:18.0428 6324 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    14:49:18.0458 6324 vhdmp - ok
    14:49:18.0508 6324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    14:49:18.0508 6324 viaide - ok
    14:49:18.0558 6324 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    14:49:18.0558 6324 volmgr - ok
    14:49:18.0598 6324 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    14:49:18.0608 6324 volmgrx - ok
    14:49:18.0648 6324 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    14:49:18.0658 6324 volsnap - ok
    14:49:18.0758 6324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    14:49:18.0768 6324 vsmraid - ok
    14:49:18.0888 6324 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
    14:49:18.0918 6324 VSS - ok
    14:49:18.0961 6324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    14:49:18.0963 6324 vwifibus - ok
    14:49:18.0980 6324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    14:49:18.0980 6324 vwififlt - ok
    14:49:19.0050 6324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    14:49:19.0060 6324 vwifimp - ok
    14:49:19.0120 6324 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    14:49:19.0120 6324 W32Time - ok
    14:49:19.0160 6324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    14:49:19.0160 6324 WacomPen - ok
    14:49:19.0250 6324 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    14:49:19.0260 6324 WANARP - ok
    14:49:19.0260 6324 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    14:49:19.0260 6324 Wanarpv6 - ok
    14:49:19.0350 6324 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    14:49:19.0370 6324 WatAdminSvc - ok
    14:49:19.0420 6324 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
    14:49:19.0480 6324 wbengine - ok
    14:49:19.0510 6324 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    14:49:19.0520 6324 WbioSrvc - ok
    14:49:19.0570 6324 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
    14:49:19.0580 6324 wcncsvc - ok
    14:49:19.0590 6324 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    14:49:19.0590 6324 WcsPlugInService - ok
    14:49:19.0650 6324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    14:49:19.0660 6324 Wd - ok
    14:49:19.0731 6324 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    14:49:19.0733 6324 WDC_SAM - ok
    14:49:19.0852 6324 WDDMService (fa24fbe15a8036387ecc013d06094f3d) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    14:49:19.0862 6324 WDDMService - ok
    14:49:19.0902 6324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    14:49:19.0902 6324 Wdf01000 - ok
    14:49:19.0942 6324 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    14:49:19.0942 6324 WdiServiceHost - ok
    14:49:19.0952 6324 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    14:49:19.0952 6324 WdiSystemHost - ok
    14:49:20.0062 6324 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    14:49:20.0072 6324 WDSmartWareBackgroundService - ok
    14:49:20.0122 6324 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
    14:49:20.0132 6324 WebClient - ok
    14:49:20.0162 6324 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    14:49:20.0162 6324 Wecsvc - ok
    14:49:20.0192 6324 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    14:49:20.0202 6324 wercplsupport - ok
    14:49:20.0262 6324 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    14:49:20.0262 6324 WerSvc - ok
    14:49:20.0392 6324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    14:49:20.0392 6324 WfpLwf - ok
    14:49:20.0412 6324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    14:49:20.0412 6324 WIMMount - ok
    14:49:20.0452 6324 WinDefend - ok
    14:49:20.0462 6324 WinHttpAutoProxySvc - ok
    14:49:20.0542 6324 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    14:49:20.0542 6324 Winmgmt - ok
    14:49:20.0632 6324 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
    14:49:20.0672 6324 WinRM - ok
    14:49:20.0792 6324 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
    14:49:20.0792 6324 WinUsb - ok
    14:49:20.0912 6324 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    14:49:20.0922 6324 Wlansvc - ok
    14:49:21.0002 6324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    14:49:21.0002 6324 WmiAcpi - ok
    14:49:21.0072 6324 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    14:49:21.0072 6324 wmiApSrv - ok
    14:49:21.0132 6324 WMPNetworkSvc - ok
    14:49:21.0162 6324 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    14:49:21.0172 6324 WPCSvc - ok
    14:49:21.0202 6324 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
    14:49:21.0202 6324 WPDBusEnum - ok
    14:49:21.0252 6324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    14:49:21.0262 6324 ws2ifsl - ok
    14:49:21.0312 6324 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
    14:49:21.0322 6324 wscsvc - ok
    14:49:21.0332 6324 WSearch - ok
    14:49:21.0432 6324 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
    14:49:21.0462 6324 wuauserv - ok
    14:49:21.0532 6324 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    14:49:21.0532 6324 WudfPf - ok
    14:49:21.0592 6324 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:49:21.0602 6324 WUDFRd - ok
    14:49:21.0662 6324 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
    14:49:21.0662 6324 wudfsvc - ok
    14:49:21.0682 6324 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    14:49:21.0692 6324 WwanSvc - ok
    14:49:21.0832 6324 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    14:49:21.0842 6324 YahooAUService - ok
    14:49:21.0954 6324 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    14:49:21.0964 6324 yukonw7 - ok
    14:49:21.0994 6324 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0
    14:49:22.0014 6324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    14:49:22.0014 6324 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    14:49:22.0044 6324 Boot (0x1200) (225aa7a6ba6831578e38239923fa9a38) \Device\Harddisk0\DR0\Partition0
    14:49:22.0044 6324 \Device\Harddisk0\DR0\Partition0 - ok
    14:49:22.0064 6324 Boot (0x1200) (8654605c2d41b796c55d16a20c52a0bf) \Device\Harddisk0\DR0\Partition1
    14:49:22.0064 6324 \Device\Harddisk0\DR0\Partition1 - ok
    14:49:22.0094 6324 Boot (0x1200) (297054cc668050dae986b12ed9c0112e) \Device\Harddisk0\DR0\Partition2
    14:49:22.0094 6324 \Device\Harddisk0\DR0\Partition2 - ok
    14:49:22.0094 6324 ============================================================
    14:49:22.0094 6324 Scan finished
    14:49:22.0094 6324 ============================================================
    14:49:22.0114 1676 Detected object count: 1
    14:49:22.0114 1676 Actual detected object count: 1
    14:49:42.0428 1676 \Device\Harddisk0\DR0\# - copied to quarantine
    14:49:42.0428 1676 \Device\Harddisk0\DR0 - copied to quarantine
    14:49:42.0504 1676 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    14:49:42.0504 1676 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    14:49:42.0504 1676 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    14:49:42.0514 1676 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    14:49:42.0524 1676 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    14:49:42.0534 1676 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    14:49:42.0534 1676 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    14:49:42.0534 1676 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    14:49:42.0534 1676 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    14:49:42.0544 1676 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    14:49:42.0544 1676 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    14:49:42.0544 1676 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    14:49:42.0564 1676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    14:49:42.0564 1676 \Device\Harddisk0\DR0 - ok
    14:49:45.0034 1676 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    14:50:11.0859 9072 Deinitialize success
  8. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good :)

    Post new aswMBR log.
  9. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    New aswMBR log

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-23 23:28:31
    -----------------------------
    23:28:31.588 OS Version: Windows x64 6.1.7600
    23:28:31.588 Number of processors: 2 586 0x170A
    23:28:31.588 ComputerName: PETE-PC UserName: Pete
    23:28:33.585 Initialize success
    23:32:33.477 AVAST engine defs: 12032302
    23:33:57.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:33:57.889 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
    23:33:57.905 Disk 0 MBR read successfully
    23:33:57.905 Disk 0 MBR scan
    23:33:57.920 Disk 0 unknown MBR code
    23:33:57.936 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    23:33:57.951 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292632 MB offset 409600
    23:33:57.983 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12412 MB offset 599719936
    23:33:58.029 Disk 0 scanning C:\Windows\system32\drivers
    23:34:09.324 Service scanning
    23:34:37.201 Modules scanning
    23:34:37.201 Disk 0 trace - called modules:
    23:34:37.248 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    23:34:37.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c78060]
    23:34:37.763 3 CLASSPNP.SYS[fffff8800106b43f] -> nt!IofCallDriver -> [0xfffffa80046e91e0]
    23:34:37.778 5 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004709060]
    23:34:39.369 AVAST engine scan C:\Windows
    23:34:43.160 AVAST engine scan C:\Windows\system32
    23:38:00.516 AVAST engine scan C:\Windows\system32\drivers
    23:38:16.007 AVAST engine scan C:\Users\Pete
    23:58:43.252 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
    23:58:43.267 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR2.txt"
  10. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  11. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    COMPLETE aswMBR

    Oops, apparently it wasn't done scanning when I posted it the first time. This is the complete scan. Should I continue with the ComboFix download? Thanks again.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-23 23:28:31
    -----------------------------
    23:28:31.588 OS Version: Windows x64 6.1.7600
    23:28:31.588 Number of processors: 2 586 0x170A
    23:28:31.588 ComputerName: PETE-PC UserName: Pete
    23:28:33.585 Initialize success
    23:32:33.477 AVAST engine defs: 12032302
    23:33:57.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:33:57.889 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
    23:33:57.905 Disk 0 MBR read successfully
    23:33:57.905 Disk 0 MBR scan
    23:33:57.920 Disk 0 unknown MBR code
    23:33:57.936 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    23:33:57.951 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292632 MB offset 409600
    23:33:57.983 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12412 MB offset 599719936
    23:33:58.029 Disk 0 scanning C:\Windows\system32\drivers
    23:34:09.324 Service scanning
    23:34:37.201 Modules scanning
    23:34:37.201 Disk 0 trace - called modules:
    23:34:37.248 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    23:34:37.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c78060]
    23:34:37.763 3 CLASSPNP.SYS[fffff8800106b43f] -> nt!IofCallDriver -> [0xfffffa80046e91e0]
    23:34:37.778 5 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004709060]
    23:34:39.369 AVAST engine scan C:\Windows
    23:34:43.160 AVAST engine scan C:\Windows\system32
    23:38:00.516 AVAST engine scan C:\Windows\system32\drivers
    23:38:16.007 AVAST engine scan C:\Users\Pete
    23:58:43.252 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
    23:58:43.267 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR2.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-23 23:28:31
    -----------------------------
    23:28:31.588 OS Version: Windows x64 6.1.7600
    23:28:31.588 Number of processors: 2 586 0x170A
    23:28:31.588 ComputerName: PETE-PC UserName: Pete
    23:28:33.585 Initialize success
    23:32:33.477 AVAST engine defs: 12032302
    23:33:57.889 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    23:33:57.889 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
    23:33:57.905 Disk 0 MBR read successfully
    23:33:57.905 Disk 0 MBR scan
    23:33:57.920 Disk 0 unknown MBR code
    23:33:57.936 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    23:33:57.951 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292632 MB offset 409600
    23:33:57.983 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12412 MB offset 599719936
    23:33:58.029 Disk 0 scanning C:\Windows\system32\drivers
    23:34:09.324 Service scanning
    23:34:37.201 Modules scanning
    23:34:37.201 Disk 0 trace - called modules:
    23:34:37.248 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    23:34:37.763 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c78060]
    23:34:37.763 3 CLASSPNP.SYS[fffff8800106b43f] -> nt!IofCallDriver -> [0xfffffa80046e91e0]
    23:34:37.778 5 ACPI.sys[fffff88000e1a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004709060]
    23:34:39.369 AVAST engine scan C:\Windows
    23:34:43.160 AVAST engine scan C:\Windows\system32
    23:38:00.516 AVAST engine scan C:\Windows\system32\drivers
    23:38:16.007 AVAST engine scan C:\Users\Pete
    23:58:43.252 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
    23:58:43.267 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR2.txt"
    00:01:17.388 File: C:\Users\Pete\AppData\Local\Temp\iqu_bootstrap.exe **INFECTED** Win32:Adware-gen [Adw]
    00:24:01.523 AVAST engine scan C:\ProgramData
    00:25:07.075 File: C:\ProgramData\Microsoft\Windows\DRM\595F.tmp **INFECTED** Win32:Malware-gen
    00:25:07.153 File: C:\ProgramData\Microsoft\Windows\DRM\5960.tmp **INFECTED** Win32:Malware-gen
    00:28:01.514 Scan finished successfully
    00:28:40.904 Disk 0 MBR has been saved successfully to "C:\Users\Pete\Desktop\MBR.dat"
    00:28:40.951 The log file has been saved successfully to "C:\Users\Pete\Desktop\aswMBR2.txt"
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    How is redirection?

    Go ahead with Combofix.
  13. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    Redirection seems to be working fine again. Will continue with ComboFix now. Thanks again.
     
  14. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    ComboFix Scan Results

    ComboFix 12-03-22.01 - Pete 03/24/2012 22:01:01.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2240 [GMT -4:00]
    Running from: c:\users\Pete\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Pete\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    c:\users\Pete\AppData\Roaming\inst.exe
    c:\users\Pete\AppData\Roaming\vso_ts_preview.xml
    c:\users\Pete\Documents\~WRL0004.tmp
    c:\users\Pete\Documents\~WRL0172.tmp
    c:\users\Pete\Documents\~WRL0739.tmp
    c:\users\Pete\Documents\~WRL1266.tmp
    c:\users\Pete\Documents\~WRL1610.tmp
    c:\users\Pete\Documents\~WRL1731.tmp
    c:\users\Pete\Documents\~WRL1906.tmp
    c:\users\Pete\Documents\~WRL1933.tmp
    c:\users\Pete\Documents\~WRL1981.tmp
    c:\users\Pete\Documents\~WRL2037.tmp
    c:\users\Pete\Documents\~WRL2442.tmp
    c:\users\Pete\Documents\~WRL2940.tmp
    c:\users\Pete\Documents\~WRL3228.tmp
    c:\users\Pete\Documents\~WRL3234.tmp
    c:\users\Pete\Documents\~WRL3301.tmp
    c:\windows\svchost.exe
    c:\windows\system32\drivers\etc\lmhosts
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-23 19:12 . 2012-03-24 14:26 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
    2012-03-23 18:49 . 2012-03-23 18:49 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\users\Pete\AppData\Roaming\Malwarebytes
    2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-22 17:14 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-22 13:25 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-22 13:25 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-22 13:25 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-22 13:25 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-22 13:25 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2012-03-22 13:25 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-03-22 13:25 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-22 13:25 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-22 13:25 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-03-22 13:25 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-03-22 13:25 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-03-22 13:24 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-22 13:24 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-22 13:24 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-22 13:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-22 13:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-22 13:22 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-22 13:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 12:29 . 2012-03-13 12:29 -------- d-----w- c:\windows\Sun
    2012-03-11 15:36 . 2012-03-11 15:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-03-11 15:33 . 2012-03-11 15:33 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\5960.tmp
    2012-03-11 15:33 . 2012-03-11 15:33 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\595F.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-23 19:13 . 2009-12-25 05:15 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-01-04 09:58 . 2012-02-15 17:13 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 09:03 . 2012-02-15 17:13 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-01-03 06:24 . 2012-02-15 17:13 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-01-03 05:44 . 2012-02-15 17:13 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
    2011-12-28 03:59 . 2012-02-15 17:13 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
    "InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
    .
    c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
    WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
    R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-15 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
    S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]
    S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
    S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-16 138360]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-25 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-21 19:24]
    .
    2012-03-11 c:\windows\Tasks\HPCeeScheduleForPete.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-11 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-11 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-11 365592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b7d2pwi9.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-Itibiti.exe - c:\program files (x86)\Itibiti Soft Phone\Itibiti.exe
    Notify-WgaLogon - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-24 22:32:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-25 02:32
    .
    Pre-Run: 107,554,312,192 bytes free
    Post-Run: 111,143,747,584 bytes free
    .
    - - End Of File - - 25E55025CE2E09B9B602FE8E2CA856AB
  15. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\programdata\Microsoft\Windows\DRM\595F.tmp
    c:\programdata\Microsoft\Windows\DRM\5960.tmp
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  16. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    ComboFix Problem

    I disabled both the Norton Smart Firewall and Anti-virus Auto Protect and when I try to run ComboFix a screen pops up saying that Norton Internet Security is still active. Should I still run ComboFix? Thanks.
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    If it let you, yes.
  18. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    ComboFix Text

    ComboFix 12-03-22.01 - Pete 03/25/2012 14:05:09.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2459 [GMT -4:00]
    Running from: c:\users\Pete\Downloads\ComboFix.exe
    Command switches used :: c:\users\Pete\Desktop\CFScript.txt
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\programdata\Microsoft\Windows\DRM\595F.tmp"
    "c:\programdata\Microsoft\Windows\DRM\5960.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\DRM\595F.tmp
    c:\programdata\Microsoft\Windows\DRM\5960.tmp
    c:\users\Pete\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-25 18:16 . 2012-03-25 18:16 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-03-25 18:16 . 2012-03-25 18:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-23 19:12 . 2012-03-24 14:26 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
    2012-03-23 18:49 . 2012-03-23 18:49 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\users\Pete\AppData\Roaming\Malwarebytes
    2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-22 17:14 . 2012-03-22 17:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-22 17:14 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-22 13:25 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-22 13:25 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-03-22 13:25 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-03-22 13:25 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-03-22 13:25 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2012-03-22 13:25 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-03-22 13:25 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-03-22 13:25 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-03-22 13:25 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-03-22 13:25 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-03-22 13:25 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-03-22 13:24 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-22 13:24 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-22 13:24 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-22 13:22 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-22 13:22 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-03-22 13:22 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-22 13:22 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-13 12:29 . 2012-03-13 12:29 -------- d-----w- c:\windows\Sun
    2012-03-11 15:36 . 2012-03-11 15:36 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-23 19:13 . 2009-12-25 05:15 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-01-04 09:58 . 2012-02-15 17:13 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-01-04 09:03 . 2012-02-15 17:13 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-01-03 06:24 . 2012-02-15 17:13 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-01-03 05:44 . 2012-02-15 17:13 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
    2011-12-28 03:59 . 2012-02-15 17:13 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-03-25_02.24.38 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 05:10 . 2012-03-25 18:20 64284 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-12-26 04:03 . 2012-03-25 18:20 18006 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1916331481-360642775-170214888-1000_UserData.bin
    + 2012-03-25 18:18 . 2012-03-25 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-03-25 02:22 . 2012-03-25 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-03-25 18:18 . 2012-03-25 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-03-25 02:22 . 2012-03-25 02:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-12-27 23:40 . 2012-03-25 16:39 279722 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2009-07-14 05:01 . 2012-03-25 02:21 301888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2012-03-25 18:17 301888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-03-18 14:00 . 2012-03-25 18:17 302656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1916331481-360642775-170214888-1000-8192.dat
    - 2012-03-18 14:00 . 2012-03-25 02:21 302656 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1916331481-360642775-170214888-1000-8192.dat
    + 2012-03-18 14:00 . 2012-03-25 18:17 7586404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1916331481-360642775-170214888-1000-4096.dat
    - 2009-07-14 02:34 . 2012-03-25 01:59 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-03-25 13:10 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
    2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
    "InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-08-09 1176064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
    "UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
    "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-04-07 467240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
    .
    c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-10-14 2111296]
    WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-10-14 9085760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [BU]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]
    R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008030.006\SYMNDISV.SYS [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-15 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
    S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]
    S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
    S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-16 138360]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-25 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-08-21 19:24]
    .
    2012-03-11 c:\windows\Tasks\HPCeeScheduleForPete.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Pete\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-11 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-11 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-11 365592]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b7d2pwi9.default\
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    c:\program files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-25 14:40:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-25 18:40
    ComboFix2.txt 2012-03-25 02:33
    .
    Pre-Run: 111,411,621,888 bytes free
    Post-Run: 111,047,184,384 bytes free
    .
    - - End Of File - - 1249891514A0B92945D35B81D3B481A3
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  20. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    OTL Scan Pt. 1

    I am now able to use google without being redirect to another site. When I completed the OTL scan, I did not get an Extras text. Thank you for the help!

    OTL logfile created on: 3/25/2012 4:29:26 PM - Run 2
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Pete\Downloads
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.91 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 55.92% Memory free
    7.81 Gb Paging File | 6.12 Gb Available in Paging File | 78.40% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 285.77 Gb Total Space | 104.64 Gb Free Space | 36.62% Space Free | Partition Type: NTFS
    Drive D: | 12.12 Gb Total Space | 2.04 Gb Free Space | 16.80% Space Free | Partition Type: NTFS

    Computer Name: PETE-PC | User Name: Pete | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/25 15:28:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Pete\Downloads\OTL.exe
    PRC - [2012/02/14 19:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe
    PRC - [2011/08/09 17:02:04 | 001,176,064 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
    PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
    PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    PRC - [2011/02/11 18:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
    PRC - [2010/06/17 19:59:39 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
    PRC - [2009/04/07 17:37:30 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/04/07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/04/07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
    MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
    MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
    MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
    MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
    MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
    MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
    MOD - [2010/02/22 11:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2010/02/22 11:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2010/02/22 11:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2009/11/03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/04/07 16:39:32 | 000,394,752 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009/04/07 16:39:32 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/02/17 18:25:42 | 000,181,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
    SRV:64bit: - [2010/02/09 15:55:52 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
    SRV:64bit: - [2009/10/14 15:31:44 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV:64bit: - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/01/17 01:18:36 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe -- (NIS)
    SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/07/21 21:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
    SRV - [2009/06/16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/04/07 16:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/23 15:13:18 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/01/17 18:46:01 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/01/17 18:45:57 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/01/17 18:35:24 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/01/17 18:33:51 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/01/17 18:33:51 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/11/29 18:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccsetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2011/07/25 22:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/03/04 19:55:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2010/02/11 14:56:09 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV:64bit: - [2010/02/11 14:56:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009/07/21 21:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/07/20 19:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
    DRV:64bit: - [2009/07/14 19:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/06/22 16:50:00 | 000,291,352 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sxuptp.sys -- (sxuptp)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/04/07 16:33:08 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
    DRV:64bit: - [2009/04/07 16:33:06 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
    DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/02/13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2012/03/25 08:59:55 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120324.019\ex64.sys -- (NAVEX15)
    DRV - [2012/03/25 08:59:55 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120324.019\eng64.sys -- (NAVENG)
    DRV - [2012/03/15 03:28:52 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120323.002\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/03/02 14:58:01 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120317.002\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/02/16 14:25:14 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/02/04 23:37:14 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
    IE:64bit: - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
    IE - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


    IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
    IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/15 03:00:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/03/22 12:55:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/03/25 14:21:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/17 08:46:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/25 09:01:00 | 000,000,000 | ---D | M]

    [2010/06/17 19:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Extensions
    [2012/03/21 12:10:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b7d2pwi9.default\extensions
    [2011/10/24 22:36:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2009/08/15 03:00:31 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
    File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\COFFPLGN
    File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NORTON\IPSFFPLGN

    O1 HOSTS File: ([2012/03/25 14:18:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
    O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKU\S-1-5-21-1916331481-360642775-170214888-1000..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
    O4 - Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pete\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1916331481-360642775-170214888-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1916331481-360642775-170214888-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F30949D-7B7E-4B13-8488-884705F3B527}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/25 14:40:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/03/25 14:18:53 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/03/24 21:59:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/24 21:59:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/24 21:59:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/24 21:59:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/03/24 21:54:06 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/23 14:49:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/03/22 13:14:11 | 000,000,000 | ---D | C] -- C:\Users\Pete\AppData\Roaming\Malwarebytes
    [2012/03/22 13:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/22 13:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/22 13:14:00 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/03/22 13:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/03/13 08:29:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/03/11 11:36:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

    ========== Files - Modified Within 30 Days ==========

    [2012/03/25 15:29:08 | 000,013,193 | ---- | M] () -- C:\Users\Pete\Desktop\OTL - Shortcut.lnk
    [2012/03/25 14:27:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/25 14:27:25 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/25 14:19:13 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2012/03/25 14:18:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/03/25 14:18:35 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
    [2012/03/25 14:18:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/25 14:18:07 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/25 13:54:33 | 000,013,328 | ---- | M] () -- C:\Users\Pete\Desktop\ComboFix - Shortcut.lnk
    [2012/03/24 10:28:01 | 000,002,420 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2012/03/24 10:27:22 | 002,073,028 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB
    [2012/03/24 10:27:00 | 852,618,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/03/24 00:28:40 | 000,000,512 | ---- | M] () -- C:\Users\Pete\Desktop\MBR.dat
    [2012/03/23 15:13:18 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/03/23 15:13:18 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/03/23 15:13:18 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/03/23 14:54:52 | 000,340,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/03/23 14:48:09 | 002,047,211 | ---- | M] () -- C:\Users\Pete\Desktop\tdsskiller.zip
    [2012/03/23 09:19:58 | 000,044,607 | ---- | M] () -- C:\Users\Pete\Desktop\bootkit_remover.zip
    [2012/03/22 14:13:30 | 000,302,592 | ---- | M] () -- C:\Users\Pete\Desktop\Gamer.exe
    [2012/03/22 14:06:26 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/03/22 14:06:26 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/03/22 14:06:26 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/03/22 13:14:01 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/21 17:51:03 | 000,013,132 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\wklnhst.dat
    [2012/03/20 00:26:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\isolate.ini
    [2012/03/16 15:09:03 | 000,000,993 | ---- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/03/16 15:09:02 | 000,001,013 | ---- | M] () -- C:\Users\Pete\Desktop\Dropbox.lnk
    [2012/03/16 15:06:23 | 000,001,437 | ---- | M] () -- C:\Users\Pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/03/16 10:29:26 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/03/16 10:26:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/03/16 10:26:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/03/13 09:58:04 | 000,111,616 | ---- | M] () -- C:\Users\Pete\Documents\HalloweenTrivia.wps
    [2012/03/11 11:35:37 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
    [2012/02/27 15:28:33 | 000,047,601 | ---- | M] () -- C:\Users\Pete\Documents\resume12.rtf

    ========== Files Created - No Company Name ==========

    [2012/03/25 15:29:07 | 000,013,193 | ---- | C] () -- C:\Users\Pete\Desktop\OTL - Shortcut.lnk
    [2012/03/25 13:54:32 | 000,013,328 | ---- | C] () -- C:\Users\Pete\Desktop\ComboFix - Shortcut.lnk
    [2012/03/24 21:59:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/24 21:59:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/24 21:59:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/24 21:59:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/24 21:59:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/23 14:46:38 | 002,047,211 | ---- | C] () -- C:\Users\Pete\Desktop\tdsskiller.zip
    [2012/03/23 09:19:58 | 000,044,607 | ---- | C] () -- C:\Users\Pete\Desktop\bootkit_remover.zip
    [2012/03/23 09:13:38 | 000,000,512 | ---- | C] () -- C:\Users\Pete\Desktop\MBR.dat
    [2012/03/22 14:13:30 | 000,302,592 | ---- | C] () -- C:\Users\Pete\Desktop\Gamer.exe
    [2012/03/22 13:14:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/03/16 10:29:26 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/03/16 10:26:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2012/03/16 10:26:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2012/02/27 15:28:33 | 000,047,601 | ---- | C] () -- C:\Users\Pete\Documents\resume12.rtf
    [2011/03/18 22:35:31 | 000,001,854 | ---- | C] () -- C:\Users\Pete\AppData\Roaming\GhostObjGAFix.xml
    [2010/08/25 12:31:29 | 000,007,680 | ---- | C] () -- C:\Users\Pete\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/03 08:41:16 | 000,667,136 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
    [2010/08/03 08:41:15 | 000,414,208 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe
    [2010/08/03 08:41:15 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll

    ========== LOP Check ==========

    [2011/08/03 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Barnes & Noble
    [2011/11/07 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/03/25 14:19:37 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Dropbox
    [2012/03/22 12:55:13 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\FreeFileViewer
    [2010/01/04 13:18:22 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Template
    [2012/03/16 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\uTorrent
    [2010/03/11 01:32:33 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Vso
    [2009/12/30 00:01:29 | 000,000,000 | ---D | M] -- C:\Users\Pete\AppData\Roaming\Western Digital
    [2012/03/25 14:18:35 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    [2011/08/11 10:52:28 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2012/03/25 14:40:28 | 000,023,450 | ---- | M] () -- C:\ComboFix.txt
    [2011/06/17 23:16:19 | 000,001,854 | ---- | M] () -- C:\GhostObjGAFix.xml
    [2012/03/25 14:18:07 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
    [2010/02/11 15:13:01 | 000,000,087 | ---- | M] () -- C:\hpqlb.log
    [2012/03/25 14:18:16 | 4193,177,600 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/23 14:50:11 | 000,133,010 | ---- | M] () -- C:\TDSSKiller.2.7.22.0_23.03.2012_14.48.32_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/02/06 22:03:18 | 000,307,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2011/09/04 13:33:43 | 000,001,718 | -HS- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/16 15:06:23 | 000,000,221 | -HS- | M] () -- C:\Users\Pete\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/22 14:13:30 | 000,302,592 | ---- | M] () -- C:\Users\Pete\Desktop\Gamer.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/25 14:18:35 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
    [2012/03/11 11:35:37 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPete.job
    [2012/03/25 14:18:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2011/08/11 10:52:28 | 000,032,610 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/19 15:05:35 | 000,000,402 | -HS- | M] () -- C:\Users\Pete\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/03/25 14:19:13 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2012/03/24 14:26:44 | 000,000,188 | ---- | M] () -- C:\ProgramData\HPWALog.txt
    [2009/09/25 04:47:48 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2009/08/15 02:50:03 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2009/09/25 04:47:11 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2009/08/15 02:45:25 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2009/09/25 04:46:31 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2009/09/25 04:47:33 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2009/08/15 02:43:54 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2009/08/15 02:49:34 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2009/09/25 04:47:57 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
  21. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    OTL Scan Pt. 2

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < >

    < End of report >
  22. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKU\S-1-5-21-1916331481-360642775-170214888-1000\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  23. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    OTL Scan

    Continue with the remaining scans?

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1916331481-360642775-170214888-1000\Software\Microsoft\Internet Explorer\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69B38643-8C04-4B58-A328-1E9A27FDA35E}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Pete
    ->Temp folder emptied: 361635 bytes
    ->Temporary Internet Files folder emptied: 196937239 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 82768052 bytes
    ->Flash cache emptied: 309306 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78352 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 267.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Pete
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Pete
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.39.2 log created on 03252012_172334

    Files\Folders moved on Reboot...
    C:\Users\Pete\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOKZJEX4\dpsync[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOKZJEX4\dpsync[2].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOKZJEX4\dpsync[3].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YOKZJEX4\xd_proxy[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6RINIGX\comments[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6RINIGX\EditMessageLight[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6RINIGX\getAds[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W6RINIGX\RteFrame_16.2.4514.0219[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VQTQ05R3\AjaxHistoryFrame[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VQTQ05R3\InboxLight[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VQTQ05R3\Messenger[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V8R9IREA\xmlProxy[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\01[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\1332710324[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\index[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\PugTracker[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QRJYOADH\tweet_button.1332442903[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MEFT9QD1\acb[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F7J0OGSR\LocalStorage[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJNZ9MX7\resourcespreload[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJNZ9MX7\topic179047-2[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B0CJA223\adloader[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7EN10A6U\resourcespreload[2].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7EN10A6U\tim-tebow-jets-mark-sanchez-press-conference[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7EN10A6U\tt[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4Z1KKNLW\fastbutton[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4Z1KKNLW\like[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3ZL8HFUN\WebIMPop[1].htm moved successfully.
    C:\Users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...
  24. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Yes, by all means.
  25. pmaffe03

    pmaffe03 Newcomer, in training Topic Starter Posts: 17

    Remaining Scans

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Flash Player ( 10.1.53.64) Flash Player Out of Date!
    Mozilla Firefox (3.6.3) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ``````````End of Log````````````


    Farbar Service Scanner Version: 01-03-2012
    Ran by Pete (administrator) on 25-03-2012 at 20:09:05
    Running from "C:\Users\Pete\Downloads"
    Microsoft Windows 7 Home Premium (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-15 13:13] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll
    [2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\595F.tmp.vir Win64/Olmarik.AD trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\5960.tmp.vir Win64/Olmarik.AD trojan cleaned by deleting - quarantined


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.