TechSpot

Malware removal issue following instructions unable to download DDS

By kathywms
Feb 12, 2012
  1. I am infected with a Malware program that has affected my svshosts file. I am following instructions from here

    I have successfully completed all the steps through gmer (step 3)
    I click on DDS by sUBS and get a blank tab

    Malwarebytes Anti-Malware is actively blocking access to 206.161.121..2; 206.161.121.3; 206.161.121.4; 206.161.121.5. type: outgoing ##### port (always 5 digits) svchosts.exe.

    Should I paste in the two logs that I have or is there another way to obtain the step 4 program to run?

    Thank you in advance for your assistance.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    You can't download or run DDS?
     
  3. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/30/2011 8:39:55 PM
    System Uptime: 2/12/2012 5:38:45 PM (2 hours ago)
    .
    Motherboard: Gateway | | SJV50_HR
    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 328.48 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP18: 1/21/2012 3:00:12 AM - Windows Update
    RP19: 1/29/2012 4:23:42 AM - Scheduled Checkpoint
    RP20: 2/6/2012 2:32:04 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Reader 9.2 MUI
    Agatha Christie - 4:50 from Paddington
    Amazon MP3 Downloader 1.0.15
    Amazon MP3 Uploader
    Apple Application Support
    Apple Software Update
    Backup Manager V3
    Bejeweled 2 Deluxe
    Bing Bar
    Build-a-lot 2
    Chuzzle Deluxe
    CyberLink MediaEspresso
    CyberLink PowerDVD 10
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    DVDFab 8.1.5.8 (18/01/2012) Qt
    eBay Worldwide
    FATE - The Traitor Soul
    Final Drive: Nitro
    Galerie de photos Windows Live
    Gateway Games
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Social Networks
    Gateway Updater
    Google Chrome
    HomeMedia
    Identity Card
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) Wireless Display
    Java Auto Updater
    Java(TM) 6 Update 22
    Jewel Quest Heritage
    Junk Mail filter update
    Launch Manager
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Security Scan Plus
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 10.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars: PAC-MAN
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero Multimedia Suite 10 Essentials
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    NOOK for PC
    Norton Internet Security
    Norton Online Backup
    OpenOffice.org 3.3
    Penguins!
    Plants vs. Zombies - Game of the Year
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.5
    Times Reader
    Torchlight
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update Installer for WildTangent Games App
    Video Web Camera
    Virtual Villagers 4 - The Tree of Life
    Welcome Center
    WildTangent Games App (Gateway Games)
    WinDjView 1.0.3
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/12/2012 5:15:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Nakido service.
    .
    ==== End Of File ===========================
     
  4. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
    Run by Kathy Williams at 19:20:02 on 2012-02-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5996.3164 [GMT -6:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchIndexer.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Kathy Williams\AppData\Local\Temp\RarSFX0\Dictionary.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kathy Williams\Downloads\ihg8x558.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
    mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\Kathy Williams\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [Dictionary .NET] "C:\Users\KATHYW~1\AppData\Local\Temp\RarSFX0\Dictionary.exe" -c
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\KATHYW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{063522AA-F17C-413D-9759-2BA885638C21} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{063522AA-F17C-413D-9759-2BA885638C21}\2375942554038383 : DhcpNameServer = 192.168.1.254
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
    BHO-X64: Norton Identity Protection - No File
    BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
    BHO-X64: Norton Vulnerability Protection - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
    mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kathy Williams\AppData\Roaming\Mozilla\Firefox\Profiles\pt6s29a2.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-10 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-15 352336]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-12-30 873064]
    R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-15 13336]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-4-15 244624]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-12 652360]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-2-2 138248]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-2-15 257344]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-30 2656280]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys --> C:\Windows\system32\DRIVERS\b57xdbd.sys [?]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys --> C:\Windows\system32\DRIVERS\b57xdmp.sys [?]
    R3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys --> C:\Windows\system32\DRIVERS\bScsiMSa.sys [?]
    R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-10 138360]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-02-12 23:40:16 20480 ------w- C:\Windows\svchost.exe
    2012-02-12 22:48:28 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\Malwarebytes
    2012-02-12 22:48:05 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-12 22:48:05 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-02-12 22:48:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-11 20:34:55 -------- d-----w- C:\Users\Kathy Williams\books
    2012-02-11 05:01:30 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7DD9.tmp
    2012-02-11 05:01:30 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7DD8.tmp
    2012-02-02 19:56:48 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys
    2012-02-02 19:56:48 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys
    2012-02-02 19:56:48 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys
    2012-02-02 19:56:48 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys
    2012-02-02 19:56:48 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys
    2012-02-02 19:56:48 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys
    2012-02-02 19:56:48 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys
    2012-02-02 19:56:40 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.091
    2012-01-28 03:22:07 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\Windows Live Writer
    2012-01-28 03:22:07 -------- d-----w- C:\Users\Kathy Williams\AppData\Local\Windows Live Writer
    2012-01-26 15:47:27 -------- d-----w- C:\Users\Kathy Williams\AppData\Local\CrashDumps
    2012-01-24 01:40:16 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\MoveFab
    2012-01-20 02:23:31 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\DVDFab
    2012-01-20 02:17:15 -------- d-----w- C:\ProgramData\dvdfab
    2012-01-20 02:17:01 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt
    2012-01-20 01:43:51 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\com.amazon.music.uploader
    .
    ==================== Find3M ====================
    .
    2012-02-12 21:39:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-02 19:56:54 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2012-01-01 00:06:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-12-31 04:06:05 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-12-31 04:06:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-12-31 04:06:05 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
    2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
    2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
    2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
    2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
    2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
    2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 19:20:38.15 ===============
     
  5. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    gmer

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-12 18:22:16
    Windows 6.1.7601 Service Pack 1
    Running: ihg8x558.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\play-trans[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\player[1].png 185579 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\PortalServe[2].htm 19710 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\FranklinGothicBook[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ftrtwitter-off[1].jpg 4278 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\surly[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\surly[2].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\swfobject[1].js 6722 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\bottom_strip[1].gif 101 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\box-shadows[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\bt-go[1].gif 1547 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\b[3].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\logCA974D1Z.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\logCAA7UY4G.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ChannelArtTileSmall_140x79[1].jpg 8764 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ChannelArtTileSmall_140x79[2].jpg 4192 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\crossdomain[3].xml 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\hair[1].jpg 2227 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\IE3[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ie7[1].css 71 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\FDAF_2012_TruckMonthTexas_Dock_728x90[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\FDAF_SharedAsset_Button_UIArrow[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\banners[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\10mwb_tnl[1].jpg 3449 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\1[1].gif 1950 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\y0mwb_tnl[1].jpg 2948 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\youtube[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\mevio-m-neverback-24x24[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\right[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\l[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\master[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\facebook[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\serviceareas2[1].jpg 27964 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\Shell_300x250[2].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\showicons[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\AdControl[1] 568 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\Default[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\Antenna-Regular[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\aol728x90-1[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ads[3].js 10467 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\en_US[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\logCA366ZEJ.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\AdotubeLinear[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\pixel[3].gif 43 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\pixel[4].gif 43 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\specialoffers1[1].jpg 27182 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\style[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\style[1].xml 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\2e1122680cab75e08f267586b8e0ef6c[1].jpg 26605 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\2[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\VehicleDock[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\tilebackground[1].jpg 2011 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\Track[4].txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\dot[5].gif 43 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\logCASZ5Q8X.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\login_status[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\results[1].htm 4174 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\3d988d5c264f8ef0e6e7006e6d36de40[1].png 8707 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\fdaf_SharedAsset_DockImage_2012F-150_transparent_DockImage_2012TruckMonth_MLPOL_728x90[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\fdaf_SharedAsset_DockImage_2012F-250_transparent_DockImage_2012TruckMonth_MLPOL_300x250[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\e1mwb_tnl[1].jpg 3703 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\fp[1].js 22214 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\Homepage;dcopt=ist;tile=1;sz=728x90;ord=7301617365[1].js 206 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCAY1XUQ3.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\scripts[1].js 2813 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\Solitaire_GamesBanners_728x90[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\PortalServe[4] 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\6[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\98_config[1].xml 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\=1;sz=728x90;title=thejackiechanadventuresfullepisodes;tag%3dacracklechristmas%3btag%3dfistsoffury%3btag%3dkraftlong%3bord=4728710437[1].js 206 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\Track[3].txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\alerts[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\JustWords_GamesBanners_728x90[1].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\kt9wb_360p[1].mp4 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\2012_TruckMonthTexas_ML_POL[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\cf9c4963ed6f891133cb8046a053c00c[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\ChannelArtTileSmall_140x79[1].jpg 6800 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\ChannelArtTileSmall_140x79[2].jpg 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\checkBrowser[1].htm 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\world.ie7.http.s.meebocdn.net[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\pixel[4].gif 43 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\B6141673;sz=300x250;pc=DFP250970997;click=;ord=8191624[1].htm 1013 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\crossdomain[1].xml 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\AOL_Banners-728x90[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\assets_300x250[1].xml 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\liverail_preroll[1].swf 2333 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\loc_results[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCA509C4B.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCAD1Q86O.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\submitbutton[1].jpg 1807 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\surly[1].js 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\dot[5].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\download[1].css 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\NOP[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\IE1[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\IE2[1].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\IE2[2].gif 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\ads[5].js 10519 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\ads[6].js 10519 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\header[1].swf 184590 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\box_right[1].png 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\jquery[1].js 91572 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\Vast[1].swf 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\secret[1].jpg 2070 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCAG3VNWQ.txt 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCAKE07RG.txt 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    What about MBAM log?
     
  7. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    Sorry... Here it is.


    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.12.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kathy Williams :: KATHYWILLIAMS [administrator]

    Protection: Enabled

    2/12/2012 4:49:16 PM
    mbam-log-2012-02-12 (16-49-16).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 352706
    Time elapsed: 47 minute(s), 9 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 7876 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Kathy Williams\AppData\Local\Temp\7E67.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  9. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    bootcleaner and aswMBR logs

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c6500000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...


    and...........
    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-13 20:16:32
    -----------------------------
    20:16:32.140 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:16:32.140 Number of processors: 4 586 0x2A07
    20:16:32.141 ComputerName: KATHYWILLIAMS UserName:
    20:16:34.106 Initialize success
    20:18:21.114 AVAST engine defs: 12021302
    20:22:34.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    20:22:34.642 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    20:22:34.644 Device \Driver\iaStor -> MajorFunction fffffa8008cff5c4
    20:22:34.647 Disk 0 MBR read successfully
    20:22:34.650 Disk 0 MBR scan
    20:22:34.655 Disk 0 Windows 7 default MBR code
    20:22:34.658 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
    20:22:34.673 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
    20:22:34.689 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461478 MB offset 31664128
    20:22:34.695 Service scanning
    20:22:36.074 Modules scanning
    20:22:36.078 Disk 0 trace - called modules:
    20:22:36.083 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8008cff5c4]<<
    20:22:36.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008122060]
    20:22:36.416 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062b8050]
    20:22:36.421 \Driver\iaStor[0xfffffa80086a1430] -> IRP_MJ_CREATE -> 0xfffffa8008cff5c4
    20:22:37.600 AVAST engine scan C:\Windows
    20:22:40.078 AVAST engine scan C:\Windows\system32
    20:24:59.020 AVAST engine scan C:\Windows\system32\drivers
    20:25:10.442 AVAST engine scan C:\Users\Kathy Williams
    20:28:23.722 Disk 0 MBR has been saved successfully to "C:\Users\Kathy Williams\Desktop\MBR.dat"
    20:28:23.729 The log file has been saved successfully to "C:\Users\Kathy Williams\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
     
  11. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    done...

    Farbar Service Scanner Version: 13-02-2012
    Ran by Kathy Williams (administrator) on 13-02-2012 at 20:56:02
    Running from "C:\Users\Kathy Williams\Downloads"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  13. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    Listparts

    ListParts by Farbar
    Ran by Kathy Williams on 13-02-2012 at 21:23:39
    Windows 7 (X64)
    Running From: C:\Users\Kathy Williams\Downloads
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 62%
    Total physical RAM: 5995.86 MB
    Available physical RAM: 2262.81 MB
    Total Pagefile: 11989.91 MB
    Available Pagefile: 7645.61 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Gateway) (Fixed) (Total:450.66 GB) (Free:330.01 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 15 GB 1024 KB
    Partition 2 Primary 100 MB 15 GB
    Partition 3 Primary 450 GB 15 GB

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 PQSERVICE NTFS Partition 15 GB Healthy Hidden

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C Gateway NTFS Partition 450 GB Healthy Boot



    ****** End Of Log ******
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  15. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    TDSSKiller

    21:39:30.0185 6572 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
    21:39:31.0656 6572 ============================================================
    21:39:31.0656 6572 Current date / time: 2012/02/13 21:39:31.0656
    21:39:31.0656 6572 SystemInfo:
    21:39:31.0656 6572
    21:39:31.0656 6572 OS Version: 6.1.7601 ServicePack: 1.0
    21:39:31.0656 6572 Product type: Workstation
    21:39:31.0656 6572 ComputerName: KATHYWILLIAMS
    21:39:31.0656 6572 UserName: Kathy Williams
    21:39:31.0656 6572 Windows directory: C:\Windows
    21:39:31.0656 6572 System windows directory: C:\Windows
    21:39:31.0656 6572 Running under WOW64
    21:39:31.0656 6572 Processor architecture: Intel x64
    21:39:31.0656 6572 Number of processors: 4
    21:39:31.0656 6572 Page size: 0x1000
    21:39:31.0656 6572 Boot type: Normal boot
    21:39:31.0656 6572 ============================================================
    21:39:32.0340 6572 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:39:32.0405 6572 \Device\Harddisk0\DR0:
    21:39:32.0419 6572 MBR used
    21:39:32.0419 6572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
    21:39:32.0419 6572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
    21:39:32.0484 6572 Initialize success
    21:39:32.0484 6572 ============================================================
    21:39:49.0036 4116 ============================================================
    21:39:49.0036 4116 Scan started
    21:39:49.0036 4116 Mode: Manual;
    21:39:49.0036 4116 ============================================================
    21:39:49.0698 4116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    21:39:49.0728 4116 1394ohci - ok
    21:39:49.0822 4116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    21:39:49.0826 4116 ACPI - ok
    21:39:50.0014 4116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    21:39:50.0016 4116 AcpiPmi - ok
    21:39:50.0060 4116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    21:39:50.0088 4116 adp94xx - ok
    21:39:50.0198 4116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    21:39:50.0203 4116 adpahci - ok
    21:39:50.0247 4116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    21:39:50.0250 4116 adpu320 - ok
    21:39:50.0367 4116 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    21:39:50.0393 4116 AFD - ok
    21:39:50.0491 4116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    21:39:50.0511 4116 agp440 - ok
    21:39:50.0624 4116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    21:39:50.0626 4116 aliide - ok
    21:39:50.0725 4116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    21:39:50.0726 4116 amdide - ok
    21:39:50.0815 4116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    21:39:50.0817 4116 AmdK8 - ok
    21:39:50.0916 4116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    21:39:50.0918 4116 AmdPPM - ok
    21:39:51.0033 4116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    21:39:51.0055 4116 amdsata - ok
    21:39:51.0100 4116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    21:39:51.0103 4116 amdsbs - ok
    21:39:51.0197 4116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    21:39:51.0199 4116 amdxata - ok
    21:39:51.0302 4116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    21:39:51.0304 4116 AppID - ok
    21:39:51.0437 4116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    21:39:51.0454 4116 arc - ok
    21:39:51.0551 4116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    21:39:51.0553 4116 arcsas - ok
    21:39:51.0695 4116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:39:51.0696 4116 AsyncMac - ok
    21:39:51.0832 4116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    21:39:51.0833 4116 atapi - ok
    21:39:51.0997 4116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    21:39:52.0023 4116 b06bdrv - ok
    21:39:52.0165 4116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:39:52.0169 4116 b57nd60a - ok
    21:39:52.0293 4116 b57xdbd (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\DRIVERS\b57xdbd.sys
    21:39:52.0311 4116 b57xdbd - ok
    21:39:52.0439 4116 b57xdmp (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\DRIVERS\b57xdmp.sys
    21:39:52.0440 4116 b57xdmp - ok
    21:39:52.0578 4116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    21:39:52.0579 4116 Beep - ok
    21:39:52.0783 4116 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
    21:39:52.0834 4116 BHDrvx64 - ok
    21:39:52.0956 4116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    21:39:52.0977 4116 blbdrive - ok
    21:39:53.0035 4116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    21:39:53.0056 4116 bowser - ok
    21:39:53.0140 4116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    21:39:53.0141 4116 BrFiltLo - ok
    21:39:53.0151 4116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    21:39:53.0152 4116 BrFiltUp - ok
    21:39:53.0197 4116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    21:39:53.0201 4116 Brserid - ok
    21:39:53.0227 4116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:39:53.0229 4116 BrSerWdm - ok
    21:39:53.0292 4116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:39:53.0294 4116 BrUsbMdm - ok
    21:39:53.0335 4116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:39:53.0336 4116 BrUsbSer - ok
    21:39:53.0789 4116 bScsiMSa (520408cfdb56de8cdb44b2f11b9c5b5c) C:\Windows\system32\DRIVERS\bScsiMSa.sys
    21:39:53.0791 4116 bScsiMSa - ok
    21:39:53.0937 4116 bScsiSDa (9f880f03f4a72215c8b77fd51322c297) C:\Windows\system32\DRIVERS\bScsiSDa.sys
    21:39:53.0939 4116 bScsiSDa - ok
    21:39:53.0985 4116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    21:39:53.0987 4116 BTHMODEM - ok
    21:39:54.0161 4116 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
    21:39:54.0177 4116 ccSet_NIS - ok
    21:39:54.0265 4116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    21:39:54.0268 4116 cdfs - ok
    21:39:54.0380 4116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    21:39:54.0383 4116 cdrom - ok
    21:39:54.0488 4116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    21:39:54.0490 4116 circlass - ok
    21:39:54.0563 4116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    21:39:54.0568 4116 CLFS - ok
    21:39:54.0692 4116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    21:39:54.0709 4116 CmBatt - ok
    21:39:54.0790 4116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    21:39:54.0792 4116 cmdide - ok
    21:39:54.0939 4116 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    21:39:54.0961 4116 CNG - ok
    21:39:55.0146 4116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    21:39:55.0147 4116 Compbatt - ok
    21:39:55.0269 4116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    21:39:55.0271 4116 CompositeBus - ok
    21:39:55.0402 4116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    21:39:55.0403 4116 crcdisk - ok
    21:39:55.0565 4116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    21:39:55.0567 4116 DfsC - ok
    21:39:55.0668 4116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    21:39:55.0689 4116 discache - ok
    21:39:55.0807 4116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    21:39:55.0809 4116 Disk - ok
    21:39:55.0935 4116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    21:39:55.0936 4116 drmkaud - ok
    21:39:56.0058 4116 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    21:39:56.0106 4116 DXGKrnl - ok
    21:39:56.0264 4116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    21:39:56.0332 4116 ebdrv - ok
    21:39:56.0467 4116 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    21:39:56.0473 4116 eeCtrl - ok
    21:39:56.0661 4116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    21:39:56.0676 4116 elxstor - ok
    21:39:56.0758 4116 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    21:39:56.0780 4116 EraserUtilRebootDrv - ok
    21:39:56.0903 4116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    21:39:56.0905 4116 ErrDev - ok
    21:39:57.0004 4116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    21:39:57.0008 4116 exfat - ok
    21:39:57.0027 4116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    21:39:57.0031 4116 fastfat - ok
    21:39:57.0129 4116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    21:39:57.0132 4116 fdc - ok
    21:39:57.0319 4116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    21:39:57.0352 4116 FileInfo - ok
    21:39:57.0376 4116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    21:39:57.0378 4116 Filetrace - ok
    21:39:57.0396 4116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    21:39:57.0398 4116 flpydisk - ok
    21:39:57.0451 4116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    21:39:57.0455 4116 FltMgr - ok
    21:39:57.0538 4116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    21:39:57.0540 4116 FsDepends - ok
    21:39:57.0568 4116 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    21:39:57.0569 4116 Fs_Rec - ok
    21:39:57.0687 4116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    21:39:57.0690 4116 fvevol - ok
    21:39:57.0816 4116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    21:39:57.0818 4116 gagp30kx - ok
    21:39:58.0020 4116 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:39:58.0022 4116 GEARAspiWDM - ok
    21:39:58.0062 4116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    21:39:58.0076 4116 hcw85cir - ok
    21:39:58.0217 4116 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    21:39:58.0222 4116 HdAudAddService - ok
    21:39:58.0376 4116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    21:39:58.0379 4116 HDAudBus - ok
    21:39:58.0483 4116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    21:39:58.0485 4116 HidBatt - ok
    21:39:58.0619 4116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    21:39:58.0621 4116 HidBth - ok
    21:39:58.0733 4116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    21:39:58.0755 4116 HidIr - ok
    21:39:58.0893 4116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    21:39:58.0895 4116 HidUsb - ok
    21:39:59.0047 4116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    21:39:59.0049 4116 HpSAMD - ok
    21:39:59.0170 4116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    21:39:59.0179 4116 HTTP - ok
    21:39:59.0279 4116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    21:39:59.0280 4116 hwpolicy - ok
    21:39:59.0388 4116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    21:39:59.0390 4116 i8042prt - ok
    21:39:59.0502 4116 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
    21:39:59.0505 4116 iaStor - ok
    21:39:59.0660 4116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    21:39:59.0679 4116 iaStorV - ok
    21:39:59.0829 4116 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSvia64.sys
    21:39:59.0836 4116 IDSVia64 - ok
    21:40:00.0230 4116 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
    21:40:00.0459 4116 igfx - ok
    21:40:00.0569 4116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    21:40:00.0571 4116 iirsp - ok
    21:40:00.0799 4116 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
    21:40:00.0878 4116 IntcAzAudAddService - ok
    21:40:01.0062 4116 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    21:40:01.0097 4116 IntcDAud - ok
    21:40:01.0221 4116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    21:40:01.0243 4116 intelide - ok
    21:40:01.0347 4116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    21:40:01.0349 4116 intelppm - ok
    21:40:01.0459 4116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:40:01.0461 4116 IpFilterDriver - ok
    21:40:01.0560 4116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    21:40:01.0562 4116 IPMIDRV - ok
    21:40:01.0684 4116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    21:40:01.0686 4116 IPNAT - ok
    21:40:01.0813 4116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    21:40:01.0815 4116 IRENUM - ok
    21:40:01.0929 4116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    21:40:01.0931 4116 isapnp - ok
    21:40:02.0012 4116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    21:40:02.0030 4116 iScsiPrt - ok
    21:40:02.0275 4116 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
    21:40:02.0295 4116 k57nd60a - ok
    21:40:02.0437 4116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    21:40:02.0439 4116 kbdclass - ok
    21:40:02.0553 4116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    21:40:02.0570 4116 kbdhid - ok
    21:40:02.0692 4116 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    21:40:02.0720 4116 KSecDD - ok
    21:40:02.0838 4116 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    21:40:02.0859 4116 KSecPkg - ok
    21:40:02.0992 4116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    21:40:02.0994 4116 ksthunk - ok
    21:40:03.0152 4116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    21:40:03.0154 4116 lltdio - ok
    21:40:03.0277 4116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    21:40:03.0280 4116 LSI_FC - ok
    21:40:03.0370 4116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    21:40:03.0372 4116 LSI_SAS - ok
    21:40:03.0448 4116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    21:40:03.0450 4116 LSI_SAS2 - ok
    21:40:03.0597 4116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    21:40:03.0599 4116 LSI_SCSI - ok
    21:40:03.0741 4116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    21:40:03.0744 4116 luafv - ok
    21:40:03.0843 4116 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    21:40:03.0860 4116 MBAMProtector - ok
    21:40:04.0277 4116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    21:40:04.0279 4116 megasas - ok
    21:40:04.0639 4116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    21:40:04.0643 4116 MegaSR - ok
    21:40:04.0745 4116 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    21:40:04.0764 4116 MEIx64 - ok
    21:40:04.0868 4116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    21:40:04.0871 4116 Modem - ok
    21:40:04.0987 4116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    21:40:04.0988 4116 monitor - ok
    21:40:05.0100 4116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    21:40:05.0102 4116 mouclass - ok
    21:40:05.0217 4116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    21:40:05.0237 4116 mouhid - ok
    21:40:05.0346 4116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    21:40:05.0349 4116 mountmgr - ok
    21:40:05.0448 4116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    21:40:05.0451 4116 mpio - ok
    21:40:05.0549 4116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    21:40:05.0551 4116 mpsdrv - ok
    21:40:05.0648 4116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    21:40:05.0651 4116 MRxDAV - ok
    21:40:05.0755 4116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:40:05.0777 4116 mrxsmb - ok
    21:40:05.0916 4116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:40:05.0920 4116 mrxsmb10 - ok
    21:40:06.0019 4116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:40:06.0022 4116 mrxsmb20 - ok
    21:40:06.0124 4116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    21:40:06.0125 4116 msahci - ok
    21:40:06.0230 4116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    21:40:06.0233 4116 msdsm - ok
    21:40:06.0351 4116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    21:40:06.0352 4116 Msfs - ok
    21:40:06.0466 4116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    21:40:06.0467 4116 mshidkmdf - ok
    21:40:06.0562 4116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    21:40:06.0564 4116 msisadrv - ok
    21:40:06.0689 4116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    21:40:06.0690 4116 MSKSSRV - ok
    21:40:06.0801 4116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:40:06.0802 4116 MSPCLOCK - ok
    21:40:06.0911 4116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    21:40:06.0913 4116 MSPQM - ok
    21:40:07.0021 4116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    21:40:07.0026 4116 MsRPC - ok
    21:40:07.0137 4116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    21:40:07.0139 4116 mssmbios - ok
    21:40:07.0264 4116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    21:40:07.0286 4116 MSTEE - ok
    21:40:07.0386 4116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    21:40:07.0387 4116 MTConfig - ok
    21:40:07.0483 4116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    21:40:07.0485 4116 Mup - ok
    21:40:07.0620 4116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    21:40:07.0645 4116 NativeWifiP - ok
    21:40:07.0812 4116 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\ENG64.SYS
    21:40:07.0815 4116 NAVENG - ok
    21:40:07.0987 4116 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\EX64.SYS
    21:40:08.0033 4116 NAVEX15 - ok
    21:40:08.0669 4116 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    21:40:08.0682 4116 NDIS - ok
    21:40:09.0107 4116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    21:40:09.0109 4116 NdisCap - ok
    21:40:09.0189 4116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:40:09.0191 4116 NdisTapi - ok
    21:40:09.0296 4116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:40:09.0299 4116 Ndisuio - ok
    21:40:09.0326 4116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:40:09.0332 4116 NdisWan - ok
    21:40:09.0430 4116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    21:40:09.0432 4116 NDProxy - ok
    21:40:09.0525 4116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    21:40:09.0538 4116 NetBIOS - ok
    21:40:09.0715 4116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    21:40:09.0720 4116 NetBT - ok
    21:40:10.0011 4116 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
    21:40:10.0183 4116 NETwNs64 - ok
    21:40:10.0317 4116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    21:40:10.0319 4116 nfrd960 - ok
    21:40:10.0368 4116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    21:40:10.0371 4116 Npfs - ok
    21:40:10.0396 4116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    21:40:10.0397 4116 nsiproxy - ok
    21:40:10.0481 4116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    21:40:10.0546 4116 Ntfs - ok
    21:40:10.0662 4116 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
    21:40:10.0664 4116 NTIDrvr - ok
    21:40:10.0778 4116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    21:40:10.0779 4116 Null - ok
    21:40:10.0870 4116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    21:40:10.0893 4116 nvraid - ok
    21:40:11.0004 4116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    21:40:11.0019 4116 nvstor - ok
    21:40:11.0163 4116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    21:40:11.0165 4116 nv_agp - ok
    21:40:11.0264 4116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    21:40:11.0266 4116 ohci1394 - ok
    21:40:11.0307 4116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    21:40:11.0309 4116 Parport - ok
    21:40:11.0334 4116 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    21:40:11.0336 4116 partmgr - ok
    21:40:11.0361 4116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    21:40:11.0364 4116 pci - ok
    21:40:11.0392 4116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    21:40:11.0408 4116 pciide - ok
    21:40:11.0459 4116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    21:40:11.0463 4116 pcmcia - ok
    21:40:11.0495 4116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    21:40:11.0497 4116 pcw - ok
    21:40:11.0522 4116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    21:40:11.0530 4116 PEAUTH - ok
    21:40:11.0677 4116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    21:40:11.0691 4116 PptpMiniport - ok
    21:40:11.0783 4116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    21:40:11.0785 4116 Processor - ok
    21:40:11.0914 4116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    21:40:11.0917 4116 Psched - ok
    21:40:12.0014 4116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    21:40:12.0046 4116 ql2300 - ok
    21:40:12.0075 4116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    21:40:12.0077 4116 ql40xx - ok
    21:40:12.0100 4116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    21:40:12.0101 4116 QWAVEdrv - ok
    21:40:12.0121 4116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    21:40:12.0123 4116 RasAcd - ok
    21:40:12.0219 4116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:40:12.0222 4116 RasAgileVpn - ok
    21:40:12.0253 4116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:40:12.0256 4116 Rasl2tp - ok
    21:40:12.0275 4116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:40:12.0278 4116 RasPppoe - ok
    21:40:12.0314 4116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    21:40:12.0316 4116 RasSstp - ok
    21:40:12.0343 4116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    21:40:12.0349 4116 rdbss - ok
    21:40:12.0387 4116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    21:40:12.0388 4116 rdpbus - ok
    21:40:12.0414 4116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:40:12.0416 4116 RDPCDD - ok
    21:40:12.0442 4116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    21:40:12.0463 4116 RDPENCDD - ok
    21:40:12.0497 4116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    21:40:12.0499 4116 RDPREFMP - ok
    21:40:12.0526 4116 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    21:40:12.0529 4116 RDPWD - ok
    21:40:12.0611 4116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    21:40:12.0615 4116 rdyboost - ok
    21:40:12.0760 4116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    21:40:12.0763 4116 rspndr - ok
    21:40:12.0786 4116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    21:40:12.0788 4116 sbp2port - ok
    21:40:12.0816 4116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    21:40:12.0817 4116 scfilter - ok
    21:40:12.0833 4116 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
    21:40:12.0862 4116 sdbus - ok
    21:40:12.0968 4116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    21:40:12.0970 4116 secdrv - ok
    21:40:12.0993 4116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    21:40:12.0995 4116 Serenum - ok
    21:40:13.0038 4116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    21:40:13.0041 4116 Serial - ok
    21:40:13.0107 4116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    21:40:13.0108 4116 sermouse - ok
    21:40:13.0162 4116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    21:40:13.0163 4116 sffdisk - ok
    21:40:13.0174 4116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    21:40:13.0176 4116 sffp_mmc - ok
    21:40:13.0188 4116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    21:40:13.0189 4116 sffp_sd - ok
    21:40:13.0221 4116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    21:40:13.0239 4116 sfloppy - ok
    21:40:13.0294 4116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    21:40:13.0296 4116 SiSRaid2 - ok
    21:40:13.0306 4116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    21:40:13.0308 4116 SiSRaid4 - ok
    21:40:13.0329 4116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    21:40:13.0331 4116 Smb - ok
    21:40:13.0477 4116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    21:40:13.0478 4116 spldr - ok
    21:40:13.0568 4116 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
    21:40:13.0593 4116 SRTSP - ok
    21:40:13.0676 4116 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
    21:40:13.0677 4116 SRTSPX - ok
    21:40:13.0762 4116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    21:40:13.0781 4116 srv - ok
    21:40:13.0873 4116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    21:40:13.0879 4116 srv2 - ok
    21:40:13.0921 4116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    21:40:13.0924 4116 srvnet - ok
    21:40:14.0017 4116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    21:40:14.0019 4116 stexstor - ok
    21:40:14.0081 4116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    21:40:14.0102 4116 swenum - ok
    21:40:14.0266 4116 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
    21:40:14.0284 4116 SymDS - ok
    21:40:14.0529 4116 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
    21:40:14.0580 4116 SymEFA - ok
    21:40:14.0965 4116 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    21:40:14.0969 4116 SymEvent - ok
    21:40:15.0377 4116 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
    21:40:15.0393 4116 SymIRON - ok
    21:40:15.0691 4116 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
    21:40:15.0724 4116 SymNetS - ok
    21:40:15.0878 4116 SynTP (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
    21:40:15.0912 4116 SynTP - ok
    21:40:16.0126 4116 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    21:40:16.0194 4116 Tcpip - ok
    21:40:16.0449 4116 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    21:40:16.0460 4116 TCPIP6 - ok
    21:40:16.0590 4116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    21:40:16.0592 4116 tcpipreg - ok
    21:40:16.0663 4116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    21:40:16.0665 4116 TDPIPE - ok
    21:40:16.0747 4116 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    21:40:16.0763 4116 TDTCP - ok
    21:40:16.0837 4116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    21:40:16.0840 4116 tdx - ok
    21:40:16.0910 4116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    21:40:16.0912 4116 TermDD - ok
    21:40:17.0028 4116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:40:17.0031 4116 tssecsrv - ok
    21:40:17.0182 4116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    21:40:17.0184 4116 TsUsbFlt - ok
    21:40:17.0277 4116 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    21:40:17.0296 4116 TsUsbGD - ok
    21:40:17.0440 4116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    21:40:17.0443 4116 tunnel - ok
    21:40:17.0577 4116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    21:40:17.0579 4116 uagp35 - ok
    21:40:17.0649 4116 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
    21:40:17.0651 4116 UBHelper - ok
    21:40:17.0698 4116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    21:40:17.0703 4116 udfs - ok
    21:40:17.0817 4116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    21:40:17.0819 4116 uliagpkx - ok
    21:40:17.0846 4116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    21:40:17.0848 4116 umbus - ok
    21:40:17.0912 4116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    21:40:17.0945 4116 UmPass - ok
    21:40:18.0050 4116 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    21:40:18.0068 4116 USBAAPL64 - ok
    21:40:18.0143 4116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:40:18.0165 4116 usbccgp - ok
    21:40:18.0263 4116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    21:40:18.0265 4116 usbcir - ok
    21:40:18.0364 4116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    21:40:18.0366 4116 usbehci - ok
    21:40:18.0484 4116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    21:40:18.0489 4116 usbhub - ok
    21:40:18.0580 4116 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    21:40:18.0582 4116 usbohci - ok
    21:40:18.0686 4116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    21:40:18.0688 4116 usbprint - ok
    21:40:18.0810 4116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:40:18.0830 4116 USBSTOR - ok
    21:40:18.0939 4116 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    21:40:18.0941 4116 usbuhci - ok
    21:40:19.0067 4116 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    21:40:19.0071 4116 usbvideo - ok
    21:40:19.0187 4116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    21:40:19.0202 4116 vdrvroot - ok
    21:40:19.0330 4116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:40:19.0332 4116 vga - ok
    21:40:19.0418 4116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    21:40:19.0419 4116 VgaSave - ok
    21:40:19.0512 4116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    21:40:19.0537 4116 vhdmp - ok
    21:40:19.0634 4116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    21:40:19.0635 4116 viaide - ok
    21:40:19.0739 4116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    21:40:19.0741 4116 volmgr - ok
    21:40:19.0808 4116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    21:40:19.0828 4116 volmgrx - ok
    21:40:19.0934 4116 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    21:40:19.0938 4116 volsnap - ok
    21:40:20.0045 4116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    21:40:20.0048 4116 vsmraid - ok
    21:40:20.0113 4116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    21:40:20.0114 4116 vwifibus - ok
    21:40:20.0176 4116 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    21:40:20.0178 4116 vwififlt - ok
    21:40:20.0327 4116 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    21:40:20.0330 4116 vwifimp - ok
    21:40:20.0423 4116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    21:40:20.0425 4116 WacomPen - ok
    21:40:20.0540 4116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:40:20.0562 4116 WANARP - ok
    21:40:20.0565 4116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    21:40:20.0567 4116 Wanarpv6 - ok
    21:40:20.0710 4116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    21:40:20.0711 4116 Wd - ok
    21:40:20.0833 4116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    21:40:20.0841 4116 Wdf01000 - ok
    21:40:20.0970 4116 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
    21:40:20.0972 4116 wdkmd - ok
    21:40:21.0100 4116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:40:21.0120 4116 WfpLwf - ok
    21:40:21.0226 4116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    21:40:21.0228 4116 WIMMount - ok
    21:40:21.0382 4116 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    21:40:21.0404 4116 WinUsb - ok
    21:40:21.0577 4116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    21:40:21.0579 4116 WmiAcpi - ok
    21:40:21.0747 4116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    21:40:21.0748 4116 ws2ifsl - ok
    21:40:21.0930 4116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    21:40:21.0933 4116 WudfPf - ok
    21:40:22.0041 4116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:40:22.0044 4116 WUDFRd - ok
    21:40:22.0084 4116 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
    21:40:22.0119 4116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    21:40:22.0119 4116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    21:40:22.0155 4116 Boot (0x1200) (4c66794edaae027d970c854cab69c0b8) \Device\Harddisk0\DR0\Partition0
    21:40:22.0157 4116 \Device\Harddisk0\DR0\Partition0 - ok
    21:40:22.0171 4116 Boot (0x1200) (068c2e47f59f604153c2cce0b529c543) \Device\Harddisk0\DR0\Partition1
    21:40:22.0173 4116 \Device\Harddisk0\DR0\Partition1 - ok
    21:40:22.0173 4116 ============================================================
    21:40:22.0173 4116 Scan finished
    21:40:22.0173 4116 ============================================================
    21:40:22.0182 1508 Detected object count: 1
    21:40:22.0182 1508 Actual detected object count: 1
    21:40:33.0778 1508 \Device\Harddisk0\DR0\# - copied to quarantine
    21:40:33.0779 1508 \Device\Harddisk0\DR0 - copied to quarantine
    21:40:33.0849 1508 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    21:40:33.0864 1508 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    21:40:33.0872 1508 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    21:40:33.0881 1508 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    21:40:33.0902 1508 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    21:40:33.0917 1508 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    21:40:33.0919 1508 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    21:40:33.0921 1508 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    21:40:33.0924 1508 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    21:40:33.0927 1508 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    21:40:33.0931 1508 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    21:40:33.0934 1508 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    21:40:33.0964 1508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    21:40:33.0965 1508 \Device\Harddisk0\DR0 - ok
    21:40:34.0403 1508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    21:40:39.0023 4328 Deinitialize success
     
  16. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    Just had to quarantine scvhost.exe against with Malware software after the reboot.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Post new Bootkit Remover log.
     
  18. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c6500000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Re-run TDSSKiller one more time.
     
  20. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    22:02:50.0649 1768 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
    22:02:51.0180 1768 ============================================================
    22:02:51.0180 1768 Current date / time: 2012/02/13 22:02:51.0180
    22:02:51.0180 1768 SystemInfo:
    22:02:51.0180 1768
    22:02:51.0180 1768 OS Version: 6.1.7601 ServicePack: 1.0
    22:02:51.0180 1768 Product type: Workstation
    22:02:51.0180 1768 ComputerName: KATHYWILLIAMS
    22:02:51.0180 1768 UserName: Kathy Williams
    22:02:51.0180 1768 Windows directory: C:\Windows
    22:02:51.0180 1768 System windows directory: C:\Windows
    22:02:51.0180 1768 Running under WOW64
    22:02:51.0180 1768 Processor architecture: Intel x64
    22:02:51.0180 1768 Number of processors: 4
    22:02:51.0180 1768 Page size: 0x1000
    22:02:51.0180 1768 Boot type: Normal boot
    22:02:51.0180 1768 ============================================================
    22:02:51.0726 1768 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:02:51.0726 1768 \Device\Harddisk0\DR0:
    22:02:51.0726 1768 MBR used
    22:02:51.0726 1768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
    22:02:51.0726 1768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
    22:02:51.0757 1768 Initialize success
    22:02:51.0757 1768 ============================================================
    22:03:07.0731 0952 ============================================================
    22:03:07.0731 0952 Scan started
    22:03:07.0731 0952 Mode: Manual;
    22:03:07.0731 0952 ============================================================
    22:03:08.0153 0952 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    22:03:08.0168 0952 1394ohci - ok
    22:03:08.0277 0952 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    22:03:08.0277 0952 ACPI - ok
    22:03:08.0480 0952 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    22:03:08.0480 0952 AcpiPmi - ok
    22:03:08.0589 0952 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    22:03:08.0621 0952 adp94xx - ok
    22:03:08.0745 0952 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    22:03:08.0745 0952 adpahci - ok
    22:03:08.0855 0952 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    22:03:08.0870 0952 adpu320 - ok
    22:03:08.0995 0952 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    22:03:08.0995 0952 AFD - ok
    22:03:09.0104 0952 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    22:03:09.0120 0952 agp440 - ok
    22:03:09.0245 0952 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    22:03:09.0245 0952 aliide - ok
    22:03:09.0369 0952 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    22:03:09.0369 0952 amdide - ok
    22:03:09.0463 0952 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    22:03:09.0463 0952 AmdK8 - ok
    22:03:09.0557 0952 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    22:03:09.0572 0952 AmdPPM - ok
    22:03:09.0697 0952 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    22:03:09.0713 0952 amdsata - ok
    22:03:09.0822 0952 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    22:03:09.0822 0952 amdsbs - ok
    22:03:09.0947 0952 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    22:03:09.0947 0952 amdxata - ok
    22:03:10.0056 0952 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    22:03:10.0056 0952 AppID - ok
    22:03:10.0212 0952 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    22:03:10.0212 0952 arc - ok
    22:03:10.0305 0952 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    22:03:10.0305 0952 arcsas - ok
    22:03:10.0461 0952 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    22:03:10.0461 0952 AsyncMac - ok
    22:03:10.0586 0952 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    22:03:10.0586 0952 atapi - ok
    22:03:10.0758 0952 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    22:03:10.0789 0952 b06bdrv - ok
    22:03:10.0929 0952 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:03:10.0945 0952 b57nd60a - ok
    22:03:11.0070 0952 b57xdbd (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\DRIVERS\b57xdbd.sys
    22:03:11.0085 0952 b57xdbd - ok
    22:03:11.0226 0952 b57xdmp (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\DRIVERS\b57xdmp.sys
    22:03:11.0226 0952 b57xdmp - ok
    22:03:11.0382 0952 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    22:03:11.0382 0952 Beep - ok
    22:03:11.0569 0952 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
    22:03:11.0569 0952 BHDrvx64 - ok
    22:03:11.0678 0952 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    22:03:11.0709 0952 blbdrive - ok
    22:03:11.0834 0952 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    22:03:11.0834 0952 bowser - ok
    22:03:11.0928 0952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    22:03:11.0928 0952 BrFiltLo - ok
    22:03:12.0021 0952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    22:03:12.0021 0952 BrFiltUp - ok
    22:03:12.0146 0952 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    22:03:12.0146 0952 Brserid - ok
    22:03:12.0255 0952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    22:03:12.0255 0952 BrSerWdm - ok
    22:03:12.0349 0952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:03:12.0349 0952 BrUsbMdm - ok
    22:03:12.0458 0952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    22:03:12.0458 0952 BrUsbSer - ok
    22:03:12.0583 0952 bScsiMSa (520408cfdb56de8cdb44b2f11b9c5b5c) C:\Windows\system32\DRIVERS\bScsiMSa.sys
    22:03:12.0583 0952 bScsiMSa - ok
    22:03:12.0692 0952 bScsiSDa (9f880f03f4a72215c8b77fd51322c297) C:\Windows\system32\DRIVERS\bScsiSDa.sys
    22:03:12.0692 0952 bScsiSDa - ok
    22:03:12.0801 0952 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    22:03:12.0801 0952 BTHMODEM - ok
    22:03:12.0957 0952 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
    22:03:12.0973 0952 ccSet_NIS - ok
    22:03:13.0051 0952 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    22:03:13.0067 0952 cdfs - ok
    22:03:13.0191 0952 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    22:03:13.0191 0952 cdrom - ok
    22:03:13.0301 0952 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    22:03:13.0301 0952 circlass - ok
    22:03:13.0379 0952 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    22:03:13.0379 0952 CLFS - ok
    22:03:13.0535 0952 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    22:03:13.0550 0952 CmBatt - ok
    22:03:13.0659 0952 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    22:03:13.0659 0952 cmdide - ok
    22:03:13.0784 0952 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    22:03:13.0800 0952 CNG - ok
    22:03:13.0909 0952 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    22:03:13.0925 0952 Compbatt - ok
    22:03:14.0049 0952 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    22:03:14.0049 0952 CompositeBus - ok
    22:03:14.0190 0952 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    22:03:14.0190 0952 crcdisk - ok
    22:03:14.0330 0952 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    22:03:14.0330 0952 DfsC - ok
    22:03:14.0455 0952 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    22:03:14.0471 0952 discache - ok
    22:03:14.0595 0952 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    22:03:14.0595 0952 Disk - ok
    22:03:14.0736 0952 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    22:03:14.0736 0952 drmkaud - ok
    22:03:14.0876 0952 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    22:03:14.0892 0952 DXGKrnl - ok
    22:03:15.0063 0952 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    22:03:15.0141 0952 ebdrv - ok
    22:03:15.0219 0952 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    22:03:15.0235 0952 eeCtrl - ok
    22:03:15.0375 0952 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    22:03:15.0375 0952 elxstor - ok
    22:03:15.0469 0952 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    22:03:15.0469 0952 EraserUtilRebootDrv - ok
    22:03:15.0578 0952 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    22:03:15.0578 0952 ErrDev - ok
    22:03:15.0719 0952 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    22:03:15.0719 0952 exfat - ok
    22:03:15.0828 0952 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    22:03:15.0828 0952 fastfat - ok
    22:03:15.0968 0952 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    22:03:15.0968 0952 fdc - ok
    22:03:16.0093 0952 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    22:03:16.0109 0952 FileInfo - ok
    22:03:16.0218 0952 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    22:03:16.0218 0952 Filetrace - ok
    22:03:16.0327 0952 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    22:03:16.0327 0952 flpydisk - ok
    22:03:16.0436 0952 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    22:03:16.0436 0952 FltMgr - ok
    22:03:16.0545 0952 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    22:03:16.0545 0952 FsDepends - ok
    22:03:16.0639 0952 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    22:03:16.0639 0952 Fs_Rec - ok
    22:03:16.0764 0952 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    22:03:16.0764 0952 fvevol - ok
    22:03:16.0873 0952 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    22:03:16.0873 0952 gagp30kx - ok
    22:03:17.0029 0952 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:03:17.0029 0952 GEARAspiWDM - ok
    22:03:17.0138 0952 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    22:03:17.0138 0952 hcw85cir - ok
    22:03:17.0263 0952 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    22:03:17.0279 0952 HdAudAddService - ok
    22:03:17.0403 0952 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    22:03:17.0403 0952 HDAudBus - ok
    22:03:17.0528 0952 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    22:03:17.0528 0952 HidBatt - ok
    22:03:17.0762 0952 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    22:03:17.0762 0952 HidBth - ok
    22:03:17.0840 0952 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    22:03:17.0856 0952 HidIr - ok
    22:03:18.0012 0952 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    22:03:18.0012 0952 HidUsb - ok
    22:03:18.0183 0952 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    22:03:18.0183 0952 HpSAMD - ok
    22:03:18.0324 0952 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    22:03:18.0324 0952 HTTP - ok
    22:03:18.0417 0952 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    22:03:18.0417 0952 hwpolicy - ok
    22:03:18.0620 0952 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    22:03:18.0620 0952 i8042prt - ok
    22:03:18.0761 0952 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
    22:03:18.0761 0952 iaStor - ok
    22:03:18.0948 0952 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    22:03:18.0963 0952 iaStorV - ok
    22:03:19.0135 0952 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSvia64.sys
    22:03:19.0135 0952 IDSVia64 - ok
    22:03:19.0431 0952 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
    22:03:19.0681 0952 igfx - ok
    22:03:19.0806 0952 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    22:03:19.0806 0952 iirsp - ok
    22:03:19.0899 0952 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
    22:03:19.0931 0952 IntcAzAudAddService - ok
    22:03:20.0071 0952 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
    22:03:20.0087 0952 IntcDAud - ok
    22:03:20.0196 0952 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    22:03:20.0196 0952 intelide - ok
    22:03:20.0258 0952 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    22:03:20.0258 0952 intelppm - ok
    22:03:20.0352 0952 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:03:20.0352 0952 IpFilterDriver - ok
    22:03:20.0477 0952 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    22:03:20.0477 0952 IPMIDRV - ok
    22:03:20.0617 0952 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    22:03:20.0617 0952 IPNAT - ok
    22:03:20.0711 0952 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    22:03:20.0711 0952 IRENUM - ok
    22:03:20.0835 0952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    22:03:20.0835 0952 isapnp - ok
    22:03:20.0945 0952 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    22:03:20.0960 0952 iScsiPrt - ok
    22:03:21.0038 0952 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
    22:03:21.0069 0952 k57nd60a - ok
    22:03:21.0194 0952 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    22:03:21.0194 0952 kbdclass - ok
    22:03:21.0303 0952 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    22:03:21.0319 0952 kbdhid - ok
    22:03:21.0428 0952 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    22:03:21.0428 0952 KSecDD - ok
    22:03:21.0569 0952 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    22:03:21.0584 0952 KSecPkg - ok
    22:03:21.0678 0952 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    22:03:21.0693 0952 ksthunk - ok
    22:03:21.0818 0952 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    22:03:21.0818 0952 lltdio - ok
    22:03:21.0943 0952 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    22:03:21.0943 0952 LSI_FC - ok
    22:03:22.0021 0952 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    22:03:22.0037 0952 LSI_SAS - ok
    22:03:22.0037 0952 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    22:03:22.0052 0952 LSI_SAS2 - ok
    22:03:22.0068 0952 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    22:03:22.0068 0952 LSI_SCSI - ok
    22:03:22.0177 0952 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    22:03:22.0177 0952 luafv - ok
    22:03:22.0286 0952 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    22:03:22.0286 0952 MBAMProtector - ok
    22:03:22.0411 0952 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    22:03:22.0411 0952 megasas - ok
    22:03:22.0489 0952 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    22:03:22.0489 0952 MegaSR - ok
    22:03:22.0614 0952 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    22:03:22.0614 0952 MEIx64 - ok
    22:03:22.0754 0952 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    22:03:22.0770 0952 Modem - ok
    22:03:22.0863 0952 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    22:03:22.0863 0952 monitor - ok
    22:03:22.0973 0952 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    22:03:22.0973 0952 mouclass - ok
    22:03:23.0082 0952 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    22:03:23.0097 0952 mouhid - ok
    22:03:23.0129 0952 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    22:03:23.0129 0952 mountmgr - ok
    22:03:23.0160 0952 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    22:03:23.0160 0952 mpio - ok
    22:03:23.0222 0952 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    22:03:23.0238 0952 mpsdrv - ok
    22:03:23.0269 0952 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    22:03:23.0269 0952 MRxDAV - ok
    22:03:23.0316 0952 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:03:23.0331 0952 mrxsmb - ok
    22:03:23.0425 0952 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:03:23.0441 0952 mrxsmb10 - ok
    22:03:23.0472 0952 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:03:23.0472 0952 mrxsmb20 - ok
    22:03:23.0503 0952 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    22:03:23.0503 0952 msahci - ok
    22:03:23.0565 0952 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    22:03:23.0565 0952 msdsm - ok
    22:03:23.0690 0952 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    22:03:23.0690 0952 Msfs - ok
    22:03:23.0768 0952 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    22:03:23.0768 0952 mshidkmdf - ok
    22:03:23.0784 0952 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    22:03:23.0784 0952 msisadrv - ok
    22:03:23.0909 0952 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    22:03:23.0909 0952 MSKSSRV - ok
    22:03:24.0033 0952 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    22:03:24.0033 0952 MSPCLOCK - ok
    22:03:24.0143 0952 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    22:03:24.0143 0952 MSPQM - ok
    22:03:24.0252 0952 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    22:03:24.0252 0952 MsRPC - ok
    22:03:24.0283 0952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    22:03:24.0283 0952 mssmbios - ok
    22:03:24.0361 0952 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    22:03:24.0361 0952 MSTEE - ok
    22:03:24.0361 0952 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    22:03:24.0377 0952 MTConfig - ok
    22:03:24.0408 0952 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    22:03:24.0408 0952 Mup - ok
    22:03:24.0564 0952 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    22:03:24.0579 0952 NativeWifiP - ok
    22:03:24.0767 0952 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\ENG64.SYS
    22:03:24.0767 0952 NAVENG - ok
    22:03:24.0829 0952 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\EX64.SYS
    22:03:24.0829 0952 NAVEX15 - ok
    22:03:25.0032 0952 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
    22:03:25.0047 0952 NDIS - ok
    22:03:25.0188 0952 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    22:03:25.0188 0952 NdisCap - ok
    22:03:25.0328 0952 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    22:03:25.0328 0952 NdisTapi - ok
    22:03:25.0469 0952 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    22:03:25.0469 0952 Ndisuio - ok
    22:03:25.0625 0952 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    22:03:25.0625 0952 NdisWan - ok
    22:03:25.0781 0952 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    22:03:25.0781 0952 NDProxy - ok
    22:03:25.0968 0952 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    22:03:25.0968 0952 NetBIOS - ok
    22:03:26.0124 0952 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    22:03:26.0139 0952 NetBT - ok
    22:03:26.0467 0952 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
    22:03:26.0623 0952 NETwNs64 - ok
    22:03:26.0795 0952 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    22:03:26.0795 0952 nfrd960 - ok
    22:03:26.0966 0952 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    22:03:26.0982 0952 Npfs - ok
    22:03:27.0138 0952 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    22:03:27.0138 0952 nsiproxy - ok
    22:03:27.0278 0952 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    22:03:27.0309 0952 Ntfs - ok
    22:03:27.0497 0952 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
    22:03:27.0497 0952 NTIDrvr - ok
    22:03:27.0699 0952 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    22:03:27.0699 0952 Null - ok
    22:03:27.0855 0952 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    22:03:27.0887 0952 nvraid - ok
    22:03:28.0011 0952 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    22:03:28.0027 0952 nvstor - ok
    22:03:28.0152 0952 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    22:03:28.0152 0952 nv_agp - ok
    22:03:28.0292 0952 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    22:03:28.0292 0952 ohci1394 - ok
    22:03:28.0417 0952 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    22:03:28.0417 0952 Parport - ok
    22:03:28.0511 0952 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    22:03:28.0511 0952 partmgr - ok
    22:03:28.0667 0952 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    22:03:28.0667 0952 pci - ok
    22:03:28.0776 0952 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    22:03:28.0776 0952 pciide - ok
    22:03:28.0885 0952 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    22:03:28.0885 0952 pcmcia - ok
    22:03:29.0010 0952 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    22:03:29.0010 0952 pcw - ok
    22:03:29.0103 0952 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    22:03:29.0119 0952 PEAUTH - ok
    22:03:29.0291 0952 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    22:03:29.0306 0952 PptpMiniport - ok
    22:03:29.0431 0952 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    22:03:29.0431 0952 Processor - ok
    22:03:29.0571 0952 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    22:03:29.0571 0952 Psched - ok
    22:03:29.0743 0952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    22:03:29.0774 0952 ql2300 - ok
    22:03:29.0961 0952 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    22:03:29.0961 0952 ql40xx - ok
    22:03:30.0133 0952 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    22:03:30.0133 0952 QWAVEdrv - ok
    22:03:30.0289 0952 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    22:03:30.0289 0952 RasAcd - ok
    22:03:30.0429 0952 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:03:30.0429 0952 RasAgileVpn - ok
    22:03:30.0570 0952 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:03:30.0570 0952 Rasl2tp - ok
    22:03:30.0695 0952 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    22:03:30.0710 0952 RasPppoe - ok
    22:03:30.0835 0952 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    22:03:30.0835 0952 RasSstp - ok
    22:03:30.0975 0952 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    22:03:30.0975 0952 rdbss - ok
    22:03:31.0100 0952 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    22:03:31.0100 0952 rdpbus - ok
    22:03:31.0241 0952 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:03:31.0241 0952 RDPCDD - ok
    22:03:31.0381 0952 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    22:03:31.0397 0952 RDPENCDD - ok
    22:03:31.0506 0952 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    22:03:31.0506 0952 RDPREFMP - ok
    22:03:31.0615 0952 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    22:03:31.0615 0952 RDPWD - ok
    22:03:31.0771 0952 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    22:03:31.0771 0952 rdyboost - ok
    22:03:31.0958 0952 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    22:03:31.0958 0952 rspndr - ok
    22:03:32.0083 0952 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    22:03:32.0083 0952 sbp2port - ok
    22:03:32.0223 0952 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    22:03:32.0223 0952 scfilter - ok
    22:03:32.0364 0952 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
    22:03:32.0379 0952 sdbus - ok
    22:03:32.0520 0952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    22:03:32.0535 0952 secdrv - ok
    22:03:32.0645 0952 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    22:03:32.0645 0952 Serenum - ok
    22:03:32.0785 0952 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    22:03:32.0785 0952 Serial - ok
    22:03:32.0925 0952 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    22:03:32.0941 0952 sermouse - ok
    22:03:33.0066 0952 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    22:03:33.0066 0952 sffdisk - ok
    22:03:33.0191 0952 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    22:03:33.0191 0952 sffp_mmc - ok
    22:03:33.0315 0952 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    22:03:33.0315 0952 sffp_sd - ok
    22:03:33.0409 0952 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    22:03:33.0409 0952 sfloppy - ok
    22:03:33.0565 0952 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    22:03:33.0565 0952 SiSRaid2 - ok
    22:03:33.0659 0952 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    22:03:33.0659 0952 SiSRaid4 - ok
    22:03:33.0799 0952 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    22:03:33.0815 0952 Smb - ok
    22:03:34.0002 0952 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    22:03:34.0002 0952 spldr - ok
    22:03:34.0220 0952 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
    22:03:34.0220 0952 SRTSP - ok
    22:03:34.0407 0952 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
    22:03:34.0407 0952 SRTSPX - ok
    22:03:34.0548 0952 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    22:03:34.0579 0952 srv - ok
    22:03:34.0704 0952 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    22:03:34.0704 0952 srv2 - ok
    22:03:34.0829 0952 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    22:03:34.0844 0952 srvnet - ok
    22:03:34.0985 0952 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    22:03:34.0985 0952 stexstor - ok
    22:03:35.0125 0952 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    22:03:35.0141 0952 swenum - ok
    22:03:35.0297 0952 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
    22:03:35.0312 0952 SymDS - ok
    22:03:35.0453 0952 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
    22:03:35.0484 0952 SymEFA - ok
    22:03:35.0702 0952 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    22:03:35.0702 0952 SymEvent - ok
    22:03:35.0905 0952 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
    22:03:35.0905 0952 SymIRON - ok
    22:03:36.0108 0952 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
    22:03:36.0108 0952 SymNetS - ok
    22:03:36.0248 0952 SynTP (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
    22:03:36.0264 0952 SynTP - ok
    22:03:36.0389 0952 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    22:03:36.0451 0952 Tcpip - ok
    22:03:36.0623 0952 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    22:03:36.0638 0952 TCPIP6 - ok
    22:03:36.0747 0952 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    22:03:36.0747 0952 tcpipreg - ok
    22:03:36.0810 0952 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    22:03:36.0810 0952 TDPIPE - ok
    22:03:36.0888 0952 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    22:03:36.0903 0952 TDTCP - ok
    22:03:37.0013 0952 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    22:03:37.0028 0952 tdx - ok
    22:03:37.0091 0952 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    22:03:37.0091 0952 TermDD - ok
    22:03:37.0247 0952 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:03:37.0262 0952 tssecsrv - ok
    22:03:37.0357 0952 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    22:03:37.0357 0952 TsUsbFlt - ok
    22:03:37.0435 0952 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    22:03:37.0450 0952 TsUsbGD - ok
    22:03:37.0560 0952 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    22:03:37.0575 0952 tunnel - ok
    22:03:37.0653 0952 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    22:03:37.0653 0952 uagp35 - ok
    22:03:37.0747 0952 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
    22:03:37.0747 0952 UBHelper - ok
    22:03:37.0825 0952 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    22:03:37.0825 0952 udfs - ok
    22:03:37.0950 0952 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    22:03:37.0950 0952 uliagpkx - ok
    22:03:38.0028 0952 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    22:03:38.0028 0952 umbus - ok
    22:03:38.0121 0952 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    22:03:38.0137 0952 UmPass - ok
    22:03:38.0262 0952 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    22:03:38.0277 0952 USBAAPL64 - ok
    22:03:38.0402 0952 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    22:03:38.0418 0952 usbccgp - ok
    22:03:38.0542 0952 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    22:03:38.0542 0952 usbcir - ok
    22:03:38.0667 0952 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    22:03:38.0667 0952 usbehci - ok
    22:03:38.0745 0952 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    22:03:38.0745 0952 usbhub - ok
    22:03:38.0839 0952 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    22:03:38.0839 0952 usbohci - ok
    22:03:38.0932 0952 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    22:03:38.0932 0952 usbprint - ok
    22:03:39.0057 0952 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:03:39.0073 0952 USBSTOR - ok
    22:03:39.0182 0952 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    22:03:39.0182 0952 usbuhci - ok
    22:03:39.0322 0952 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    22:03:39.0322 0952 usbvideo - ok
    22:03:39.0463 0952 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    22:03:39.0478 0952 vdrvroot - ok
    22:03:39.0588 0952 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    22:03:39.0588 0952 vga - ok
    22:03:39.0681 0952 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    22:03:39.0681 0952 VgaSave - ok
    22:03:39.0775 0952 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    22:03:39.0790 0952 vhdmp - ok
    22:03:39.0868 0952 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    22:03:39.0868 0952 viaide - ok
    22:03:39.0978 0952 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    22:03:39.0978 0952 volmgr - ok
    22:03:40.0056 0952 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    22:03:40.0071 0952 volmgrx - ok
    22:03:40.0180 0952 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    22:03:40.0196 0952 volsnap - ok
    22:03:40.0321 0952 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    22:03:40.0321 0952 vsmraid - ok
    22:03:40.0446 0952 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    22:03:40.0446 0952 vwifibus - ok
    22:03:40.0586 0952 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    22:03:40.0586 0952 vwififlt - ok
    22:03:40.0680 0952 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    22:03:40.0680 0952 vwifimp - ok
    22:03:40.0758 0952 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    22:03:40.0758 0952 WacomPen - ok
    22:03:40.0882 0952 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:03:40.0914 0952 WANARP - ok
    22:03:40.0945 0952 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    22:03:40.0960 0952 Wanarpv6 - ok
    22:03:41.0085 0952 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    22:03:41.0085 0952 Wd - ok
    22:03:41.0210 0952 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    22:03:41.0210 0952 Wdf01000 - ok
    22:03:41.0366 0952 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
    22:03:41.0382 0952 wdkmd - ok
    22:03:41.0522 0952 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    22:03:41.0522 0952 WfpLwf - ok
    22:03:41.0647 0952 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    22:03:41.0647 0952 WIMMount - ok
    22:03:41.0834 0952 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    22:03:41.0850 0952 WinUsb - ok
    22:03:41.0974 0952 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    22:03:41.0974 0952 WmiAcpi - ok
    22:03:42.0099 0952 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    22:03:42.0099 0952 ws2ifsl - ok
    22:03:42.0193 0952 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    22:03:42.0193 0952 WudfPf - ok
    22:03:42.0318 0952 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:03:42.0318 0952 WUDFRd - ok
    22:03:42.0349 0952 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    22:03:42.0427 0952 \Device\Harddisk0\DR0 - ok
    22:03:42.0427 0952 Boot (0x1200) (4c66794edaae027d970c854cab69c0b8) \Device\Harddisk0\DR0\Partition0
    22:03:42.0427 0952 \Device\Harddisk0\DR0\Partition0 - ok
    22:03:42.0458 0952 Boot (0x1200) (068c2e47f59f604153c2cce0b529c543) \Device\Harddisk0\DR0\Partition1
    22:03:42.0458 0952 \Device\Harddisk0\DR0\Partition1 - ok
    22:03:42.0458 0952 ============================================================
    22:03:42.0458 0952 Scan finished
    22:03:42.0458 0952 ============================================================
    22:03:42.0458 5620 Detected object count: 0
    22:03:42.0458 5620 Actual detected object count: 0
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  22. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    ComboFix 12-02-13.01 - Kathy Williams 02/13/2012 22:19:22.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5996.4294 [GMT -6:00]
    Running from: c:\users\Kathy Williams\Desktop\ComboFix.exe
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\Kathy Williams\AppData\Roaming\Microsoft\Windows\Recent\DVDFab.url
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-14 04:24 . 2012-02-14 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-14 03:40 . 2012-02-14 03:40 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-13 01:34 . 2012-02-13 01:42 16200 ----a-w- c:\windows\stinger.sys
    2012-02-13 01:34 . 2012-02-13 02:32 -------- d-----w- c:\program files (x86)\stinger
    2012-02-12 22:48 . 2012-02-12 22:48 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\Malwarebytes
    2012-02-12 22:48 . 2012-02-12 22:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-12 22:48 . 2012-02-12 22:48 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-12 22:48 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-11 20:34 . 2012-02-11 20:35 -------- d-----w- c:\users\Kathy Williams\books
    2012-02-11 05:01 . 2012-02-11 05:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7DD9.tmp
    2012-02-11 05:01 . 2012-02-11 05:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7DD8.tmp
    2012-02-02 19:56 . 2012-02-11 05:02 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091
    2012-01-28 03:22 . 2012-01-28 03:22 -------- d-----w- c:\users\Kathy Williams\AppData\Local\Windows Live Writer
    2012-01-28 03:22 . 2012-01-28 03:22 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\Windows Live Writer
    2012-01-26 15:47 . 2012-01-31 03:14 -------- d-----w- c:\users\Kathy Williams\AppData\Local\CrashDumps
    2012-01-24 01:40 . 2012-01-24 01:40 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\MoveFab
    2012-01-20 02:23 . 2012-01-20 02:23 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\DVDFab
    2012-01-20 02:17 . 2012-01-20 02:17 -------- d-----w- c:\programdata\dvdfab
    2012-01-20 02:17 . 2012-01-20 02:23 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt
    2012-01-20 01:43 . 2012-01-20 01:43 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\com.amazon.music.uploader
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-12 21:39 . 2011-12-31 17:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-02-02 19:56 . 2011-04-15 13:57 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2012-01-01 00:06 . 2012-01-01 00:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-12-31 04:10 . 2011-12-31 04:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-12-31 04:10 . 2011-12-31 04:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-12-31 04:10 . 2011-12-31 04:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-12-31 04:10 . 2011-12-31 04:10 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-12-31 04:10 . 2011-12-31 04:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-12-31 04:10 . 2011-12-31 04:10 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-12-31 04:10 . 2011-12-31 04:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-12-31 04:10 . 2011-12-31 04:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-12-31 04:10 . 2011-12-31 04:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-12-31 04:10 . 2011-12-31 04:10 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-12-31 04:10 . 2011-12-31 04:10 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-12-31 04:10 . 2011-12-31 04:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-12-31 04:10 . 2011-12-31 04:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-12-31 04:10 . 2011-12-31 04:10 448512 ----a-w- c:\windows\system32\html.iec
    2011-12-31 04:10 . 2011-12-31 04:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-12-31 04:10 . 2011-12-31 04:10 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-12-31 04:10 . 2011-12-31 04:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-12-31 04:10 . 2011-12-31 04:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-31 04:10 . 2011-12-31 04:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-12-31 04:10 . 2011-12-31 04:10 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-12-31 04:10 . 2011-12-31 04:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-12-31 04:10 . 2011-12-31 04:10 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-12-31 04:10 . 2011-12-31 04:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-12-31 04:10 . 2011-12-31 04:10 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-12-31 04:10 . 2011-12-31 04:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-12-31 04:10 . 2011-12-31 04:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-12-31 04:10 . 2011-12-31 04:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-12-31 04:10 . 2011-12-31 04:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-12-31 04:10 . 2011-12-31 04:10 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-12-31 04:10 . 2011-12-31 04:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-12-31 04:10 . 2011-12-31 04:10 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-12-31 04:10 . 2011-12-31 04:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-12-31 04:10 . 2011-12-31 04:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-12-31 04:10 . 2011-12-31 04:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-12-31 04:06 . 2011-12-31 04:06 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2011-12-31 04:06 . 2011-04-15 13:59 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-12-31 04:06 . 2011-04-15 13:59 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-12-31 03:43 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-11-24 04:52 . 2011-12-31 14:09 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-11-19 14:58 . 2012-01-11 13:57 77312 ----a-w- c:\windows\system32\packager.dll
    2011-11-19 14:01 . 2012-01-11 13:57 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2011-11-17 06:49 . 2012-01-13 15:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-17 06:49 . 2012-01-13 15:12 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2011-11-17 06:44 . 2012-01-13 15:12 459232 ----a-w- c:\windows\system32\drivers\cng.sys
    2011-11-17 06:41 . 2012-01-11 13:57 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-17 06:35 . 2012-01-13 15:12 395776 ----a-w- c:\windows\system32\webio.dll
    2011-11-17 06:35 . 2012-01-13 15:12 29184 ----a-w- c:\windows\system32\sspisrv.dll
    2011-11-17 06:35 . 2012-01-13 15:12 136192 ----a-w- c:\windows\system32\sspicli.dll
    2011-11-17 06:35 . 2012-01-13 15:12 340992 ----a-w- c:\windows\system32\schannel.dll
    2011-11-17 06:35 . 2012-01-13 15:12 28160 ----a-w- c:\windows\system32\secur32.dll
    2011-11-17 06:35 . 2012-01-13 15:12 1447936 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-17 06:33 . 2012-01-13 15:12 31232 ----a-w- c:\windows\system32\lsass.exe
    2011-11-17 05:38 . 2012-01-11 13:57 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2011-11-17 05:35 . 2012-01-13 15:12 314880 ----a-w- c:\windows\SysWow64\webio.dll
    2011-11-17 05:34 . 2012-01-13 15:12 224768 ----a-w- c:\windows\SysWow64\schannel.dll
    2011-11-17 05:34 . 2012-01-13 15:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2011-11-17 05:28 . 2012-01-13 15:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
    "BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-02-15 290112]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Kathy Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2011-12-01 1157240]
    S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSvia64.sys [2011-12-15 488568]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-02-23 873064]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
    S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-01-31 244624]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-02-15 257344]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
    S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-11 138360]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500286521-3479545865-473360372-1000Core.job
    - c:\users\Kathy Williams\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 03:45]
    .
    2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500286521-3479545865-473360372-1000UA.job
    - c:\users\Kathy Williams\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 03:45]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
    "Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-02-23 1796200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Kathy Williams\AppData\Roaming\Mozilla\Firefox\Profiles\pt6s29a2.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Launch Manager\LMutilps32.exe
    c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-13 22:48:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-14 04:48
    .
    Pre-Run: 355,299,123,200 bytes free
    Post-Run: 355,758,243,840 bytes free
    .
    - - End Of File - - 4D8F5B95170549DBE5FA870F8B952554
     
  23. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    How is computer doing?

    Uninstall McAfee Security Scan Plus, typical foistware.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  24. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    OTL logfile created on: 2/13/2012 11:23:49 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kathy Williams\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.86 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 68.86% Memory free
    11.71 Gb Paging File | 9.82 Gb Available in Paging File | 83.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 450.66 Gb Total Space | 331.22 Gb Free Space | 73.50% Space Free | Partition Type: NTFS

    Computer Name: KATHYWILLIAMS | User Name: Kathy Williams | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/13 23:21:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy Williams\Desktop\OTL.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
    PRC - [2011/03/14 05:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    PRC - [2011/03/14 05:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2011/03/14 05:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2011/03/14 05:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/15 12:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    PRC - [2011/02/15 12:35:50 | 000,290,112 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    PRC - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/10/28 10:55:02 | 000,969,824 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010/02/03 02:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/20 03:37:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
    MOD - [2012/01/20 03:37:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
    MOD - [2012/01/20 03:37:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
    MOD - [2012/01/20 03:37:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
    MOD - [2012/01/20 03:37:25 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
    MOD - [2012/01/20 03:37:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2012/01/20 03:37:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2012/01/20 03:37:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2012/01/20 03:37:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2012/01/20 03:37:05 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2012/01/20 03:36:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2012/01/19 23:35:35 | 000,411,120 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll
    MOD - [2012/01/19 23:35:34 | 003,767,792 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
    MOD - [2012/01/19 23:34:10 | 000,122,880 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\avutil-51.dll
    MOD - [2012/01/19 23:34:09 | 000,222,208 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\avformat-53.dll
    MOD - [2012/01/19 23:34:07 | 001,746,432 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\avcodec-53.dll
    MOD - [2012/01/19 20:14:40 | 008,593,056 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    MOD - [2011/12/31 18:07:16 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/02/15 12:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/02/22 23:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
    SRV:64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/12/17 16:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
    SRV - [2011/03/14 05:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/15 12:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
    SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/02/02 13:56:54 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/11/23 20:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2011/11/23 19:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2011/11/23 19:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV:64bit: - [2011/11/16 21:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
    DRV:64bit: - [2011/11/16 21:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2011/11/04 17:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/07/25 20:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/03/25 19:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/20 19:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
    DRV:64bit: - [2011/01/20 19:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
    DRV:64bit: - [2011/01/19 21:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
    DRV:64bit: - [2011/01/17 16:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
    DRV:64bit: - [2011/01/13 19:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
    DRV:64bit: - [2010/12/25 12:25:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
    DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/15 02:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/07/29 07:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2012/02/13 10:47:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\ex64.sys -- (NAVEX15)
    DRV - [2012/02/13 10:47:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\eng64.sys -- (NAVENG)
    DRV - [2012/02/10 21:11:51 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/02/03 20:45:04 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2011/12/15 17:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSviA64.sys -- (IDSVia64)
    DRV - [2011/11/30 20:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/02 00:01:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/13 23:01:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/12 20:57:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/01 16:28:42 | 000,000,000 | ---D | M]

    [2011/12/31 11:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy Williams\AppData\Roaming\Mozilla\Extensions
    [2012/02/12 17:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy Williams\AppData\Roaming\Mozilla\Firefox\Profiles\pt6s29a2.default\extensions
    [2012/02/12 20:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/02/02 00:01:59 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
    () (No name found) -- C:\USERS\KATHY WILLIAMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PT6S29A2.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
    () (No name found) -- C:\USERS\KATHY WILLIAMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PT6S29A2.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
    [2012/02/08 14:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/02/08 11:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/13 14:20:40 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    [2012/02/08 11:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.1.10_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: TV = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
    CHR - Extension: YouTube = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
    CHR - Extension: Livestation = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdlnnjkjmmcfhfamndcpocjekeanpb\1.1_0\
    CHR - Extension: Learn Hebrew - Ma Kore = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiphfaggmjkobfelhkaddcoagngjogeg\1_0\
    CHR - Extension: Send to Kindle = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\2.6.3_0\
    CHR - Extension: TV for Google Chrome = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lambangeielkjcnmioccboaphdfcffib\2.2.4_0\
    CHR - Extension: Social TV = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgngdongggnefkmefanocbikldkboaaj\1.2.3_0\
    CHR - Extension: Norton Identity Protection = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
    CHR - Extension: Gmail = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Learn Spanish - Qu Onda Spanish = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj\1_0\

    O1 HOSTS File: ([2012/02/13 22:43:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - Startup: C:\Users\Kathy Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{063522AA-F17C-413D-9759-2BA885638C21}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/13 23:22:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy Williams\Desktop\OTL.exe
    [2012/02/13 22:43:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/02/13 22:16:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/13 22:16:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/13 22:16:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/13 22:16:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/13 22:14:02 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/13 22:13:37 | 004,403,246 | R--- | C] (Swearware) -- C:\Users\Kathy Williams\Desktop\ComboFix.exe
    [2012/02/13 22:02:33 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kathy Williams\Desktop\tdsskiller.exe
    [2012/02/13 21:40:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/02/12 21:14:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\Desktop\GooredFix Backups
    [2012/02/12 19:34:17 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
    [2012/02/12 19:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
    [2012/02/12 16:48:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\Malwarebytes
    [2012/02/12 16:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/12 16:48:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/02/12 16:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/02/12 16:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/11 14:34:55 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\books
    [2012/01/27 21:22:07 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\Windows Live Writer
    [2012/01/27 21:22:07 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Local\Windows Live Writer
    [2012/01/26 09:47:27 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Local\CrashDumps
    [2012/01/23 19:40:16 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\MoveFab
    [2012/01/19 20:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\DVDFab
    [2012/01/19 20:17:17 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\Documents\DVDFab
    [2012/01/19 20:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
    [2012/01/19 20:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
    [2012/01/19 20:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
    [2012/01/19 19:43:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\com.amazon.music.uploader
    [2012/01/19 19:43:47 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\Documents\Amazon MP3 Uploader
    [2012/01/18 10:03:24 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\Documents\books

    ========== Files - Modified Within 30 Days ==========

    [2012/02/13 23:21:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy Williams\Desktop\OTL.exe
    [2012/02/13 23:09:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/13 23:09:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/13 23:08:38 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/02/13 23:08:38 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/02/13 23:08:38 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/02/13 23:01:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/13 23:01:40 | 420,368,383 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/13 22:56:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3500286521-3479545865-473360372-1000UA.job
    [2012/02/13 22:56:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3500286521-3479545865-473360372-1000Core.job
    [2012/02/13 22:43:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/02/13 22:10:30 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\Kathy Williams\Desktop\ComboFix.exe
    [2012/02/13 21:39:04 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kathy Williams\Desktop\tdsskiller.exe
    [2012/02/13 20:31:06 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kathy Williams\Desktop\boot_cleaner.exe
    [2012/02/13 20:28:23 | 000,000,512 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\MBR.dat
    [2012/02/12 20:57:17 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/02/12 19:42:51 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
    [2012/02/12 16:48:06 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/12 09:05:12 | 000,778,834 | ---- | M] () -- C:\Users\Kathy Williams\Documents\PerfStringBackup.INI
    [2012/02/10 23:08:18 | 000,002,519 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
    [2012/02/10 23:02:45 | 001,488,921 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
    [2012/02/10 23:02:31 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024
    [2012/02/02 13:56:54 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
    [2012/02/02 13:56:54 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
    [2012/02/02 13:56:54 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
    [2012/01/30 21:13:27 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/01/26 22:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
    [2012/01/25 23:51:17 | 000,002,455 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\Google Chrome.lnk
    [2012/01/21 03:01:29 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/20 00:04:05 | 000,001,192 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\Dictionary .NET.lnk
    [2012/01/19 20:17:05 | 000,001,060 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\DVDFab Profile Editor.lnk
    [2012/01/19 20:17:05 | 000,001,047 | ---- | M] () -- C:\Users\Kathy Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk
    [2012/01/19 20:17:05 | 000,001,023 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\DVDFab 8 Qt.lnk
    [2012/01/19 19:43:41 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Amazon MP3 Uploader.lnk
    [2012/01/15 00:58:07 | 000,015,299 | ---- | M] () -- C:\Users\Kathy Williams\Documents\Sunday songs.odt

    ========== Files Created - No Company Name ==========

    [2012/02/13 22:16:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/13 22:16:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/13 22:16:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/13 22:16:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/13 22:16:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/13 20:28:23 | 000,000,512 | ---- | C] () -- C:\Users\Kathy Williams\Desktop\MBR.dat
    [2012/02/12 20:57:17 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/02/12 20:57:16 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/02/12 16:59:00 | 000,778,834 | ---- | C] () -- C:\Users\Kathy Williams\Documents\PerfStringBackup.INI
    [2012/02/12 16:48:06 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/30 21:13:26 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/01/20 00:04:05 | 000,001,192 | ---- | C] () -- C:\Users\Kathy Williams\Desktop\Dictionary .NET.lnk
    [2012/01/20 00:01:07 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/19 20:17:05 | 000,001,060 | ---- | C] () -- C:\Users\Kathy Williams\Desktop\DVDFab Profile Editor.lnk
    [2012/01/19 20:17:05 | 000,001,047 | ---- | C] () -- C:\Users\Kathy Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk
    [2012/01/19 20:17:05 | 000,001,023 | ---- | C] () -- C:\Users\Kathy Williams\Desktop\DVDFab 8 Qt.lnk
    [2012/01/19 19:43:41 | 000,001,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon MP3 Uploader.lnk
    [2012/01/19 19:43:41 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Amazon MP3 Uploader.lnk
    [2012/01/15 00:58:04 | 000,015,299 | ---- | C] () -- C:\Users\Kathy Williams\Documents\Sunday songs.odt
    [2011/04/15 08:16:07 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/04/15 08:16:06 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/04/15 08:16:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/12/31 13:49:01 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\Amazon
    [2012/01/19 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\com.amazon.music.uploader
    [2012/01/19 20:23:31 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\DVDFab
    [2012/01/23 19:40:16 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\MoveFab
    [2011/12/31 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\OpenOffice.org
    [2012/01/06 02:22:59 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\SNS
    [2012/01/27 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\Windows Live Writer
    [2009/07/13 23:08:49 | 000,009,392 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/04/15 08:19:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/02/13 22:48:05 | 000,021,986 | ---- | M] () -- C:\ComboFix.txt
    [2012/02/13 23:01:40 | 420,368,383 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/12 17:38:27 | 000,000,040 | ---- | M] () -- C:\log.txt
    [2012/02/13 23:01:45 | 1992,146,943 | -HS- | M] () -- C:\pagefile.sys
    [2012/02/13 21:40:39 | 000,084,538 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_13.02.2012_21.39.30_log.txt
    [2012/02/13 22:07:02 | 000,081,740 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_13.02.2012_22.02.50_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
     
  25. kathywms

    kathywms TS Rookie Topic Starter Posts: 33

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/12/30 20:46:22 | 000,000,221 | -HS- | M] () -- C:\Users\Kathy Williams\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/13 20:31:06 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kathy Williams\Desktop\boot_cleaner.exe
    [2012/02/13 22:10:30 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\Kathy Williams\Desktop\ComboFix.exe
    [2012/02/13 23:21:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy Williams\Desktop\OTL.exe
    [2012/02/13 21:39:04 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kathy Williams\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/12/30 20:42:21 | 000,000,402 | -HS- | M] () -- C:\Users\Kathy Williams\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...