Solved Malware removal issue following instructions unable to download DDS

K

kathywms

Posts: 33   +0
I am infected with a Malware program that has affected my svshosts file. I am following instructions from here

I have successfully completed all the steps through gmer (step 3)
I click on DDS by sUBS and get a blank tab

Malwarebytes Anti-Malware is actively blocking access to 206.161.121..2; 206.161.121.3; 206.161.121.4; 206.161.121.5. type: outgoing ##### port (always 5 digits) svchosts.exe.

Should I paste in the two logs that I have or is there another way to obtain the step 4 program to run?

Thank you in advance for your assistance.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================================

You can't download or run DDS?
 
Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/30/2011 8:39:55 PM
System Uptime: 2/12/2012 5:38:45 PM (2 hours ago)
.
Motherboard: Gateway | | SJV50_HR
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 2100/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 328.48 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP18: 1/21/2012 3:00:12 AM - Windows Update
RP19: 1/29/2012 4:23:42 AM - Scheduled Checkpoint
RP20: 2/6/2012 2:32:04 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Reader 9.2 MUI
Agatha Christie - 4:50 from Paddington
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Apple Application Support
Apple Software Update
Backup Manager V3
Bejeweled 2 Deluxe
Bing Bar
Build-a-lot 2
Chuzzle Deluxe
CyberLink MediaEspresso
CyberLink PowerDVD 10
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
DVDFab 8.1.5.8 (18/01/2012) Qt
eBay Worldwide
FATE - The Traitor Soul
Final Drive: Nitro
Galerie de photos Windows Live
Gateway Games
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Chrome
HomeMedia
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 22
Jewel Quest Heritage
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 10.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars: PAC-MAN
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Internet Security
Norton Online Backup
OpenOffice.org 3.3
Penguins!
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.5
Times Reader
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update Installer for WildTangent Games App
Video Web Camera
Virtual Villagers 4 - The Tree of Life
Welcome Center
WildTangent Games App (Gateway Games)
WinDjView 1.0.3
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/12/2012 5:15:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Nakido service.
.
==== End Of File ===========================
 
DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Kathy Williams at 19:20:02 on 2012-02-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5996.3164 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Kathy Williams\AppData\Local\Temp\RarSFX0\Dictionary.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kathy Williams\Downloads\ihg8x558.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Kathy Williams\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Dictionary .NET] "C:\Users\KATHYW~1\AppData\Local\Temp\RarSFX0\Dictionary.exe" -c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\KATHYW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{063522AA-F17C-413D-9759-2BA885638C21} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{063522AA-F17C-413D-9759-2BA885638C21}\2375942554038383 : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathy Williams\AppData\Roaming\Mozilla\Firefox\Profiles\pt6s29a2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-2-8 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSviA64.sys [2012-2-10 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1305000.091\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-4-15 352336]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-12-30 873064]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-15 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-4-15 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-12 652360]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe [2012-2-2 138248]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-2-15 257344]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-30 2656280]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys --> C:\Windows\system32\DRIVERS\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys --> C:\Windows\system32\DRIVERS\b57xdmp.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys --> C:\Windows\system32\DRIVERS\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-10 138360]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-12 23:40:16 20480 ------w- C:\Windows\svchost.exe
2012-02-12 22:48:28 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\Malwarebytes
2012-02-12 22:48:05 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-12 22:48:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-12 22:48:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-11 20:34:55 -------- d-----w- C:\Users\Kathy Williams\books
2012-02-11 05:01:30 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7DD9.tmp
2012-02-11 05:01:30 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\7DD8.tmp
2012-02-02 19:56:48 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtsp64.sys
2012-02-02 19:56:48 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1305000.091\symds64.sys
2012-02-02 19:56:48 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symnets.sys
2012-02-02 19:56:48 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\srtspx64.sys
2012-02-02 19:56:48 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ironx64.sys
2012-02-02 19:56:48 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\ccsetx64.sys
2012-02-02 19:56:48 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1305000.091\symefa64.sys
2012-02-02 19:56:40 -------- d-----w- C:\Windows\System32\drivers\NISx64\1305000.091
2012-01-28 03:22:07 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\Windows Live Writer
2012-01-28 03:22:07 -------- d-----w- C:\Users\Kathy Williams\AppData\Local\Windows Live Writer
2012-01-26 15:47:27 -------- d-----w- C:\Users\Kathy Williams\AppData\Local\CrashDumps
2012-01-24 01:40:16 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\MoveFab
2012-01-20 02:23:31 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\DVDFab
2012-01-20 02:17:15 -------- d-----w- C:\ProgramData\dvdfab
2012-01-20 02:17:01 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt
2012-01-20 01:43:51 -------- d-----w- C:\Users\Kathy Williams\AppData\Roaming\com.amazon.music.uploader
.
==================== Find3M ====================
.
2012-02-12 21:39:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-02 19:56:54 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-01 00:06:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-31 04:06:05 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-12-31 04:06:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-12-31 04:06:05 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-19 14:58:00 77312 ----a-w- C:\Windows\System32\packager.dll
2011-11-19 14:01:00 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:41:18 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:38:39 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:20:38.15 ===============
 
gmer

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-12 18:22:16
Windows 6.1.7601 Service Pack 1
Running: ihg8x558.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\play-trans[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\player[1].png 185579 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\PortalServe[2].htm 19710 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\FranklinGothicBook[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ftrtwitter-off[1].jpg 4278 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\surly[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\surly[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\swfobject[1].js 6722 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\bottom_strip[1].gif 101 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\box-shadows[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\bt-go[1].gif 1547 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\b[3].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\logCA974D1Z.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\logCAA7UY4G.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ChannelArtTileSmall_140x79[1].jpg 8764 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ChannelArtTileSmall_140x79[2].jpg 4192 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\crossdomain[3].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\hair[1].jpg 2227 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\IE3[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ie7[1].css 71 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\FDAF_2012_TruckMonthTexas_Dock_728x90[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\FDAF_SharedAsset_Button_UIArrow[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\banners[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\10mwb_tnl[1].jpg 3449 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\1[1].gif 1950 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\y0mwb_tnl[1].jpg 2948 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\youtube[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\mevio-m-neverback-24x24[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\right[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\l[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\master[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\facebook[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\serviceareas2[1].jpg 27964 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\Shell_300x250[2].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\showicons[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\AdControl[1] 568 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\Default[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\Antenna-Regular[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\aol728x90-1[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\ads[3].js 10467 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\en_US[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\logCA366ZEJ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\AdotubeLinear[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\pixel[3].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\pixel[4].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\specialoffers1[1].jpg 27182 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\style[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\style[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\2e1122680cab75e08f267586b8e0ef6c[1].jpg 26605 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\2[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\VehicleDock[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\tilebackground[1].jpg 2011 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\Track[4].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\dot[5].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\logCASZ5Q8X.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O03YW3YL\login_status[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\results[1].htm 4174 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\3d988d5c264f8ef0e6e7006e6d36de40[1].png 8707 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\fdaf_SharedAsset_DockImage_2012F-150_transparent_DockImage_2012TruckMonth_MLPOL_728x90[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\fdaf_SharedAsset_DockImage_2012F-250_transparent_DockImage_2012TruckMonth_MLPOL_300x250[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\e1mwb_tnl[1].jpg 3703 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\fp[1].js 22214 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\Homepage;dcopt=ist;tile=1;sz=728x90;ord=7301617365[1].js 206 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCAY1XUQ3.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\scripts[1].js 2813 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\Solitaire_GamesBanners_728x90[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\PortalServe[4] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\6[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\98_config[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\=1;sz=728x90;title=thejackiechanadventuresfullepisodes;tag%3dacracklechristmas%3btag%3dfistsoffury%3btag%3dkraftlong%3bord=4728710437[1].js 206 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\Track[3].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\alerts[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\JustWords_GamesBanners_728x90[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\kt9wb_360p[1].mp4 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\2012_TruckMonthTexas_ML_POL[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\cf9c4963ed6f891133cb8046a053c00c[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\ChannelArtTileSmall_140x79[1].jpg 6800 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\ChannelArtTileSmall_140x79[2].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\checkBrowser[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\world.ie7.http.s.meebocdn.net[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\pixel[4].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\B6141673;sz=300x250;pc=DFP250970997;click=;ord=8191624[1].htm 1013 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\crossdomain[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\AOL_Banners-728x90[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\assets_300x250[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\liverail_preroll[1].swf 2333 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\loc_results[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCA509C4B.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCAD1Q86O.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\submitbutton[1].jpg 1807 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\surly[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\dot[5].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\download[1].css 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\NOP[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\IE1[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\IE2[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\IE2[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\ads[5].js 10519 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\ads[6].js 10519 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\header[1].swf 184590 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\box_right[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\jquery[1].js 91572 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\Vast[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\secret[1].jpg 2070 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCAG3VNWQ.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SN7GRJ3R\logCAKE07RG.txt 0 bytes

---- EOF - GMER 1.0.15 ----
 
Sorry... Here it is.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kathy Williams :: KATHYWILLIAMS [administrator]

Protection: Enabled

2/12/2012 4:49:16 PM
mbam-log-2012-02-12 (16-49-16).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352706
Time elapsed: 47 minute(s), 9 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 7876 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Kathy Williams\AppData\Local\Temp\7E67.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
bootcleaner and aswMBR logs

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c6500000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...


and...........
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-13 20:16:32
-----------------------------
20:16:32.140 OS Version: Windows x64 6.1.7601 Service Pack 1
20:16:32.140 Number of processors: 4 586 0x2A07
20:16:32.141 ComputerName: KATHYWILLIAMS UserName:
20:16:34.106 Initialize success
20:18:21.114 AVAST engine defs: 12021302
20:22:34.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:22:34.642 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
20:22:34.644 Device \Driver\iaStor -> MajorFunction fffffa8008cff5c4
20:22:34.647 Disk 0 MBR read successfully
20:22:34.650 Disk 0 MBR scan
20:22:34.655 Disk 0 Windows 7 default MBR code
20:22:34.658 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
20:22:34.673 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
20:22:34.689 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461478 MB offset 31664128
20:22:34.695 Service scanning
20:22:36.074 Modules scanning
20:22:36.078 Disk 0 trace - called modules:
20:22:36.083 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8008cff5c4]<<
20:22:36.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008122060]
20:22:36.416 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062b8050]
20:22:36.421 \Driver\iaStor[0xfffffa80086a1430] -> IRP_MJ_CREATE -> 0xfffffa8008cff5c4
20:22:37.600 AVAST engine scan C:\Windows
20:22:40.078 AVAST engine scan C:\Windows\system32
20:24:59.020 AVAST engine scan C:\Windows\system32\drivers
20:25:10.442 AVAST engine scan C:\Users\Kathy Williams
20:28:23.722 Disk 0 MBR has been saved successfully to "C:\Users\Kathy Williams\Desktop\MBR.dat"
20:28:23.729 The log file has been saved successfully to "C:\Users\Kathy Williams\Desktop\aswMBR.txt"
 
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 
done...

Farbar Service Scanner Version: 13-02-2012
Ran by Kathy Williams (administrator) on 13-02-2012 at 20:56:02
Running from "C:\Users\Kathy Williams\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Listparts

ListParts by Farbar
Ran by Kathy Williams on 13-02-2012 at 21:23:39
Windows 7 (X64)
Running From: C:\Users\Kathy Williams\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 62%
Total physical RAM: 5995.86 MB
Available physical RAM: 2262.81 MB
Total Pagefile: 11989.91 MB
Available Pagefile: 7645.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:450.66 GB) (Free:330.01 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 15 GB 1024 KB
Partition 2 Primary 100 MB 15 GB
Partition 3 Primary 450 GB 15 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 PQSERVICE NTFS Partition 15 GB Healthy Hidden

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM RESE NTFS Partition 100 MB Healthy System (partition with boot components)

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 450 GB Healthy Boot



****** End Of Log ******
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller

21:39:30.0185 6572 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
21:39:31.0656 6572 ============================================================
21:39:31.0656 6572 Current date / time: 2012/02/13 21:39:31.0656
21:39:31.0656 6572 SystemInfo:
21:39:31.0656 6572
21:39:31.0656 6572 OS Version: 6.1.7601 ServicePack: 1.0
21:39:31.0656 6572 Product type: Workstation
21:39:31.0656 6572 ComputerName: KATHYWILLIAMS
21:39:31.0656 6572 UserName: Kathy Williams
21:39:31.0656 6572 Windows directory: C:\Windows
21:39:31.0656 6572 System windows directory: C:\Windows
21:39:31.0656 6572 Running under WOW64
21:39:31.0656 6572 Processor architecture: Intel x64
21:39:31.0656 6572 Number of processors: 4
21:39:31.0656 6572 Page size: 0x1000
21:39:31.0656 6572 Boot type: Normal boot
21:39:31.0656 6572 ============================================================
21:39:32.0340 6572 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:39:32.0405 6572 \Device\Harddisk0\DR0:
21:39:32.0419 6572 MBR used
21:39:32.0419 6572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
21:39:32.0419 6572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
21:39:32.0484 6572 Initialize success
21:39:32.0484 6572 ============================================================
21:39:49.0036 4116 ============================================================
21:39:49.0036 4116 Scan started
21:39:49.0036 4116 Mode: Manual;
21:39:49.0036 4116 ============================================================
21:39:49.0698 4116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:39:49.0728 4116 1394ohci - ok
21:39:49.0822 4116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:39:49.0826 4116 ACPI - ok
21:39:50.0014 4116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:39:50.0016 4116 AcpiPmi - ok
21:39:50.0060 4116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:39:50.0088 4116 adp94xx - ok
21:39:50.0198 4116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:39:50.0203 4116 adpahci - ok
21:39:50.0247 4116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:39:50.0250 4116 adpu320 - ok
21:39:50.0367 4116 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:39:50.0393 4116 AFD - ok
21:39:50.0491 4116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:39:50.0511 4116 agp440 - ok
21:39:50.0624 4116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:39:50.0626 4116 aliide - ok
21:39:50.0725 4116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:39:50.0726 4116 amdide - ok
21:39:50.0815 4116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:39:50.0817 4116 AmdK8 - ok
21:39:50.0916 4116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:39:50.0918 4116 AmdPPM - ok
21:39:51.0033 4116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:39:51.0055 4116 amdsata - ok
21:39:51.0100 4116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:39:51.0103 4116 amdsbs - ok
21:39:51.0197 4116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:39:51.0199 4116 amdxata - ok
21:39:51.0302 4116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:39:51.0304 4116 AppID - ok
21:39:51.0437 4116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:39:51.0454 4116 arc - ok
21:39:51.0551 4116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:39:51.0553 4116 arcsas - ok
21:39:51.0695 4116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:39:51.0696 4116 AsyncMac - ok
21:39:51.0832 4116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:39:51.0833 4116 atapi - ok
21:39:51.0997 4116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:39:52.0023 4116 b06bdrv - ok
21:39:52.0165 4116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:39:52.0169 4116 b57nd60a - ok
21:39:52.0293 4116 b57xdbd (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\DRIVERS\b57xdbd.sys
21:39:52.0311 4116 b57xdbd - ok
21:39:52.0439 4116 b57xdmp (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\DRIVERS\b57xdmp.sys
21:39:52.0440 4116 b57xdmp - ok
21:39:52.0578 4116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:39:52.0579 4116 Beep - ok
21:39:52.0783 4116 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
21:39:52.0834 4116 BHDrvx64 - ok
21:39:52.0956 4116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:39:52.0977 4116 blbdrive - ok
21:39:53.0035 4116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:39:53.0056 4116 bowser - ok
21:39:53.0140 4116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:39:53.0141 4116 BrFiltLo - ok
21:39:53.0151 4116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:39:53.0152 4116 BrFiltUp - ok
21:39:53.0197 4116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:39:53.0201 4116 Brserid - ok
21:39:53.0227 4116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:39:53.0229 4116 BrSerWdm - ok
21:39:53.0292 4116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:39:53.0294 4116 BrUsbMdm - ok
21:39:53.0335 4116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:39:53.0336 4116 BrUsbSer - ok
21:39:53.0789 4116 bScsiMSa (520408cfdb56de8cdb44b2f11b9c5b5c) C:\Windows\system32\DRIVERS\bScsiMSa.sys
21:39:53.0791 4116 bScsiMSa - ok
21:39:53.0937 4116 bScsiSDa (9f880f03f4a72215c8b77fd51322c297) C:\Windows\system32\DRIVERS\bScsiSDa.sys
21:39:53.0939 4116 bScsiSDa - ok
21:39:53.0985 4116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:39:53.0987 4116 BTHMODEM - ok
21:39:54.0161 4116 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
21:39:54.0177 4116 ccSet_NIS - ok
21:39:54.0265 4116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:39:54.0268 4116 cdfs - ok
21:39:54.0380 4116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:39:54.0383 4116 cdrom - ok
21:39:54.0488 4116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:39:54.0490 4116 circlass - ok
21:39:54.0563 4116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:39:54.0568 4116 CLFS - ok
21:39:54.0692 4116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:39:54.0709 4116 CmBatt - ok
21:39:54.0790 4116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:39:54.0792 4116 cmdide - ok
21:39:54.0939 4116 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:39:54.0961 4116 CNG - ok
21:39:55.0146 4116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:39:55.0147 4116 Compbatt - ok
21:39:55.0269 4116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:39:55.0271 4116 CompositeBus - ok
21:39:55.0402 4116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:39:55.0403 4116 crcdisk - ok
21:39:55.0565 4116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:39:55.0567 4116 DfsC - ok
21:39:55.0668 4116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:39:55.0689 4116 discache - ok
21:39:55.0807 4116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:39:55.0809 4116 Disk - ok
21:39:55.0935 4116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:39:55.0936 4116 drmkaud - ok
21:39:56.0058 4116 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:39:56.0106 4116 DXGKrnl - ok
21:39:56.0264 4116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:39:56.0332 4116 ebdrv - ok
21:39:56.0467 4116 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:39:56.0473 4116 eeCtrl - ok
21:39:56.0661 4116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:39:56.0676 4116 elxstor - ok
21:39:56.0758 4116 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:39:56.0780 4116 EraserUtilRebootDrv - ok
21:39:56.0903 4116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:39:56.0905 4116 ErrDev - ok
21:39:57.0004 4116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:39:57.0008 4116 exfat - ok
21:39:57.0027 4116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:39:57.0031 4116 fastfat - ok
21:39:57.0129 4116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:39:57.0132 4116 fdc - ok
21:39:57.0319 4116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:39:57.0352 4116 FileInfo - ok
21:39:57.0376 4116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:39:57.0378 4116 Filetrace - ok
21:39:57.0396 4116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:39:57.0398 4116 flpydisk - ok
21:39:57.0451 4116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:39:57.0455 4116 FltMgr - ok
21:39:57.0538 4116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:39:57.0540 4116 FsDepends - ok
21:39:57.0568 4116 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:39:57.0569 4116 Fs_Rec - ok
21:39:57.0687 4116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:39:57.0690 4116 fvevol - ok
21:39:57.0816 4116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:39:57.0818 4116 gagp30kx - ok
21:39:58.0020 4116 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:39:58.0022 4116 GEARAspiWDM - ok
21:39:58.0062 4116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:39:58.0076 4116 hcw85cir - ok
21:39:58.0217 4116 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:39:58.0222 4116 HdAudAddService - ok
21:39:58.0376 4116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:39:58.0379 4116 HDAudBus - ok
21:39:58.0483 4116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:39:58.0485 4116 HidBatt - ok
21:39:58.0619 4116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:39:58.0621 4116 HidBth - ok
21:39:58.0733 4116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:39:58.0755 4116 HidIr - ok
21:39:58.0893 4116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:39:58.0895 4116 HidUsb - ok
21:39:59.0047 4116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:39:59.0049 4116 HpSAMD - ok
21:39:59.0170 4116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:39:59.0179 4116 HTTP - ok
21:39:59.0279 4116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:39:59.0280 4116 hwpolicy - ok
21:39:59.0388 4116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:39:59.0390 4116 i8042prt - ok
21:39:59.0502 4116 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
21:39:59.0505 4116 iaStor - ok
21:39:59.0660 4116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:39:59.0679 4116 iaStorV - ok
21:39:59.0829 4116 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSvia64.sys
21:39:59.0836 4116 IDSVia64 - ok
21:40:00.0230 4116 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:40:00.0459 4116 igfx - ok
21:40:00.0569 4116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:40:00.0571 4116 iirsp - ok
21:40:00.0799 4116 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
21:40:00.0878 4116 IntcAzAudAddService - ok
21:40:01.0062 4116 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:40:01.0097 4116 IntcDAud - ok
21:40:01.0221 4116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:40:01.0243 4116 intelide - ok
21:40:01.0347 4116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:40:01.0349 4116 intelppm - ok
21:40:01.0459 4116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:40:01.0461 4116 IpFilterDriver - ok
21:40:01.0560 4116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:40:01.0562 4116 IPMIDRV - ok
21:40:01.0684 4116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:40:01.0686 4116 IPNAT - ok
21:40:01.0813 4116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:40:01.0815 4116 IRENUM - ok
21:40:01.0929 4116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:40:01.0931 4116 isapnp - ok
21:40:02.0012 4116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:40:02.0030 4116 iScsiPrt - ok
21:40:02.0275 4116 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
21:40:02.0295 4116 k57nd60a - ok
21:40:02.0437 4116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:40:02.0439 4116 kbdclass - ok
21:40:02.0553 4116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:40:02.0570 4116 kbdhid - ok
21:40:02.0692 4116 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:40:02.0720 4116 KSecDD - ok
21:40:02.0838 4116 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:40:02.0859 4116 KSecPkg - ok
21:40:02.0992 4116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:40:02.0994 4116 ksthunk - ok
21:40:03.0152 4116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:40:03.0154 4116 lltdio - ok
21:40:03.0277 4116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:40:03.0280 4116 LSI_FC - ok
21:40:03.0370 4116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:40:03.0372 4116 LSI_SAS - ok
21:40:03.0448 4116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:40:03.0450 4116 LSI_SAS2 - ok
21:40:03.0597 4116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:40:03.0599 4116 LSI_SCSI - ok
21:40:03.0741 4116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:40:03.0744 4116 luafv - ok
21:40:03.0843 4116 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:40:03.0860 4116 MBAMProtector - ok
21:40:04.0277 4116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:40:04.0279 4116 megasas - ok
21:40:04.0639 4116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:40:04.0643 4116 MegaSR - ok
21:40:04.0745 4116 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:40:04.0764 4116 MEIx64 - ok
21:40:04.0868 4116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:40:04.0871 4116 Modem - ok
21:40:04.0987 4116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:40:04.0988 4116 monitor - ok
21:40:05.0100 4116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:40:05.0102 4116 mouclass - ok
21:40:05.0217 4116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:40:05.0237 4116 mouhid - ok
21:40:05.0346 4116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:40:05.0349 4116 mountmgr - ok
21:40:05.0448 4116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:40:05.0451 4116 mpio - ok
21:40:05.0549 4116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:40:05.0551 4116 mpsdrv - ok
21:40:05.0648 4116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:40:05.0651 4116 MRxDAV - ok
21:40:05.0755 4116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:40:05.0777 4116 mrxsmb - ok
21:40:05.0916 4116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:40:05.0920 4116 mrxsmb10 - ok
21:40:06.0019 4116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:40:06.0022 4116 mrxsmb20 - ok
21:40:06.0124 4116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:40:06.0125 4116 msahci - ok
21:40:06.0230 4116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:40:06.0233 4116 msdsm - ok
21:40:06.0351 4116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:40:06.0352 4116 Msfs - ok
21:40:06.0466 4116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:40:06.0467 4116 mshidkmdf - ok
21:40:06.0562 4116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:40:06.0564 4116 msisadrv - ok
21:40:06.0689 4116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:40:06.0690 4116 MSKSSRV - ok
21:40:06.0801 4116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:40:06.0802 4116 MSPCLOCK - ok
21:40:06.0911 4116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:40:06.0913 4116 MSPQM - ok
21:40:07.0021 4116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:40:07.0026 4116 MsRPC - ok
21:40:07.0137 4116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:40:07.0139 4116 mssmbios - ok
21:40:07.0264 4116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:40:07.0286 4116 MSTEE - ok
21:40:07.0386 4116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:40:07.0387 4116 MTConfig - ok
21:40:07.0483 4116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:40:07.0485 4116 Mup - ok
21:40:07.0620 4116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:40:07.0645 4116 NativeWifiP - ok
21:40:07.0812 4116 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\ENG64.SYS
21:40:07.0815 4116 NAVENG - ok
21:40:07.0987 4116 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\EX64.SYS
21:40:08.0033 4116 NAVEX15 - ok
21:40:08.0669 4116 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
21:40:08.0682 4116 NDIS - ok
21:40:09.0107 4116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:40:09.0109 4116 NdisCap - ok
21:40:09.0189 4116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:40:09.0191 4116 NdisTapi - ok
21:40:09.0296 4116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:40:09.0299 4116 Ndisuio - ok
21:40:09.0326 4116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:40:09.0332 4116 NdisWan - ok
21:40:09.0430 4116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:40:09.0432 4116 NDProxy - ok
21:40:09.0525 4116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:40:09.0538 4116 NetBIOS - ok
21:40:09.0715 4116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:40:09.0720 4116 NetBT - ok
21:40:10.0011 4116 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
21:40:10.0183 4116 NETwNs64 - ok
21:40:10.0317 4116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:40:10.0319 4116 nfrd960 - ok
21:40:10.0368 4116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:40:10.0371 4116 Npfs - ok
21:40:10.0396 4116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:40:10.0397 4116 nsiproxy - ok
21:40:10.0481 4116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:40:10.0546 4116 Ntfs - ok
21:40:10.0662 4116 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
21:40:10.0664 4116 NTIDrvr - ok
21:40:10.0778 4116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:40:10.0779 4116 Null - ok
21:40:10.0870 4116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:40:10.0893 4116 nvraid - ok
21:40:11.0004 4116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:40:11.0019 4116 nvstor - ok
21:40:11.0163 4116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:40:11.0165 4116 nv_agp - ok
21:40:11.0264 4116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:40:11.0266 4116 ohci1394 - ok
21:40:11.0307 4116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:40:11.0309 4116 Parport - ok
21:40:11.0334 4116 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:40:11.0336 4116 partmgr - ok
21:40:11.0361 4116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:40:11.0364 4116 pci - ok
21:40:11.0392 4116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:40:11.0408 4116 pciide - ok
21:40:11.0459 4116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:40:11.0463 4116 pcmcia - ok
21:40:11.0495 4116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:40:11.0497 4116 pcw - ok
21:40:11.0522 4116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:40:11.0530 4116 PEAUTH - ok
21:40:11.0677 4116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:40:11.0691 4116 PptpMiniport - ok
21:40:11.0783 4116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:40:11.0785 4116 Processor - ok
21:40:11.0914 4116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:40:11.0917 4116 Psched - ok
21:40:12.0014 4116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:40:12.0046 4116 ql2300 - ok
21:40:12.0075 4116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:40:12.0077 4116 ql40xx - ok
21:40:12.0100 4116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:40:12.0101 4116 QWAVEdrv - ok
21:40:12.0121 4116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:40:12.0123 4116 RasAcd - ok
21:40:12.0219 4116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:40:12.0222 4116 RasAgileVpn - ok
21:40:12.0253 4116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:40:12.0256 4116 Rasl2tp - ok
21:40:12.0275 4116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:40:12.0278 4116 RasPppoe - ok
21:40:12.0314 4116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:40:12.0316 4116 RasSstp - ok
21:40:12.0343 4116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:40:12.0349 4116 rdbss - ok
21:40:12.0387 4116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:40:12.0388 4116 rdpbus - ok
21:40:12.0414 4116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:40:12.0416 4116 RDPCDD - ok
21:40:12.0442 4116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:40:12.0463 4116 RDPENCDD - ok
21:40:12.0497 4116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:40:12.0499 4116 RDPREFMP - ok
21:40:12.0526 4116 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:40:12.0529 4116 RDPWD - ok
21:40:12.0611 4116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:40:12.0615 4116 rdyboost - ok
21:40:12.0760 4116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:40:12.0763 4116 rspndr - ok
21:40:12.0786 4116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:40:12.0788 4116 sbp2port - ok
21:40:12.0816 4116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:40:12.0817 4116 scfilter - ok
21:40:12.0833 4116 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
21:40:12.0862 4116 sdbus - ok
21:40:12.0968 4116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:40:12.0970 4116 secdrv - ok
21:40:12.0993 4116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:40:12.0995 4116 Serenum - ok
21:40:13.0038 4116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:40:13.0041 4116 Serial - ok
21:40:13.0107 4116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:40:13.0108 4116 sermouse - ok
21:40:13.0162 4116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:40:13.0163 4116 sffdisk - ok
21:40:13.0174 4116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:40:13.0176 4116 sffp_mmc - ok
21:40:13.0188 4116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:40:13.0189 4116 sffp_sd - ok
21:40:13.0221 4116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:40:13.0239 4116 sfloppy - ok
21:40:13.0294 4116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:40:13.0296 4116 SiSRaid2 - ok
21:40:13.0306 4116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:40:13.0308 4116 SiSRaid4 - ok
21:40:13.0329 4116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:40:13.0331 4116 Smb - ok
21:40:13.0477 4116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:40:13.0478 4116 spldr - ok
21:40:13.0568 4116 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
21:40:13.0593 4116 SRTSP - ok
21:40:13.0676 4116 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
21:40:13.0677 4116 SRTSPX - ok
21:40:13.0762 4116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:40:13.0781 4116 srv - ok
21:40:13.0873 4116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:40:13.0879 4116 srv2 - ok
21:40:13.0921 4116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:40:13.0924 4116 srvnet - ok
21:40:14.0017 4116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:40:14.0019 4116 stexstor - ok
21:40:14.0081 4116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:40:14.0102 4116 swenum - ok
21:40:14.0266 4116 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
21:40:14.0284 4116 SymDS - ok
21:40:14.0529 4116 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
21:40:14.0580 4116 SymEFA - ok
21:40:14.0965 4116 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
21:40:14.0969 4116 SymEvent - ok
21:40:15.0377 4116 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
21:40:15.0393 4116 SymIRON - ok
21:40:15.0691 4116 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
21:40:15.0724 4116 SymNetS - ok
21:40:15.0878 4116 SynTP (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
21:40:15.0912 4116 SynTP - ok
21:40:16.0126 4116 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:40:16.0194 4116 Tcpip - ok
21:40:16.0449 4116 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:40:16.0460 4116 TCPIP6 - ok
21:40:16.0590 4116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:40:16.0592 4116 tcpipreg - ok
21:40:16.0663 4116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:40:16.0665 4116 TDPIPE - ok
21:40:16.0747 4116 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:40:16.0763 4116 TDTCP - ok
21:40:16.0837 4116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:40:16.0840 4116 tdx - ok
21:40:16.0910 4116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:40:16.0912 4116 TermDD - ok
21:40:17.0028 4116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:40:17.0031 4116 tssecsrv - ok
21:40:17.0182 4116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:40:17.0184 4116 TsUsbFlt - ok
21:40:17.0277 4116 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:40:17.0296 4116 TsUsbGD - ok
21:40:17.0440 4116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:40:17.0443 4116 tunnel - ok
21:40:17.0577 4116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:40:17.0579 4116 uagp35 - ok
21:40:17.0649 4116 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
21:40:17.0651 4116 UBHelper - ok
21:40:17.0698 4116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:40:17.0703 4116 udfs - ok
21:40:17.0817 4116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:40:17.0819 4116 uliagpkx - ok
21:40:17.0846 4116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:40:17.0848 4116 umbus - ok
21:40:17.0912 4116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:40:17.0945 4116 UmPass - ok
21:40:18.0050 4116 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:40:18.0068 4116 USBAAPL64 - ok
21:40:18.0143 4116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:40:18.0165 4116 usbccgp - ok
21:40:18.0263 4116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:40:18.0265 4116 usbcir - ok
21:40:18.0364 4116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:40:18.0366 4116 usbehci - ok
21:40:18.0484 4116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:40:18.0489 4116 usbhub - ok
21:40:18.0580 4116 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:40:18.0582 4116 usbohci - ok
21:40:18.0686 4116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:40:18.0688 4116 usbprint - ok
21:40:18.0810 4116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:40:18.0830 4116 USBSTOR - ok
21:40:18.0939 4116 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:40:18.0941 4116 usbuhci - ok
21:40:19.0067 4116 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:40:19.0071 4116 usbvideo - ok
21:40:19.0187 4116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:40:19.0202 4116 vdrvroot - ok
21:40:19.0330 4116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:40:19.0332 4116 vga - ok
21:40:19.0418 4116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:40:19.0419 4116 VgaSave - ok
21:40:19.0512 4116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:40:19.0537 4116 vhdmp - ok
21:40:19.0634 4116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:40:19.0635 4116 viaide - ok
21:40:19.0739 4116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:40:19.0741 4116 volmgr - ok
21:40:19.0808 4116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:40:19.0828 4116 volmgrx - ok
21:40:19.0934 4116 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:40:19.0938 4116 volsnap - ok
21:40:20.0045 4116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:40:20.0048 4116 vsmraid - ok
21:40:20.0113 4116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:40:20.0114 4116 vwifibus - ok
21:40:20.0176 4116 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:40:20.0178 4116 vwififlt - ok
21:40:20.0327 4116 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:40:20.0330 4116 vwifimp - ok
21:40:20.0423 4116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:40:20.0425 4116 WacomPen - ok
21:40:20.0540 4116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:40:20.0562 4116 WANARP - ok
21:40:20.0565 4116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:40:20.0567 4116 Wanarpv6 - ok
21:40:20.0710 4116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:40:20.0711 4116 Wd - ok
21:40:20.0833 4116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:40:20.0841 4116 Wdf01000 - ok
21:40:20.0970 4116 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
21:40:20.0972 4116 wdkmd - ok
21:40:21.0100 4116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:40:21.0120 4116 WfpLwf - ok
21:40:21.0226 4116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:40:21.0228 4116 WIMMount - ok
21:40:21.0382 4116 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:40:21.0404 4116 WinUsb - ok
21:40:21.0577 4116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:40:21.0579 4116 WmiAcpi - ok
21:40:21.0747 4116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:40:21.0748 4116 ws2ifsl - ok
21:40:21.0930 4116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:40:21.0933 4116 WudfPf - ok
21:40:22.0041 4116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:40:22.0044 4116 WUDFRd - ok
21:40:22.0084 4116 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
21:40:22.0119 4116 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:40:22.0119 4116 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:40:22.0155 4116 Boot (0x1200) (4c66794edaae027d970c854cab69c0b8) \Device\Harddisk0\DR0\Partition0
21:40:22.0157 4116 \Device\Harddisk0\DR0\Partition0 - ok
21:40:22.0171 4116 Boot (0x1200) (068c2e47f59f604153c2cce0b529c543) \Device\Harddisk0\DR0\Partition1
21:40:22.0173 4116 \Device\Harddisk0\DR0\Partition1 - ok
21:40:22.0173 4116 ============================================================
21:40:22.0173 4116 Scan finished
21:40:22.0173 4116 ============================================================
21:40:22.0182 1508 Detected object count: 1
21:40:22.0182 1508 Actual detected object count: 1
21:40:33.0778 1508 \Device\Harddisk0\DR0\# - copied to quarantine
21:40:33.0779 1508 \Device\Harddisk0\DR0 - copied to quarantine
21:40:33.0849 1508 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:40:33.0864 1508 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
21:40:33.0872 1508 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:40:33.0881 1508 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:40:33.0902 1508 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
21:40:33.0917 1508 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
21:40:33.0919 1508 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
21:40:33.0921 1508 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
21:40:33.0924 1508 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
21:40:33.0927 1508 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
21:40:33.0931 1508 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
21:40:33.0934 1508 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
21:40:33.0964 1508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:40:33.0965 1508 \Device\Harddisk0\DR0 - ok
21:40:34.0403 1508 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:40:39.0023 4328 Deinitialize success
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`c6500000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
22:02:50.0649 1768 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
22:02:51.0180 1768 ============================================================
22:02:51.0180 1768 Current date / time: 2012/02/13 22:02:51.0180
22:02:51.0180 1768 SystemInfo:
22:02:51.0180 1768
22:02:51.0180 1768 OS Version: 6.1.7601 ServicePack: 1.0
22:02:51.0180 1768 Product type: Workstation
22:02:51.0180 1768 ComputerName: KATHYWILLIAMS
22:02:51.0180 1768 UserName: Kathy Williams
22:02:51.0180 1768 Windows directory: C:\Windows
22:02:51.0180 1768 System windows directory: C:\Windows
22:02:51.0180 1768 Running under WOW64
22:02:51.0180 1768 Processor architecture: Intel x64
22:02:51.0180 1768 Number of processors: 4
22:02:51.0180 1768 Page size: 0x1000
22:02:51.0180 1768 Boot type: Normal boot
22:02:51.0180 1768 ============================================================
22:02:51.0726 1768 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:02:51.0726 1768 \Device\Harddisk0\DR0:
22:02:51.0726 1768 MBR used
22:02:51.0726 1768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
22:02:51.0726 1768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
22:02:51.0757 1768 Initialize success
22:02:51.0757 1768 ============================================================
22:03:07.0731 0952 ============================================================
22:03:07.0731 0952 Scan started
22:03:07.0731 0952 Mode: Manual;
22:03:07.0731 0952 ============================================================
22:03:08.0153 0952 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:03:08.0168 0952 1394ohci - ok
22:03:08.0277 0952 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:03:08.0277 0952 ACPI - ok
22:03:08.0480 0952 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:03:08.0480 0952 AcpiPmi - ok
22:03:08.0589 0952 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:03:08.0621 0952 adp94xx - ok
22:03:08.0745 0952 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:03:08.0745 0952 adpahci - ok
22:03:08.0855 0952 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:03:08.0870 0952 adpu320 - ok
22:03:08.0995 0952 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
22:03:08.0995 0952 AFD - ok
22:03:09.0104 0952 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:03:09.0120 0952 agp440 - ok
22:03:09.0245 0952 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:03:09.0245 0952 aliide - ok
22:03:09.0369 0952 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:03:09.0369 0952 amdide - ok
22:03:09.0463 0952 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:03:09.0463 0952 AmdK8 - ok
22:03:09.0557 0952 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:03:09.0572 0952 AmdPPM - ok
22:03:09.0697 0952 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:03:09.0713 0952 amdsata - ok
22:03:09.0822 0952 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:03:09.0822 0952 amdsbs - ok
22:03:09.0947 0952 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:03:09.0947 0952 amdxata - ok
22:03:10.0056 0952 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:03:10.0056 0952 AppID - ok
22:03:10.0212 0952 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:03:10.0212 0952 arc - ok
22:03:10.0305 0952 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:03:10.0305 0952 arcsas - ok
22:03:10.0461 0952 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:03:10.0461 0952 AsyncMac - ok
22:03:10.0586 0952 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:03:10.0586 0952 atapi - ok
22:03:10.0758 0952 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:03:10.0789 0952 b06bdrv - ok
22:03:10.0929 0952 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:03:10.0945 0952 b57nd60a - ok
22:03:11.0070 0952 b57xdbd (a424cb46a145e5aabf15621550976df2) C:\Windows\system32\DRIVERS\b57xdbd.sys
22:03:11.0085 0952 b57xdbd - ok
22:03:11.0226 0952 b57xdmp (be4e6fd5a898812b85d5817ad9754a9f) C:\Windows\system32\DRIVERS\b57xdmp.sys
22:03:11.0226 0952 b57xdmp - ok
22:03:11.0382 0952 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:03:11.0382 0952 Beep - ok
22:03:11.0569 0952 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
22:03:11.0569 0952 BHDrvx64 - ok
22:03:11.0678 0952 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
22:03:11.0709 0952 blbdrive - ok
22:03:11.0834 0952 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:03:11.0834 0952 bowser - ok
22:03:11.0928 0952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:03:11.0928 0952 BrFiltLo - ok
22:03:12.0021 0952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:03:12.0021 0952 BrFiltUp - ok
22:03:12.0146 0952 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:03:12.0146 0952 Brserid - ok
22:03:12.0255 0952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:03:12.0255 0952 BrSerWdm - ok
22:03:12.0349 0952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:03:12.0349 0952 BrUsbMdm - ok
22:03:12.0458 0952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:03:12.0458 0952 BrUsbSer - ok
22:03:12.0583 0952 bScsiMSa (520408cfdb56de8cdb44b2f11b9c5b5c) C:\Windows\system32\DRIVERS\bScsiMSa.sys
22:03:12.0583 0952 bScsiMSa - ok
22:03:12.0692 0952 bScsiSDa (9f880f03f4a72215c8b77fd51322c297) C:\Windows\system32\DRIVERS\bScsiSDa.sys
22:03:12.0692 0952 bScsiSDa - ok
22:03:12.0801 0952 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
22:03:12.0801 0952 BTHMODEM - ok
22:03:12.0957 0952 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys
22:03:12.0973 0952 ccSet_NIS - ok
22:03:13.0051 0952 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:03:13.0067 0952 cdfs - ok
22:03:13.0191 0952 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:03:13.0191 0952 cdrom - ok
22:03:13.0301 0952 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:03:13.0301 0952 circlass - ok
22:03:13.0379 0952 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:03:13.0379 0952 CLFS - ok
22:03:13.0535 0952 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
22:03:13.0550 0952 CmBatt - ok
22:03:13.0659 0952 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:03:13.0659 0952 cmdide - ok
22:03:13.0784 0952 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:03:13.0800 0952 CNG - ok
22:03:13.0909 0952 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
22:03:13.0925 0952 Compbatt - ok
22:03:14.0049 0952 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:03:14.0049 0952 CompositeBus - ok
22:03:14.0190 0952 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:03:14.0190 0952 crcdisk - ok
22:03:14.0330 0952 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:03:14.0330 0952 DfsC - ok
22:03:14.0455 0952 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:03:14.0471 0952 discache - ok
22:03:14.0595 0952 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:03:14.0595 0952 Disk - ok
22:03:14.0736 0952 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:03:14.0736 0952 drmkaud - ok
22:03:14.0876 0952 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:03:14.0892 0952 DXGKrnl - ok
22:03:15.0063 0952 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:03:15.0141 0952 ebdrv - ok
22:03:15.0219 0952 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
22:03:15.0235 0952 eeCtrl - ok
22:03:15.0375 0952 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:03:15.0375 0952 elxstor - ok
22:03:15.0469 0952 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
22:03:15.0469 0952 EraserUtilRebootDrv - ok
22:03:15.0578 0952 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:03:15.0578 0952 ErrDev - ok
22:03:15.0719 0952 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:03:15.0719 0952 exfat - ok
22:03:15.0828 0952 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:03:15.0828 0952 fastfat - ok
22:03:15.0968 0952 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:03:15.0968 0952 fdc - ok
22:03:16.0093 0952 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:03:16.0109 0952 FileInfo - ok
22:03:16.0218 0952 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:03:16.0218 0952 Filetrace - ok
22:03:16.0327 0952 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:03:16.0327 0952 flpydisk - ok
22:03:16.0436 0952 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:03:16.0436 0952 FltMgr - ok
22:03:16.0545 0952 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:03:16.0545 0952 FsDepends - ok
22:03:16.0639 0952 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:03:16.0639 0952 Fs_Rec - ok
22:03:16.0764 0952 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:03:16.0764 0952 fvevol - ok
22:03:16.0873 0952 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:03:16.0873 0952 gagp30kx - ok
22:03:17.0029 0952 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:03:17.0029 0952 GEARAspiWDM - ok
22:03:17.0138 0952 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:03:17.0138 0952 hcw85cir - ok
22:03:17.0263 0952 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:03:17.0279 0952 HdAudAddService - ok
22:03:17.0403 0952 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:03:17.0403 0952 HDAudBus - ok
22:03:17.0528 0952 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:03:17.0528 0952 HidBatt - ok
22:03:17.0762 0952 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:03:17.0762 0952 HidBth - ok
22:03:17.0840 0952 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:03:17.0856 0952 HidIr - ok
22:03:18.0012 0952 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:03:18.0012 0952 HidUsb - ok
22:03:18.0183 0952 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:03:18.0183 0952 HpSAMD - ok
22:03:18.0324 0952 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:03:18.0324 0952 HTTP - ok
22:03:18.0417 0952 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:03:18.0417 0952 hwpolicy - ok
22:03:18.0620 0952 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:03:18.0620 0952 i8042prt - ok
22:03:18.0761 0952 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys
22:03:18.0761 0952 iaStor - ok
22:03:18.0948 0952 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:03:18.0963 0952 iaStorV - ok
22:03:19.0135 0952 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSvia64.sys
22:03:19.0135 0952 IDSVia64 - ok
22:03:19.0431 0952 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:03:19.0681 0952 igfx - ok
22:03:19.0806 0952 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:03:19.0806 0952 iirsp - ok
22:03:19.0899 0952 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
22:03:19.0931 0952 IntcAzAudAddService - ok
22:03:20.0071 0952 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:03:20.0087 0952 IntcDAud - ok
22:03:20.0196 0952 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:03:20.0196 0952 intelide - ok
22:03:20.0258 0952 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:03:20.0258 0952 intelppm - ok
22:03:20.0352 0952 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:03:20.0352 0952 IpFilterDriver - ok
22:03:20.0477 0952 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:03:20.0477 0952 IPMIDRV - ok
22:03:20.0617 0952 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:03:20.0617 0952 IPNAT - ok
22:03:20.0711 0952 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:03:20.0711 0952 IRENUM - ok
22:03:20.0835 0952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:03:20.0835 0952 isapnp - ok
22:03:20.0945 0952 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:03:20.0960 0952 iScsiPrt - ok
22:03:21.0038 0952 k57nd60a (0469bff65bbdee9e46d0c45ee32a08bd) C:\Windows\system32\DRIVERS\k57nd60a.sys
22:03:21.0069 0952 k57nd60a - ok
22:03:21.0194 0952 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:03:21.0194 0952 kbdclass - ok
22:03:21.0303 0952 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:03:21.0319 0952 kbdhid - ok
22:03:21.0428 0952 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:03:21.0428 0952 KSecDD - ok
22:03:21.0569 0952 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:03:21.0584 0952 KSecPkg - ok
22:03:21.0678 0952 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:03:21.0693 0952 ksthunk - ok
22:03:21.0818 0952 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:03:21.0818 0952 lltdio - ok
22:03:21.0943 0952 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:03:21.0943 0952 LSI_FC - ok
22:03:22.0021 0952 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:03:22.0037 0952 LSI_SAS - ok
22:03:22.0037 0952 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:03:22.0052 0952 LSI_SAS2 - ok
22:03:22.0068 0952 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:03:22.0068 0952 LSI_SCSI - ok
22:03:22.0177 0952 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:03:22.0177 0952 luafv - ok
22:03:22.0286 0952 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
22:03:22.0286 0952 MBAMProtector - ok
22:03:22.0411 0952 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:03:22.0411 0952 megasas - ok
22:03:22.0489 0952 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:03:22.0489 0952 MegaSR - ok
22:03:22.0614 0952 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:03:22.0614 0952 MEIx64 - ok
22:03:22.0754 0952 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:03:22.0770 0952 Modem - ok
22:03:22.0863 0952 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:03:22.0863 0952 monitor - ok
22:03:22.0973 0952 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:03:22.0973 0952 mouclass - ok
22:03:23.0082 0952 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:03:23.0097 0952 mouhid - ok
22:03:23.0129 0952 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:03:23.0129 0952 mountmgr - ok
22:03:23.0160 0952 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:03:23.0160 0952 mpio - ok
22:03:23.0222 0952 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:03:23.0238 0952 mpsdrv - ok
22:03:23.0269 0952 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:03:23.0269 0952 MRxDAV - ok
22:03:23.0316 0952 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:03:23.0331 0952 mrxsmb - ok
22:03:23.0425 0952 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:03:23.0441 0952 mrxsmb10 - ok
22:03:23.0472 0952 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:03:23.0472 0952 mrxsmb20 - ok
22:03:23.0503 0952 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:03:23.0503 0952 msahci - ok
22:03:23.0565 0952 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:03:23.0565 0952 msdsm - ok
22:03:23.0690 0952 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:03:23.0690 0952 Msfs - ok
22:03:23.0768 0952 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:03:23.0768 0952 mshidkmdf - ok
22:03:23.0784 0952 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:03:23.0784 0952 msisadrv - ok
22:03:23.0909 0952 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:03:23.0909 0952 MSKSSRV - ok
22:03:24.0033 0952 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:03:24.0033 0952 MSPCLOCK - ok
22:03:24.0143 0952 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:03:24.0143 0952 MSPQM - ok
22:03:24.0252 0952 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:03:24.0252 0952 MsRPC - ok
22:03:24.0283 0952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:03:24.0283 0952 mssmbios - ok
22:03:24.0361 0952 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:03:24.0361 0952 MSTEE - ok
22:03:24.0361 0952 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:03:24.0377 0952 MTConfig - ok
22:03:24.0408 0952 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:03:24.0408 0952 Mup - ok
22:03:24.0564 0952 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:03:24.0579 0952 NativeWifiP - ok
22:03:24.0767 0952 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\ENG64.SYS
22:03:24.0767 0952 NAVENG - ok
22:03:24.0829 0952 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\EX64.SYS
22:03:24.0829 0952 NAVEX15 - ok
22:03:25.0032 0952 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
22:03:25.0047 0952 NDIS - ok
22:03:25.0188 0952 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:03:25.0188 0952 NdisCap - ok
22:03:25.0328 0952 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:03:25.0328 0952 NdisTapi - ok
22:03:25.0469 0952 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:03:25.0469 0952 Ndisuio - ok
22:03:25.0625 0952 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:03:25.0625 0952 NdisWan - ok
22:03:25.0781 0952 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:03:25.0781 0952 NDProxy - ok
22:03:25.0968 0952 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:03:25.0968 0952 NetBIOS - ok
22:03:26.0124 0952 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:03:26.0139 0952 NetBT - ok
22:03:26.0467 0952 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
22:03:26.0623 0952 NETwNs64 - ok
22:03:26.0795 0952 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:03:26.0795 0952 nfrd960 - ok
22:03:26.0966 0952 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:03:26.0982 0952 Npfs - ok
22:03:27.0138 0952 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:03:27.0138 0952 nsiproxy - ok
22:03:27.0278 0952 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:03:27.0309 0952 Ntfs - ok
22:03:27.0497 0952 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
22:03:27.0497 0952 NTIDrvr - ok
22:03:27.0699 0952 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:03:27.0699 0952 Null - ok
22:03:27.0855 0952 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:03:27.0887 0952 nvraid - ok
22:03:28.0011 0952 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:03:28.0027 0952 nvstor - ok
22:03:28.0152 0952 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:03:28.0152 0952 nv_agp - ok
22:03:28.0292 0952 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:03:28.0292 0952 ohci1394 - ok
22:03:28.0417 0952 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:03:28.0417 0952 Parport - ok
22:03:28.0511 0952 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:03:28.0511 0952 partmgr - ok
22:03:28.0667 0952 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:03:28.0667 0952 pci - ok
22:03:28.0776 0952 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:03:28.0776 0952 pciide - ok
22:03:28.0885 0952 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:03:28.0885 0952 pcmcia - ok
22:03:29.0010 0952 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:03:29.0010 0952 pcw - ok
22:03:29.0103 0952 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:03:29.0119 0952 PEAUTH - ok
22:03:29.0291 0952 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:03:29.0306 0952 PptpMiniport - ok
22:03:29.0431 0952 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:03:29.0431 0952 Processor - ok
22:03:29.0571 0952 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:03:29.0571 0952 Psched - ok
22:03:29.0743 0952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:03:29.0774 0952 ql2300 - ok
22:03:29.0961 0952 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:03:29.0961 0952 ql40xx - ok
22:03:30.0133 0952 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:03:30.0133 0952 QWAVEdrv - ok
22:03:30.0289 0952 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:03:30.0289 0952 RasAcd - ok
22:03:30.0429 0952 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:03:30.0429 0952 RasAgileVpn - ok
22:03:30.0570 0952 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:03:30.0570 0952 Rasl2tp - ok
22:03:30.0695 0952 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:03:30.0710 0952 RasPppoe - ok
22:03:30.0835 0952 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:03:30.0835 0952 RasSstp - ok
22:03:30.0975 0952 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:03:30.0975 0952 rdbss - ok
22:03:31.0100 0952 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:03:31.0100 0952 rdpbus - ok
22:03:31.0241 0952 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:03:31.0241 0952 RDPCDD - ok
22:03:31.0381 0952 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:03:31.0397 0952 RDPENCDD - ok
22:03:31.0506 0952 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:03:31.0506 0952 RDPREFMP - ok
22:03:31.0615 0952 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:03:31.0615 0952 RDPWD - ok
22:03:31.0771 0952 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:03:31.0771 0952 rdyboost - ok
22:03:31.0958 0952 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:03:31.0958 0952 rspndr - ok
22:03:32.0083 0952 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:03:32.0083 0952 sbp2port - ok
22:03:32.0223 0952 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:03:32.0223 0952 scfilter - ok
22:03:32.0364 0952 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
22:03:32.0379 0952 sdbus - ok
22:03:32.0520 0952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:03:32.0535 0952 secdrv - ok
22:03:32.0645 0952 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:03:32.0645 0952 Serenum - ok
22:03:32.0785 0952 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:03:32.0785 0952 Serial - ok
22:03:32.0925 0952 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:03:32.0941 0952 sermouse - ok
22:03:33.0066 0952 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:03:33.0066 0952 sffdisk - ok
22:03:33.0191 0952 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:03:33.0191 0952 sffp_mmc - ok
22:03:33.0315 0952 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:03:33.0315 0952 sffp_sd - ok
22:03:33.0409 0952 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:03:33.0409 0952 sfloppy - ok
22:03:33.0565 0952 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:03:33.0565 0952 SiSRaid2 - ok
22:03:33.0659 0952 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:03:33.0659 0952 SiSRaid4 - ok
22:03:33.0799 0952 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:03:33.0815 0952 Smb - ok
22:03:34.0002 0952 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:03:34.0002 0952 spldr - ok
22:03:34.0220 0952 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1305000.091\SRTSP64.SYS
22:03:34.0220 0952 SRTSP - ok
22:03:34.0407 0952 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1305000.091\SRTSPX64.SYS
22:03:34.0407 0952 SRTSPX - ok
22:03:34.0548 0952 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:03:34.0579 0952 srv - ok
22:03:34.0704 0952 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:03:34.0704 0952 srv2 - ok
22:03:34.0829 0952 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:03:34.0844 0952 srvnet - ok
22:03:34.0985 0952 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:03:34.0985 0952 stexstor - ok
22:03:35.0125 0952 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:03:35.0141 0952 swenum - ok
22:03:35.0297 0952 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS
22:03:35.0312 0952 SymDS - ok
22:03:35.0453 0952 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS
22:03:35.0484 0952 SymEFA - ok
22:03:35.0702 0952 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
22:03:35.0702 0952 SymEvent - ok
22:03:35.0905 0952 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS
22:03:35.0905 0952 SymIRON - ok
22:03:36.0108 0952 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS
22:03:36.0108 0952 SymNetS - ok
22:03:36.0248 0952 SynTP (ef51b22706db03f0857fade127c804ec) C:\Windows\system32\DRIVERS\SynTP.sys
22:03:36.0264 0952 SynTP - ok
22:03:36.0389 0952 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:03:36.0451 0952 Tcpip - ok
22:03:36.0623 0952 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:03:36.0638 0952 TCPIP6 - ok
22:03:36.0747 0952 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:03:36.0747 0952 tcpipreg - ok
22:03:36.0810 0952 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:03:36.0810 0952 TDPIPE - ok
22:03:36.0888 0952 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:03:36.0903 0952 TDTCP - ok
22:03:37.0013 0952 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:03:37.0028 0952 tdx - ok
22:03:37.0091 0952 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:03:37.0091 0952 TermDD - ok
22:03:37.0247 0952 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:03:37.0262 0952 tssecsrv - ok
22:03:37.0357 0952 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:03:37.0357 0952 TsUsbFlt - ok
22:03:37.0435 0952 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:03:37.0450 0952 TsUsbGD - ok
22:03:37.0560 0952 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:03:37.0575 0952 tunnel - ok
22:03:37.0653 0952 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:03:37.0653 0952 uagp35 - ok
22:03:37.0747 0952 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
22:03:37.0747 0952 UBHelper - ok
22:03:37.0825 0952 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:03:37.0825 0952 udfs - ok
22:03:37.0950 0952 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:03:37.0950 0952 uliagpkx - ok
22:03:38.0028 0952 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:03:38.0028 0952 umbus - ok
22:03:38.0121 0952 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:03:38.0137 0952 UmPass - ok
22:03:38.0262 0952 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
22:03:38.0277 0952 USBAAPL64 - ok
22:03:38.0402 0952 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:03:38.0418 0952 usbccgp - ok
22:03:38.0542 0952 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:03:38.0542 0952 usbcir - ok
22:03:38.0667 0952 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:03:38.0667 0952 usbehci - ok
22:03:38.0745 0952 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:03:38.0745 0952 usbhub - ok
22:03:38.0839 0952 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:03:38.0839 0952 usbohci - ok
22:03:38.0932 0952 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
22:03:38.0932 0952 usbprint - ok
22:03:39.0057 0952 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:03:39.0073 0952 USBSTOR - ok
22:03:39.0182 0952 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:03:39.0182 0952 usbuhci - ok
22:03:39.0322 0952 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:03:39.0322 0952 usbvideo - ok
22:03:39.0463 0952 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:03:39.0478 0952 vdrvroot - ok
22:03:39.0588 0952 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:03:39.0588 0952 vga - ok
22:03:39.0681 0952 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:03:39.0681 0952 VgaSave - ok
22:03:39.0775 0952 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:03:39.0790 0952 vhdmp - ok
22:03:39.0868 0952 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:03:39.0868 0952 viaide - ok
22:03:39.0978 0952 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:03:39.0978 0952 volmgr - ok
22:03:40.0056 0952 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:03:40.0071 0952 volmgrx - ok
22:03:40.0180 0952 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:03:40.0196 0952 volsnap - ok
22:03:40.0321 0952 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:03:40.0321 0952 vsmraid - ok
22:03:40.0446 0952 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:03:40.0446 0952 vwifibus - ok
22:03:40.0586 0952 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:03:40.0586 0952 vwififlt - ok
22:03:40.0680 0952 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:03:40.0680 0952 vwifimp - ok
22:03:40.0758 0952 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:03:40.0758 0952 WacomPen - ok
22:03:40.0882 0952 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:40.0914 0952 WANARP - ok
22:03:40.0945 0952 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:03:40.0960 0952 Wanarpv6 - ok
22:03:41.0085 0952 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:03:41.0085 0952 Wd - ok
22:03:41.0210 0952 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:03:41.0210 0952 Wdf01000 - ok
22:03:41.0366 0952 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
22:03:41.0382 0952 wdkmd - ok
22:03:41.0522 0952 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:03:41.0522 0952 WfpLwf - ok
22:03:41.0647 0952 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:03:41.0647 0952 WIMMount - ok
22:03:41.0834 0952 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:03:41.0850 0952 WinUsb - ok
22:03:41.0974 0952 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:03:41.0974 0952 WmiAcpi - ok
22:03:42.0099 0952 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:03:42.0099 0952 ws2ifsl - ok
22:03:42.0193 0952 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:03:42.0193 0952 WudfPf - ok
22:03:42.0318 0952 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:03:42.0318 0952 WUDFRd - ok
22:03:42.0349 0952 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:03:42.0427 0952 \Device\Harddisk0\DR0 - ok
22:03:42.0427 0952 Boot (0x1200) (4c66794edaae027d970c854cab69c0b8) \Device\Harddisk0\DR0\Partition0
22:03:42.0427 0952 \Device\Harddisk0\DR0\Partition0 - ok
22:03:42.0458 0952 Boot (0x1200) (068c2e47f59f604153c2cce0b529c543) \Device\Harddisk0\DR0\Partition1
22:03:42.0458 0952 \Device\Harddisk0\DR0\Partition1 - ok
22:03:42.0458 0952 ============================================================
22:03:42.0458 0952 Scan finished
22:03:42.0458 0952 ============================================================
22:03:42.0458 5620 Detected object count: 0
22:03:42.0458 5620 Actual detected object count: 0
 
Looks good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-02-13.01 - Kathy Williams 02/13/2012 22:19:22.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5996.4294 [GMT -6:00]
Running from: c:\users\Kathy Williams\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Kathy Williams\AppData\Roaming\Microsoft\Windows\Recent\DVDFab.url
.
.
((((((((((((((((((((((((( Files Created from 2012-01-14 to 2012-02-14 )))))))))))))))))))))))))))))))
.
.
2012-02-14 04:24 . 2012-02-14 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 03:40 . 2012-02-14 03:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-13 01:34 . 2012-02-13 01:42 16200 ----a-w- c:\windows\stinger.sys
2012-02-13 01:34 . 2012-02-13 02:32 -------- d-----w- c:\program files (x86)\stinger
2012-02-12 22:48 . 2012-02-12 22:48 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\Malwarebytes
2012-02-12 22:48 . 2012-02-12 22:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-12 22:48 . 2012-02-12 22:48 -------- d-----w- c:\programdata\Malwarebytes
2012-02-12 22:48 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 20:34 . 2012-02-11 20:35 -------- d-----w- c:\users\Kathy Williams\books
2012-02-11 05:01 . 2012-02-11 05:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7DD9.tmp
2012-02-11 05:01 . 2012-02-11 05:01 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\7DD8.tmp
2012-02-02 19:56 . 2012-02-11 05:02 -------- d-----w- c:\windows\system32\drivers\NISx64\1305000.091
2012-01-28 03:22 . 2012-01-28 03:22 -------- d-----w- c:\users\Kathy Williams\AppData\Local\Windows Live Writer
2012-01-28 03:22 . 2012-01-28 03:22 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\Windows Live Writer
2012-01-26 15:47 . 2012-01-31 03:14 -------- d-----w- c:\users\Kathy Williams\AppData\Local\CrashDumps
2012-01-24 01:40 . 2012-01-24 01:40 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\MoveFab
2012-01-20 02:23 . 2012-01-20 02:23 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\DVDFab
2012-01-20 02:17 . 2012-01-20 02:17 -------- d-----w- c:\programdata\dvdfab
2012-01-20 02:17 . 2012-01-20 02:23 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt
2012-01-20 01:43 . 2012-01-20 01:43 -------- d-----w- c:\users\Kathy Williams\AppData\Roaming\com.amazon.music.uploader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-12 21:39 . 2011-12-31 17:03 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-02 19:56 . 2011-04-15 13:57 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-01 00:06 . 2012-01-01 00:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-31 04:10 . 2011-12-31 04:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-31 04:10 . 2011-12-31 04:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-31 04:10 . 2011-12-31 04:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-31 04:10 . 2011-12-31 04:10 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-31 04:10 . 2011-12-31 04:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-31 04:10 . 2011-12-31 04:10 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-31 04:10 . 2011-12-31 04:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-31 04:10 . 2011-12-31 04:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-31 04:10 . 2011-12-31 04:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-31 04:10 . 2011-12-31 04:10 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-31 04:10 . 2011-12-31 04:10 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-31 04:10 . 2011-12-31 04:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-31 04:10 . 2011-12-31 04:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-31 04:10 . 2011-12-31 04:10 448512 ----a-w- c:\windows\system32\html.iec
2011-12-31 04:10 . 2011-12-31 04:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-31 04:10 . 2011-12-31 04:10 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-31 04:10 . 2011-12-31 04:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-31 04:10 . 2011-12-31 04:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-31 04:10 . 2011-12-31 04:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-31 04:10 . 2011-12-31 04:10 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-31 04:10 . 2011-12-31 04:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-31 04:10 . 2011-12-31 04:10 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-31 04:10 . 2011-12-31 04:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-31 04:10 . 2011-12-31 04:10 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-31 04:10 . 2011-12-31 04:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-31 04:10 . 2011-12-31 04:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-31 04:10 . 2011-12-31 04:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-31 04:10 . 2011-12-31 04:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-31 04:10 . 2011-12-31 04:10 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-31 04:10 . 2011-12-31 04:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-31 04:10 . 2011-12-31 04:10 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-31 04:10 . 2011-12-31 04:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-31 04:10 . 2011-12-31 04:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-31 04:10 . 2011-12-31 04:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-31 04:06 . 2011-12-31 04:06 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-12-31 04:06 . 2011-04-15 13:59 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-31 04:06 . 2011-04-15 13:59 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-31 03:43 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-24 04:52 . 2011-12-31 14:09 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 14:58 . 2012-01-11 13:57 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 13:57 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:49 . 2012-01-13 15:12 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 06:49 . 2012-01-13 15:12 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 06:44 . 2012-01-13 15:12 459232 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 06:41 . 2012-01-11 13:57 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 06:35 . 2012-01-13 15:12 395776 ----a-w- c:\windows\system32\webio.dll
2011-11-17 06:35 . 2012-01-13 15:12 29184 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 06:35 . 2012-01-13 15:12 136192 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 06:35 . 2012-01-13 15:12 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 06:35 . 2012-01-13 15:12 28160 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 06:35 . 2012-01-13 15:12 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 06:33 . 2012-01-13 15:12 31232 ----a-w- c:\windows\system32\lsass.exe
2011-11-17 05:38 . 2012-01-11 13:57 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-17 05:35 . 2012-01-13 15:12 314880 ----a-w- c:\windows\SysWow64\webio.dll
2011-11-17 05:34 . 2012-01-13 15:12 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-17 05:34 . 2012-01-13 15:12 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2011-11-17 05:28 . 2012-01-13 15:12 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2011-02-15 290112]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Kathy Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1305000.091\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1305000.091\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2011-12-01 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1305000.091\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1305000.091\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1305000.091\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-02-23 873064]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-01-31 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe [2011-11-30 138248]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-02-15 257344]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-11 138360]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500286521-3479545865-473360372-1000Core.job
- c:\users\Kathy Williams\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 03:45]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500286521-3479545865-473360372-1000UA.job
- c:\users\Kathy Williams\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 03:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2011-02-23 1796200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.bing.com/?pc=MAGW
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kathy Williams\AppData\Roaming\Mozilla\Firefox\Profiles\pt6s29a2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.5.0.145\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-02-13 22:48:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-14 04:48
.
Pre-Run: 355,299,123,200 bytes free
Post-Run: 355,758,243,840 bytes free
.
- - End Of File - - 4D8F5B95170549DBE5FA870F8B952554
 
Looks good :)

How is computer doing?

Uninstall McAfee Security Scan Plus, typical foistware.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 2/13/2012 11:23:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kathy Williams\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.86 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 68.86% Memory free
11.71 Gb Paging File | 9.82 Gb Available in Paging File | 83.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.66 Gb Total Space | 331.22 Gb Free Space | 73.50% Space Free | Partition Type: NTFS

Computer Name: KATHYWILLIAMS | User Name: Kathy Williams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/13 23:21:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy Williams\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccsvchst.exe
PRC - [2011/03/14 05:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 05:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 05:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 05:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/15 12:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
PRC - [2011/02/15 12:35:50 | 000,290,112 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
PRC - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/10/28 10:55:02 | 000,969,824 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 19:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/02/03 02:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/20 03:37:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/20 03:37:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2012/01/20 03:37:28 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2012/01/20 03:37:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2012/01/20 03:37:25 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
MOD - [2012/01/20 03:37:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2012/01/20 03:37:16 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2012/01/20 03:37:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2012/01/20 03:37:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2012/01/20 03:37:05 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2012/01/20 03:36:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/01/19 23:35:35 | 000,411,120 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll
MOD - [2012/01/19 23:35:34 | 003,767,792 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
MOD - [2012/01/19 23:34:10 | 000,122,880 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\avutil-51.dll
MOD - [2012/01/19 23:34:09 | 000,222,208 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\avformat-53.dll
MOD - [2012/01/19 23:34:07 | 001,746,432 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\avcodec-53.dll
MOD - [2012/01/19 20:14:40 | 008,593,056 | ---- | M] () -- C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
MOD - [2011/12/31 18:07:16 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/15 12:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/22 23:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/12/17 16:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 16:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 16:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/29 20:17:50 | 000,138,248 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe -- (NIS)
SRV - [2011/03/14 05:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/15 12:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/12/22 14:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/22 14:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 19:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/02 13:56:54 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/23 20:23:47 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/11/23 19:50:27 | 000,738,936 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/11/23 19:50:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/11/16 21:37:59 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/11/16 21:17:49 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/11/04 17:59:30 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/25 20:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1305000.091\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/25 19:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/20 19:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/01/20 19:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/01/19 21:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/01/17 16:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2011/01/13 19:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/12/25 12:25:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/12/21 11:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 02:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/09/13 19:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/07/29 07:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2012/02/13 10:47:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\ex64.sys -- (NAVEX15)
DRV - [2012/02/13 10:47:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20120213.002\eng64.sys -- (NAVENG)
DRV - [2012/02/10 21:11:51 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/03 20:45:04 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/12/15 17:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20120210.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011/11/30 20:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20120207.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/02 00:01:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/02/13 23:01:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/12 20:57:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/01 16:28:42 | 000,000,000 | ---D | M]

[2011/12/31 11:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy Williams\AppData\Roaming\Mozilla\Extensions
[2012/02/12 17:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy Williams\AppData\Roaming\Mozilla\Firefox\Profiles\pt6s29a2.default\extensions
[2012/02/12 20:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/02 00:01:59 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
() (No name found) -- C:\USERS\KATHY WILLIAMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PT6S29A2.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\KATHY WILLIAMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PT6S29A2.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012/02/08 14:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/08 11:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/13 14:20:40 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/08 11:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.1.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kathy Williams\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: TV = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Livestation = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckdlnnjkjmmcfhfamndcpocjekeanpb\1.1_0\
CHR - Extension: Learn Hebrew - Ma Kore = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiphfaggmjkobfelhkaddcoagngjogeg\1_0\
CHR - Extension: Send to Kindle = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\2.6.3_0\
CHR - Extension: TV for Google Chrome = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lambangeielkjcnmioccboaphdfcffib\2.2.4_0\
CHR - Extension: Social TV = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgngdongggnefkmefanocbikldkboaaj\1.2.3_0\
CHR - Extension: Norton Identity Protection = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\
CHR - Extension: Gmail = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Learn Spanish - Qu Onda Spanish = C:\Users\Kathy Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj\1_0\

O1 HOSTS File: ([2012/02/13 22:43:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Kathy Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3500286521-3479545865-473360372-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{063522AA-F17C-413D-9759-2BA885638C21}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 23:22:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy Williams\Desktop\OTL.exe
[2012/02/13 22:43:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/02/13 22:16:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/13 22:16:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/13 22:16:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/13 22:16:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/13 22:14:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/13 22:13:37 | 004,403,246 | R--- | C] (Swearware) -- C:\Users\Kathy Williams\Desktop\ComboFix.exe
[2012/02/13 22:02:33 | 002,061,360 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kathy Williams\Desktop\tdsskiller.exe
[2012/02/13 21:40:33 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/12 21:14:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\Desktop\GooredFix Backups
[2012/02/12 19:34:17 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/02/12 19:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/02/12 16:48:28 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\Malwarebytes
[2012/02/12 16:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/12 16:48:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/12 16:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/12 16:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/11 14:34:55 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\books
[2012/01/27 21:22:07 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\Windows Live Writer
[2012/01/27 21:22:07 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Local\Windows Live Writer
[2012/01/26 09:47:27 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Local\CrashDumps
[2012/01/23 19:40:16 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\MoveFab
[2012/01/19 20:23:31 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\DVDFab
[2012/01/19 20:17:17 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\Documents\DVDFab
[2012/01/19 20:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2012/01/19 20:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012/01/19 20:17:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
[2012/01/19 19:43:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\AppData\Roaming\com.amazon.music.uploader
[2012/01/19 19:43:47 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\Documents\Amazon MP3 Uploader
[2012/01/18 10:03:24 | 000,000,000 | ---D | C] -- C:\Users\Kathy Williams\Documents\books

========== Files - Modified Within 30 Days ==========

[2012/02/13 23:21:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy Williams\Desktop\OTL.exe
[2012/02/13 23:09:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 23:09:06 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 23:08:38 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/13 23:08:38 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/13 23:08:38 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/13 23:01:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/13 23:01:40 | 420,368,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 22:56:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3500286521-3479545865-473360372-1000UA.job
[2012/02/13 22:56:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3500286521-3479545865-473360372-1000Core.job
[2012/02/13 22:43:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/13 22:10:30 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\Kathy Williams\Desktop\ComboFix.exe
[2012/02/13 21:39:04 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kathy Williams\Desktop\tdsskiller.exe
[2012/02/13 20:31:06 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kathy Williams\Desktop\boot_cleaner.exe
[2012/02/13 20:28:23 | 000,000,512 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\MBR.dat
[2012/02/12 20:57:17 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/12 19:42:51 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/02/12 16:48:06 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 09:05:12 | 000,778,834 | ---- | M] () -- C:\Users\Kathy Williams\Documents\PerfStringBackup.INI
[2012/02/10 23:08:18 | 000,002,519 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/10 23:02:45 | 001,488,921 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\Cat.DB
[2012/02/10 23:02:31 | 000,004,782 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\VT20111023.024
[2012/02/02 13:56:54 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/02/02 13:56:54 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/02/02 13:56:54 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/01/30 21:13:27 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/26 22:26:45 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1305000.091\isolate.ini
[2012/01/25 23:51:17 | 000,002,455 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\Google Chrome.lnk
[2012/01/21 03:01:29 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/20 00:04:05 | 000,001,192 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\Dictionary .NET.lnk
[2012/01/19 20:17:05 | 000,001,060 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\DVDFab Profile Editor.lnk
[2012/01/19 20:17:05 | 000,001,047 | ---- | M] () -- C:\Users\Kathy Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk
[2012/01/19 20:17:05 | 000,001,023 | ---- | M] () -- C:\Users\Kathy Williams\Desktop\DVDFab 8 Qt.lnk
[2012/01/19 19:43:41 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\Amazon MP3 Uploader.lnk
[2012/01/15 00:58:07 | 000,015,299 | ---- | M] () -- C:\Users\Kathy Williams\Documents\Sunday songs.odt

========== Files Created - No Company Name ==========

[2012/02/13 22:16:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/13 22:16:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/13 22:16:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/13 22:16:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/13 22:16:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/13 20:28:23 | 000,000,512 | ---- | C] () -- C:\Users\Kathy Williams\Desktop\MBR.dat
[2012/02/12 20:57:17 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/12 20:57:16 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/12 16:59:00 | 000,778,834 | ---- | C] () -- C:\Users\Kathy Williams\Documents\PerfStringBackup.INI
[2012/02/12 16:48:06 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/30 21:13:26 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/01/20 00:04:05 | 000,001,192 | ---- | C] () -- C:\Users\Kathy Williams\Desktop\Dictionary .NET.lnk
[2012/01/20 00:01:07 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/19 20:17:05 | 000,001,060 | ---- | C] () -- C:\Users\Kathy Williams\Desktop\DVDFab Profile Editor.lnk
[2012/01/19 20:17:05 | 000,001,047 | ---- | C] () -- C:\Users\Kathy Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8 Qt.lnk
[2012/01/19 20:17:05 | 000,001,023 | ---- | C] () -- C:\Users\Kathy Williams\Desktop\DVDFab 8 Qt.lnk
[2012/01/19 19:43:41 | 000,001,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon MP3 Uploader.lnk
[2012/01/19 19:43:41 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\Amazon MP3 Uploader.lnk
[2012/01/15 00:58:04 | 000,015,299 | ---- | C] () -- C:\Users\Kathy Williams\Documents\Sunday songs.odt
[2011/04/15 08:16:07 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/15 08:16:06 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/15 08:16:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/12/31 13:49:01 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\Amazon
[2012/01/19 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\com.amazon.music.uploader
[2012/01/19 20:23:31 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\DVDFab
[2012/01/23 19:40:16 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\MoveFab
[2011/12/31 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\OpenOffice.org
[2012/01/06 02:22:59 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\SNS
[2012/01/27 21:22:07 | 000,000,000 | ---D | M] -- C:\Users\Kathy Williams\AppData\Roaming\Windows Live Writer
[2009/07/13 23:08:49 | 000,009,392 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/04/15 08:19:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/02/13 22:48:05 | 000,021,986 | ---- | M] () -- C:\ComboFix.txt
[2012/02/13 23:01:40 | 420,368,383 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 17:38:27 | 000,000,040 | ---- | M] () -- C:\log.txt
[2012/02/13 23:01:45 | 1992,146,943 | -HS- | M] () -- C:\pagefile.sys
[2012/02/13 21:40:39 | 000,084,538 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_13.02.2012_21.39.30_log.txt
[2012/02/13 22:07:02 | 000,081,740 | ---- | M] () -- C:\TDSSKiller.2.7.12.0_13.02.2012_22.02.50_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/12/30 20:46:22 | 000,000,221 | -HS- | M] () -- C:\Users\Kathy Williams\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/13 20:31:06 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Kathy Williams\Desktop\boot_cleaner.exe
[2012/02/13 22:10:30 | 004,403,246 | R--- | M] (Swearware) -- C:\Users\Kathy Williams\Desktop\ComboFix.exe
[2012/02/13 23:21:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy Williams\Desktop\OTL.exe
[2012/02/13 21:39:04 | 002,061,360 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kathy Williams\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/12/30 20:42:21 | 000,000,402 | -HS- | M] () -- C:\Users\Kathy Williams\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
You must log in or register to reply here.

Similar threads

C
Solved Possible Malware from ccleaner issue
2 3
Replies
60
Views
12K
Broni
Broni
SheilaCalhoun
  • Locked
Inactive "Smart Guard" virus/malware?
Replies
3
Views
2K
Broni
Broni
R
Solved Internet connectivity issue after malware removal
Replies
21
Views
5K
Broni
Broni

Latest posts

Back