Jump to content

buckskinpass

Members
  • Content Count

    30
  • Joined

  • Last visited

About buckskinpass

  • Rank
    Member
  • Birthday 12/20/1957

Contact Methods

  • Website URL
    http://

Profile Information

  • Location
    Colorado Springs
  • Interests
    Computers<br />Computer games

Previous Fields

  • System Specifications:
    Pentium 4 EE Gallatin core 800FSB 3.2gig Gigabyte 81PE1000 Pro/ Intel 965 Chipset Aspire 500 watt power supply 2.5 gig PC3200 DDR CAS 2.5-3-3-6 timings Sound Blaster Audigy Platnum Maxtor 80 gig 7200 RPM SATA 8meg cache Maxtor 100 gig 7200 RPM SATA 8meg cache Pioneer DVD rom Liteonit 48-24-48 CD R/RW EVGA 6800 GT AGP 256 DDR3 Artic Cooling NV5 silencer Fan/sink Samsung 960 bf 19" LCD 4ms g to g
  • TechExpress Link:
    http://www.pcpitstop.com/techexpress.asp?id=RECK0W34XECSBQXQ
  • Teams:
    Nothing Selected
  1. TomK you’re awesome, a last thank you for taking the time to help not only me but so many others, you rock! All tools have been removed and I'll checkout the suggested links.
  2. Heres the new log. ComboFix 12-08-05.02 - Owner 08/05/2012 10:17:35.4.4 - x64 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.2314 [GMT -6:00] Running from: c:usersOwnerDesktopComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 ))))))))))))))))))))))))))))))) . . 2012-08-05 16:22 . 2012-08-05 16:22 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp 2012-08-05 16:22 . 2012-08-05 16:22 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-08-05 03:33 . 2012-08-05 03:33 -------- d-----w- C:FRST 2012-07-30 21:49 . 2012-07-30 21:49 -------- d-sh--w- c:windowsSysWow64%APPDATA% 2012-07-28 22:06 . 2012-07-28 22:35 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-07-28 22:06 . 2012-07-28 22:07 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2012-07-11 10:46 . 2012-06-05 16:22 974848 ----a-w- c:program filesCommon FilesSystemadomsado15.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 22:28 . 2012-04-04 11:13 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-08-02 22:28 . 2011-05-29 10:44 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-07-11 23:16 . 2006-11-02 12:35 59701280 ----a-w- c:windowssystem32mrt.exe 2012-07-03 19:46 . 2011-04-01 19:02 24904 ----a-w- c:windowssystem32driversmbam.sys 2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:windowsSysWow64msxml4.dll 2012-06-02 22:19 . 2012-06-23 11:01 38424 ----a-w- c:windowssystem32wups.dll 2012-06-02 22:19 . 2012-06-23 11:01 2428952 ----a-w- c:windowssystem32wuaueng.dll 2012-06-02 22:19 . 2012-06-23 11:01 57880 ----a-w- c:windowssystem32wuauclt.exe 2012-06-02 22:19 . 2012-06-23 11:01 44056 ----a-w- c:windowssystem32wups2.dll 2012-06-02 22:19 . 2012-06-23 11:01 35864 ----a-w- c:windowsSysWow64wups.dll 2012-06-02 22:19 . 2012-06-23 11:01 701976 ----a-w- c:windowssystem32wuapi.dll 2012-06-02 22:19 . 2012-06-23 11:01 577048 ----a-w- c:windowsSysWow64wuapi.dll 2012-06-02 22:15 . 2012-06-23 11:01 2622464 ----a-w- c:windowssystem32wucltux.dll 2012-06-02 22:15 . 2012-06-23 11:01 99840 ----a-w- c:windowssystem32wudriver.dll 2012-06-02 22:12 . 2012-06-23 11:01 88576 ----a-w- c:windowsSysWow64wudriver.dll 2012-06-02 21:19 . 2012-06-23 11:01 186752 ----a-w- c:windowssystem32wuwebv.dll 2012-06-02 21:19 . 2012-06-23 11:01 171904 ----a-w- c:windowsSysWow64wuwebv.dll 2012-06-02 21:15 . 2012-06-23 11:01 36864 ----a-w- c:windowssystem32wuapp.exe 2012-06-02 21:12 . 2012-06-23 11:01 33792 ----a-w- c:windowsSysWow64wuapp.exe . . ((((((((((((((((((((((((((((( [email protected]_19.49.38 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:09 . 2012-08-05 11:28 48604 c:windowssystem32WDIShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:44 . 2012-08-05 11:28 90290 c:windowssystem32WDIBootPerformanceDiagnostics_SystemData.bin + 2011-04-01 05:42 . 2012-08-05 11:28 13052 c:windowssystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-4096261934-966222998-2717033517-1000_UserData.bin + 2011-04-01 05:39 . 2012-08-05 01:38 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-04-01 05:39 . 2012-08-03 12:57 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2011-04-01 05:39 . 2012-08-05 01:38 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2011-04-01 05:39 . 2012-08-05 01:38 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2012-08-05 11:26 . 2012-08-05 11:26 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat - 2012-08-03 19:49 . 2012-08-03 19:49 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat + 2012-08-05 11:26 . 2012-08-05 11:26 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat + 2011-04-02 22:07 . 2012-08-05 16:10 342284 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin - 2006-11-02 12:46 . 2012-07-28 01:59 607406 c:windowssystem32perfh009.dat + 2006-11-02 12:46 . 2012-08-05 00:55 607406 c:windowssystem32perfh009.dat - 2006-11-02 12:46 . 2012-07-28 01:59 105046 c:windowssystem32perfc009.dat + 2006-11-02 12:46 . 2012-08-05 00:55 105046 c:windowssystem32perfc009.dat - 2011-04-01 07:32 . 2012-08-03 18:26 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat + 2011-04-01 07:32 . 2012-08-05 11:18 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat + 2011-04-24 11:59 . 2012-08-05 11:18 44815315 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-4096261934-966222998-2717033517-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "JMB36X IDE Setup"="c:windowsRaidToolxInsIDE.exe" [2010-09-07 43608] "Copperhead"="c:program files (x86)RazerCopperheadrazerhid.exe" [2005-11-25 155648] "Tarantula"="c:program files (x86)RazerTarantularazerhid.exe" [2007-05-07 159744] "NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [2010-11-17 113288] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-05-31 59280] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . R3 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-01-03 63928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-02 250056] . . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionSvchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-08-05 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 22:28] . 2012-08-05 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44] . 2012-08-05 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "RTHDVCPL"="c:program filesRealtekAudioHDARAVCpl64.exe" [2011-06-09 11860072] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011 mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:progra~2MICROS~3Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll FF - ProfilePath - c:usersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/? . . [HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesN360] "ImagePath"=""c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "c:program files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClasses] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, . Completion time: 2012-08-05 10:24:30 ComboFix-quarantined-files.txt 2012-08-05 16:24 ComboFix2.txt 2012-08-04 11:33 ComboFix3.txt 2012-08-04 04:40 ComboFix4.txt 2012-08-03 19:52 . Pre-Run: 83,198,644,224 bytes free Post-Run: 84,411,547,648 bytes free . - - End Of File - - 5CCB3EF1BC3A44D9C589B969FB601769
  3. Sorry, I didn't even think about that. Here it is with corrections made. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01 Ran by SYSTEM at 2012-08-05 05:24:51 Run:2 Running from H: ============================================== C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c} moved successfully. C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c} moved successfully. C:WindowsassemblyGAC_32Desktop.ini moved successfully. C:WindowsassemblyGAC_64Desktop.ini moved successfully. c:windowssystem32services.exe moved successfully. c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe copied successfully to c:windowssystem32services.exe ==== End of Fixlog ====
  4. well, here it is hope this worked. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01 Ran by SYSTEM at 2012-08-04 21:55:33 Run:1 Running from H: ============================================== C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:WindowsassemblyGAC_32Desktop.iniC:WindowsassemblyGAC_64Desktop.iniReplace: c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe c:windowssystem32services.exe not found. Could not find C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:WindowsassemblyGAC_32Desktop.iniC:WindowsassemblyGAC_64Desktop.inic:windowssystem32services.exe. Could not find C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:WindowsassemblyGAC_32Desktop.iniC:WindowsassemblyGAC_64Desktop.inic:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe . ==== End of Fixlog ====
  5. OK heres this log and thanks again for all the time and expertise Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01 Ran by SYSTEM at 04-08-2012 19:34:05 Running from H: Windows Vista Ultimate (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM...Run: [RTHDVCPL] C:Program FilesRealtekAudioHDARAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor) HKLM-x32...Run: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe [43608 2010-09-07] () HKLM-x32...Run: [Copperhead] "C:Program Files (x86)RazerCopperheadrazerhid.exe" [155648 2005-11-25] () HKLM-x32...Run: [Tarantula] "C:Program Files (x86)RazerTarantularazerhid.exe" [159744 2007-05-07] (Razer USA Ltd.) HKLM-x32...Run: [NUSB3MON] "C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [113288 2010-11-16] (Renesas Electronics Corporation) HKLM-x32...Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32...Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKUDefault...Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation) HKUDefault...Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation) HKUDefault User...Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation) HKUDefault User...Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation) TcpipParameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) ====== 2 Diskeeper; "C:Program FilesDiskeeper CorporationDiskeeperDkService.exe" [1824536 2008-12-09] (Diskeeper Corporation) 3 Futuremark SystemInfo Service; "C:Program Files (x86)Common FilesFuturemark SharedFuturemark SystemInfoFMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation) 2 JMB36X; C:WindowsSysWOW64XSrvSetup.exe [72280 2010-09-07] () 2 MBAMService; "C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 N360; "C:Program Files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "C:Program Files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation) 2 PassThru Service; C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe [80896 2010-09-16] () 2 SBSDWSCService; C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) ========================== Drivers (Whitelisted) ============= 1 BHDrvx64; ??C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsBASHDefs20120711.002BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation) 1 ccSet_N360; C:Windowssystem32driversN360x640602010.005ccSetx64.sys [167048 2011-11-29] (Symantec Corporation) 3 copperhd; C:WindowsSystem32Driverscopperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd) 1 eeCtrl; ??C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys [484512 2012-05-31] (Symantec Corporation) 3 EraserUtilRebootDrv; ??C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [138912 2012-06-14] (Symantec Corporation) 1 IDSVia64; ??C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsIPSDefs20120803.002IDSvia64.sys [509088 2012-06-14] (Symantec Corporation) 3 MBAMProtector; ??C:Windowssystem32driversmbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 NAVENG; ??C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsVirusDefs20120804.009ENG64.SYS [120440 2012-08-04] (Symantec Corporation) 3 NAVEX15; ??C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsVirusDefs20120804.009EX64.SYS [2068600 2012-08-04] (Symantec Corporation) 1 SRTSP; C:WindowsSystem32DriversN360x640602010.005SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation) 1 SRTSPX; C:Windowssystem32driversN360x640602010.005SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation) 3 STTub203; C:WindowsSystem32DriversSTTub203.sys [33280 2007-05-02] () 0 SymDS; C:WindowsSystem32driversN360x640602010.005SYMDS64.SYS [451192 2012-01-17] (Symantec Corporation) 0 SymEFA; C:WindowsSystem32driversN360x640602010.005SYMEFA64.SYS [1092728 2012-01-17] (Symantec Corporation) 3 SymEvent; ??C:Windowssystem32DriversSYMEVENT64x86.SYS [175736 2012-04-09] (Symantec Corporation) 1 SymIRON; C:Windowssystem32driversN360x640602010.005Ironx64.SYS [190072 2012-01-17] (Symantec Corporation) 1 SYMTDIv; C:WindowsSystem32DriversN360x640602010.005SYMTDIV.SYS [445560 2012-01-17] (Symantec Corporation) 3 TarFltr; C:WindowsSystem32driversUsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.) 1 Beep; [x] 3 catchme; ??C:ComboFixcatchme.sys [x] 3 cpuz130; ??C:UsersOwnerAppDataLocalTempcpuz130cpuz_x64.sys [x] 3 cpuz135; ??C:WindowsTEMPcpuz135cpuz135_x64.sys [x] 3 gdrv; ??C:Windowsgdrv.sys [x] 3 IpInIp; C:WindowsSystem32DRIVERSipinip.sys [x] 3 NwlnkFlt; C:WindowsSystem32DRIVERSnwlnkflt.sys [x] 3 NwlnkFwd; C:WindowsSystem32DRIVERSnwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-04 19:33 - 2012-08-04 19:33 - 00000000 ____D C:FRST 2012-08-04 17:12 - 2012-08-04 17:13 - 00002105 ____A C:UsersOwnerDesktopdidn'tfind.txt 2012-08-04 13:48 - 2012-08-04 13:48 - 02136664 ____A (Kaspersky Lab ZAO) C:UsersOwnerDesktoptdsskiller.exe 2012-08-04 03:34 - 2012-08-04 03:34 - 00013783 ____A C:UsersOwnerDesktopcombofix2.txt 2012-08-04 03:33 - 2012-08-04 03:33 - 00013783 ____A C:ComboFix.txt 2012-08-03 20:51 - 2012-08-03 20:51 - 00014487 ____A C:UsersOwnerDesktopcombofix1.log 2012-08-03 11:59 - 2012-08-03 11:59 - 00012583 ____A C:UsersOwnerDesktopcombofix.log 2012-08-03 11:06 - 2011-06-25 22:45 - 00256000 ____A C:WindowsPEV.exe 2012-08-03 11:06 - 2010-11-07 09:20 - 00208896 ____A C:WindowsMBR.exe 2012-08-03 11:06 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:WindowsNIRCMD.exe 2012-08-03 11:06 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:WindowsSWREG.exe 2012-08-03 11:06 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:WindowsSWSC.exe 2012-08-03 11:06 - 2000-08-30 16:00 - 00098816 ____A C:Windowssed.exe 2012-08-03 11:06 - 2000-08-30 16:00 - 00080412 ____A C:Windowsgrep.exe 2012-08-03 11:06 - 2000-08-30 16:00 - 00068096 ____A C:Windowszip.exe 2012-08-03 03:09 - 2012-08-04 03:33 - 00000000 ____D C:Qoobox 2012-08-03 03:09 - 2012-08-04 03:31 - 00000000 ____D C:Windowserdnt 2012-08-03 03:04 - 2012-08-03 19:56 - 04724408 ____R (Swearware) C:UsersOwnerDesktopComboFix.exe 2012-08-02 18:52 - 2012-08-02 18:52 - 00000888 ____A C:UsersPublicDesktopWinZip.lnk 2012-08-02 18:51 - 2012-08-02 18:51 - 00000000 ____D C:Program Files (x86)WinZip 2012-08-02 18:44 - 2012-08-02 18:44 - 00013877 ____A C:UsersOwnerDesktopAttach.txt 2012-08-02 18:35 - 2012-08-02 18:35 - 00607260 ____R (Swearware) C:UsersOwnerDesktopdds.scr 2012-08-01 01:38 - 2012-08-01 01:38 - 00003760 ____A C:{3B247B8B-7B57-41AF-A6D4-D1EE9A0F913D} 2012-07-30 13:49 - 2012-07-30 13:49 - 00000000 __SHD C:WindowsSysWOW64%APPDATA% 2012-07-28 14:34 - 2012-07-28 14:34 - 00000208 ____A C:Windowswininit.ini 2012-07-28 14:07 - 2012-07-28 14:07 - 00001097 ____A C:UsersOwnerDesktopSpybot - Search & Destroy.lnk 2012-07-28 14:06 - 2012-07-28 14:35 - 00000000 ____D C:UsersAll UsersSpybot - Search & Destroy 2012-07-28 14:06 - 2012-07-28 14:07 - 00000000 ____D C:Program Files (x86)Spybot - Search & Destroy 2012-07-11 15:18 - 2012-07-11 15:18 - 00272064 ____A C:Windowsmsxml4-KB2721691-enu.LOG 2012-07-11 15:15 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:WindowsSystem32win32k.sys 2012-07-11 15:15 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.dll 2012-07-11 15:15 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:WindowsSystem32ieframe.dll 2012-07-11 15:15 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:WindowsSystem32jscript9.dll 2012-07-11 15:15 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:WindowsSystem32wininet.dll 2012-07-11 15:15 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:WindowsSystem32urlmon.dll 2012-07-11 15:15 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:WindowsSystem32inetcpl.cpl 2012-07-11 15:15 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:WindowsSystem32url.dll 2012-07-11 15:15 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:WindowsSystem32jsproxy.dll 2012-07-11 15:15 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:WindowsSystem32ieUnatt.exe 2012-07-11 15:15 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:WindowsSystem32jscript.dll 2012-07-11 15:15 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:WindowsSystem32iertutil.dll 2012-07-11 15:15 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.tlb 2012-07-11 15:15 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:WindowsSystem32mshtmled.dll 2012-07-11 15:15 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:WindowsSystem32ieui.dll 2012-07-11 15:15 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll 2012-07-11 15:15 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll 2012-07-11 15:15 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll 2012-07-11 15:15 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll 2012-07-11 15:15 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl 2012-07-11 15:15 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:WindowsSysWOW64wininet.dll 2012-07-11 15:15 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:WindowsSysWOW64url.dll 2012-07-11 15:15 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll 2012-07-11 15:15 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe 2012-07-11 15:15 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll 2012-07-11 15:15 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript.dll 2012-07-11 15:15 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll 2012-07-11 15:15 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb 2012-07-11 15:15 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:WindowsSysWOW64ieui.dll 2012-07-11 02:46 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:WindowsSystem32shell32.dll 2012-07-11 02:46 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:WindowsSysWOW64shell32.dll 2012-07-11 02:46 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml6.dll 2012-07-11 02:46 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml3.dll 2012-07-11 02:46 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:WindowsSystem32msxml3.dll 2012-07-11 02:46 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:WindowsSystem32msxml6.dll 2012-07-11 02:46 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:WindowsSystem32Driversksecdd.sys 2012-07-11 02:46 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:WindowsSystem32schannel.dll 2012-07-11 02:46 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:WindowsSystem32ncrypt.dll 2012-07-11 02:46 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:WindowsSysWOW64secur32.dll 2012-07-11 02:46 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:WindowsSysWOW64schannel.dll 2012-07-11 02:46 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:WindowsSysWOW64ncrypt.dll ============ 3 Months Modified Files ======================== 2012-08-04 17:20 - 2009-04-11 07:43 - 01821428 ____A C:WindowsWindowsUpdate.log 2012-08-04 17:20 - 2006-11-02 07:40 - 00032650 ____A C:WindowsTasksSCHEDLGU.TXT 2012-08-04 17:20 - 2006-11-02 07:40 - 00000006 ___AH C:WindowsTasksSA.DAT 2012-08-04 17:18 - 2011-05-29 02:44 - 00000892 ____A C:WindowsTasksGoogleUpdateTaskMachineCore.job 2012-08-04 17:18 - 2006-11-02 07:21 - 00004224 ___AH C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-04 17:18 - 2006-11-02 07:21 - 00004224 ___AH C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-04 17:13 - 2012-08-04 17:12 - 00002105 ____A C:UsersOwnerDesktopdidn'tfind.txt 2012-08-04 16:55 - 2006-11-02 04:46 - 00707410 ____A C:WindowsSystem32PerfStringBackup.INI 2012-08-04 15:28 - 2012-04-04 03:13 - 00000830 ____A C:WindowsTasksAdobe Flash Player Updater.job 2012-08-04 15:23 - 2011-05-29 02:44 - 00000896 ____A C:WindowsTasksGoogleUpdateTaskMachineUA.job 2012-08-04 13:48 - 2012-08-04 13:48 - 02136664 ____A (Kaspersky Lab ZAO) C:UsersOwnerDesktoptdsskiller.exe 2012-08-04 07:54 - 2011-08-20 03:41 - 00056042 ____A C:WindowsPFRO.log 2012-08-04 07:54 - 2011-03-31 22:32 - 00296346 ____A C:WindowsMinidumpMini080412-01.dmp 2012-08-04 03:34 - 2012-08-04 03:34 - 00013783 ____A C:UsersOwnerDesktopcombofix2.txt 2012-08-04 03:33 - 2012-08-04 03:33 - 00013783 ____A C:ComboFix.txt 2012-08-04 03:31 - 2006-11-02 04:34 - 00000215 ____A C:Windowssystem.ini 2012-08-03 20:51 - 2012-08-03 20:51 - 00014487 ____A C:UsersOwnerDesktopcombofix1.log 2012-08-03 19:56 - 2012-08-03 03:04 - 04724408 ____R (Swearware) C:UsersOwnerDesktopComboFix.exe 2012-08-03 11:59 - 2012-08-03 11:59 - 00012583 ____A C:UsersOwnerDesktopcombofix.log 2012-08-02 18:52 - 2012-08-02 18:52 - 00000888 ____A C:UsersPublicDesktopWinZip.lnk 2012-08-02 18:44 - 2012-08-02 18:44 - 00013877 ____A C:UsersOwnerDesktopAttach.txt 2012-08-02 18:35 - 2012-08-02 18:35 - 00607260 ____R (Swearware) C:UsersOwnerDesktopdds.scr 2012-08-02 14:28 - 2012-04-04 03:13 - 00426184 ____A (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe 2012-08-02 14:28 - 2011-05-29 02:44 - 00070344 ____A (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl 2012-08-01 01:38 - 2012-08-01 01:38 - 00003760 ____A C:{3B247B8B-7B57-41AF-A6D4-D1EE9A0F913D} 2012-07-28 14:34 - 2012-07-28 14:34 - 00000208 ____A C:Windowswininit.ini 2012-07-28 14:07 - 2012-07-28 14:07 - 00001097 ____A C:UsersOwnerDesktopSpybot - Search & Destroy.lnk 2012-07-27 17:51 - 2012-06-22 15:02 - 00000948 ____A C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk 2012-07-11 16:45 - 2006-11-02 07:21 - 00290840 ____A C:WindowsSystem32FNTCACHE.DAT 2012-07-11 15:18 - 2012-07-11 15:18 - 00272064 ____A C:Windowsmsxml4-KB2721691-enu.LOG 2012-07-11 15:18 - 2006-11-02 04:34 - 00000254 ____A C:Windowswin.ini 2012-07-11 15:16 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:WindowsSystem32mrt.exe 2012-07-03 11:46 - 2011-04-01 11:02 - 00024904 ____A (Malwarebytes Corporation) C:WindowsSystem32Driversmbam.sys 2012-06-26 19:25 - 2011-03-31 22:32 - 00296346 ____A C:WindowsMinidumpMini062612-01.dmp 2012-06-25 14:04 - 2012-06-25 14:04 - 01394248 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml4.dll 2012-06-24 02:47 - 2012-06-24 02:47 - 00000056 ____A C:{4CB57BAD-4475-4548-8557-04A976BE0C7F} 2012-06-22 14:57 - 2012-06-22 14:57 - 00000000 ____A C:WindowsSysWOW64Test.htm 2012-06-22 13:55 - 2012-06-22 13:55 - 00000064 ____A C:WindowsGPlrLanc.dat 2012-06-17 19:20 - 2012-06-17 19:20 - 00001694 ____A C:UsersPublicDesktopiTunes.lnk 2012-06-13 05:58 - 2012-07-11 15:15 - 02769408 ____A (Microsoft Corporation) C:WindowsSystem32win32k.sys 2012-06-08 09:59 - 2012-07-11 02:46 - 12899840 ____A (Microsoft Corporation) C:WindowsSystem32shell32.dll 2012-06-08 09:47 - 2012-07-11 02:46 - 11586048 ____A (Microsoft Corporation) C:WindowsSysWOW64shell32.dll 2012-06-05 08:47 - 2012-07-11 02:46 - 01401856 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml6.dll 2012-06-05 08:47 - 2012-07-11 02:46 - 01248768 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml3.dll 2012-06-05 08:22 - 2012-07-11 02:46 - 01869824 ____A (Microsoft Corporation) C:WindowsSystem32msxml3.dll 2012-06-05 08:22 - 2012-07-11 02:46 - 01797120 ____A (Microsoft Corporation) C:WindowsSystem32msxml6.dll 2012-06-04 07:29 - 2012-07-11 02:46 - 00516480 ____A (Microsoft Corporation) C:WindowsSystem32Driversksecdd.sys 2012-06-03 15:28 - 2012-06-03 15:28 - 00001756 ____A C:UsersPublicDesktopQuickTime Player.lnk 2012-06-02 14:19 - 2012-06-23 03:01 - 02428952 ____A (Microsoft Corporation) C:WindowsSystem32wuaueng.dll 2012-06-02 14:19 - 2012-06-23 03:01 - 00701976 ____A (Microsoft Corporation) C:WindowsSystem32wuapi.dll 2012-06-02 14:19 - 2012-06-23 03:01 - 00577048 ____A (Microsoft Corporation) C:WindowsSysWOW64wuapi.dll 2012-06-02 14:19 - 2012-06-23 03:01 - 00057880 ____A (Microsoft Corporation) C:WindowsSystem32wuauclt.exe 2012-06-02 14:19 - 2012-06-23 03:01 - 00044056 ____A (Microsoft Corporation) C:WindowsSystem32wups2.dll 2012-06-02 14:19 - 2012-06-23 03:01 - 00038424 ____A (Microsoft Corporation) C:WindowsSystem32wups.dll 2012-06-02 14:19 - 2012-06-23 03:01 - 00035864 ____A (Microsoft Corporation) C:WindowsSysWOW64wups.dll 2012-06-02 14:15 - 2012-06-23 03:01 - 02622464 ____A (Microsoft Corporation) C:WindowsSystem32wucltux.dll 2012-06-02 14:15 - 2012-06-23 03:01 - 00099840 ____A (Microsoft Corporation) C:WindowsSystem32wudriver.dll 2012-06-02 14:12 - 2012-06-23 03:01 - 00088576 ____A (Microsoft Corporation) C:WindowsSysWOW64wudriver.dll 2012-06-02 13:19 - 2012-06-23 03:01 - 00186752 ____A (Microsoft Corporation) C:WindowsSystem32wuwebv.dll 2012-06-02 13:19 - 2012-06-23 03:01 - 00171904 ____A (Microsoft Corporation) C:WindowsSysWOW64wuwebv.dll 2012-06-02 13:15 - 2012-06-23 03:01 - 00036864 ____A (Microsoft Corporation) C:WindowsSystem32wuapp.exe 2012-06-02 13:12 - 2012-06-23 03:01 - 00033792 ____A (Microsoft Corporation) C:WindowsSysWOW64wuapp.exe 2012-06-02 04:49 - 2012-07-11 15:15 - 17807360 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.dll 2012-06-02 04:17 - 2012-07-11 15:15 - 10924032 ____A (Microsoft Corporation) C:WindowsSystem32ieframe.dll 2012-06-02 04:12 - 2012-07-11 15:15 - 02311680 ____A (Microsoft Corporation) C:WindowsSystem32jscript9.dll 2012-06-02 04:05 - 2012-07-11 15:15 - 01392128 ____A (Microsoft Corporation) C:WindowsSystem32wininet.dll 2012-06-02 04:05 - 2012-07-11 15:15 - 01346048 ____A (Microsoft Corporation) C:WindowsSystem32urlmon.dll 2012-06-02 04:04 - 2012-07-11 15:15 - 01494528 ____A (Microsoft Corporation) C:WindowsSystem32inetcpl.cpl 2012-06-02 04:04 - 2012-07-11 15:15 - 00237056 ____A (Microsoft Corporation) C:WindowsSystem32url.dll 2012-06-02 04:03 - 2012-07-11 15:15 - 00085504 ____A (Microsoft Corporation) C:WindowsSystem32jsproxy.dll 2012-06-02 04:01 - 2012-07-11 15:15 - 00173056 ____A (Microsoft Corporation) C:WindowsSystem32ieUnatt.exe 2012-06-02 04:00 - 2012-07-11 15:15 - 00818688 ____A (Microsoft Corporation) C:WindowsSystem32jscript.dll 2012-06-02 03:59 - 2012-07-11 15:15 - 02144768 ____A (Microsoft Corporation) C:WindowsSystem32iertutil.dll 2012-06-02 03:57 - 2012-07-11 15:15 - 02382848 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.tlb 2012-06-02 03:57 - 2012-07-11 15:15 - 00096768 ____A (Microsoft Corporation) C:WindowsSystem32mshtmled.dll 2012-06-02 03:54 - 2012-07-11 15:15 - 00248320 ____A (Microsoft Corporation) C:WindowsSystem32ieui.dll 2012-06-02 01:07 - 2012-07-11 15:15 - 12314624 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll 2012-06-02 00:43 - 2012-07-11 15:15 - 09737728 ____A (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll 2012-06-02 00:33 - 2012-07-11 15:15 - 01800192 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll 2012-06-02 00:26 - 2012-07-11 15:15 - 01103872 ____A (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll 2012-06-02 00:25 - 2012-07-11 15:15 - 01427968 ____A (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl 2012-06-02 00:25 - 2012-07-11 15:15 - 01129472 ____A (Microsoft Corporation) C:WindowsSysWOW64wininet.dll 2012-06-02 00:23 - 2012-07-11 15:15 - 00231936 ____A (Microsoft Corporation) C:WindowsSysWOW64url.dll 2012-06-02 00:21 - 2012-07-11 15:15 - 00065024 ____A (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll 2012-06-02 00:20 - 2012-07-11 15:15 - 00142848 ____A (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe 2012-06-02 00:19 - 2012-07-11 15:15 - 01793024 ____A (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll 2012-06-02 00:19 - 2012-07-11 15:15 - 00716800 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript.dll 2012-06-02 00:17 - 2012-07-11 15:15 - 00073216 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll 2012-06-02 00:16 - 2012-07-11 15:15 - 02382848 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb 2012-06-02 00:14 - 2012-07-11 15:15 - 00176640 ____A (Microsoft Corporation) C:WindowsSysWOW64ieui.dll 2012-06-01 16:22 - 2012-07-11 02:46 - 00347136 ____A (Microsoft Corporation) C:WindowsSystem32schannel.dll 2012-06-01 16:22 - 2012-07-11 02:46 - 00254464 ____A (Microsoft Corporation) C:WindowsSystem32ncrypt.dll 2012-06-01 16:05 - 2012-07-11 02:46 - 00077312 ____A (Microsoft Corporation) C:WindowsSysWOW64secur32.dll 2012-06-01 16:04 - 2012-07-11 02:46 - 00278528 ____A (Microsoft Corporation) C:WindowsSysWOW64schannel.dll 2012-06-01 16:03 - 2012-07-11 02:46 - 00204288 ____A (Microsoft Corporation) C:WindowsSysWOW64ncrypt.dll 2012-05-26 14:51 - 2012-05-26 14:51 - 00000000 ____A C:WindowshpqEmlSz.INI 2012-05-26 14:38 - 2012-04-29 11:47 - 00010310 ____A C:WindowsSysWOW64TEST.log 2012-05-22 13:48 - 2011-04-11 18:24 - 00002117 ____A C:UsersPublicDesktopNorton 360.lnk 2012-05-14 18:56 - 2011-04-09 07:25 - 00001356 ____A C:UsersOwnerAppDataLocald3d9caps.dat ZeroAccess: C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c} C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}L C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}U ZeroAccess: C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c} C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}@ C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}L C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}U ZeroAccess: C:WindowsassemblyGAC_32Desktop.ini ZeroAccess: C:WindowsassemblyGAC_64Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:WindowsSystem32winlogon.exe => MD5 is legit C:WindowsSystem32wininit.exe => MD5 is legit C:WindowsSysWOW64wininit.exe => MD5 is legit C:Windowsexplorer.exe => MD5 is legit C:WindowsSysWOW64explorer.exe => MD5 is legit C:WindowsSystem32svchost.exe => MD5 is legit C:WindowsSysWOW64svchost.exe => MD5 is legit C:WindowsSystem32services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!. C:WindowsSystem32User32.dll => MD5 is legit C:WindowsSysWOW64User32.dll => MD5 is legit C:WindowsSystem32userinit.exe => MD5 is legit C:WindowsSysWOW64userinit.exe => MD5 is legit C:WindowsSystem32Driversvolsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM....exe: exefile => OK HKLM...exefileDefaultIcon: %1 => OK HKLM...exefileopencommand: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 4086.63 MB Available physical RAM: 3495.26 MB Total Pagefile: 3824.89 MB Available Pagefile: 3567.41 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 2 Drive c: () (Fixed) (Total:139.73 GB) (Free:78.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 3 Drive d: (Maxtor 80) (Fixed) (Total:76.32 GB) (Free:56.86 GB) NTFS 4 Drive e: (Maxtor100) (Fixed) (Total:93.36 GB) (Free:70.22 GB) NTFS 6 Drive g: (LRMCxFRE_EN_DVD) (CDROM) (Total:3.54 GB) (Free:0 GB) UDF 7 Drive h: (LGTHUMBDRIV) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT 8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 140 GB 1241 KB Disk 1 Online 76 GB 13 MB Disk 2 Online 93 GB 4346 KB Disk 3 Online 994 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 140 GB 1024 KB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 C NTFS Partition 140 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 76 GB 32 KB ================================================================================== Disk: 1 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D Maxtor 80 NTFS Partition 76 GB Healthy ================================================================================== Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 93 GB 32 KB ================================================================================== Disk: 2 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 E Maxtor100 NTFS Partition 93 GB Healthy ================================================================================== Partitions of Disk 3: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 993 MB 16 KB ================================================================================== Disk: 3 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 0 H LGTHUMBDRIV FAT Removable 993 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-08-04 07:59 ======================= End Of Log ==========================
  6. TDSKiller ran and heres the log. I never got the three optiions for any malicious objects. 15:49:00.0572 3352 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 15:49:01.0056 3352 ============================================================ 15:49:01.0056 3352 Current date / time: 2012/08/04 15:49:01.0056 15:49:01.0056 3352 SystemInfo: 15:49:01.0056 3352 15:49:01.0056 3352 OS Version: 6.0.6002 ServicePack: 2.0 15:49:01.0056 3352 Product type: Workstation 15:49:01.0056 3352 ComputerName: OWNER-PC 15:49:01.0056 3352 UserName: Owner 15:49:01.0056 3352 Windows directory: C:Windows 15:49:01.0056 3352 System windows directory: C:Windows 15:49:01.0056 3352 Running under WOW64 15:49:01.0056 3352 Processor architecture: Intel x64 15:49:01.0056 3352 Number of processors: 4 15:49:01.0056 3352 Page size: 0x1000 15:49:01.0056 3352 Boot type: Normal boot 15:49:01.0056 3352 ============================================================ 15:49:01.0992 3352 Drive DeviceHarddisk0DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:49:02.0007 3352 Drive DeviceHarddisk1DR1 - Size: 0x1315637E00 (76.33 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:49:02.0039 3352 Drive DeviceHarddisk2DR2 - Size: 0x1757AD1E00 (93.37 Gb), SectorSize: 0x200, Cylinders: 0x2F9C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:49:02.0039 3352 ============================================================ 15:49:02.0039 3352 DeviceHarddisk0DR0: 15:49:02.0039 3352 MBR partitions: 15:49:02.0039 3352 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11777800 15:49:02.0039 3352 DeviceHarddisk1DR1: 15:49:02.0039 3352 MBR partitions: 15:49:02.0039 3352 DeviceHarddisk1DR1Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC 15:49:02.0039 3352 DeviceHarddisk2DR2: 15:49:02.0039 3352 MBR partitions: 15:49:02.0039 3352 DeviceHarddisk2DR2Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBABAC5D 15:49:02.0039 3352 ============================================================ 15:49:02.0054 3352 C: <-> DeviceHarddisk0DR0Partition0 15:49:02.0070 3352 F: <-> DeviceHarddisk1DR1Partition0 15:49:02.0101 3352 G: <-> DeviceHarddisk2DR2Partition0 15:49:02.0101 3352 ============================================================ 15:49:02.0101 3352 Initialize success 15:49:02.0101 3352 ============================================================ 15:49:55.0315 4684 ============================================================ 15:49:55.0315 4684 Scan started 15:49:55.0315 4684 Mode: Manual; SigCheck; TDLFS; 15:49:55.0315 4684 ============================================================ 15:49:55.0783 4684 ACPI (1965aaffab07e3fb03c77f81beba3547) C:Windowssystem32driversacpi.sys 15:49:55.0923 4684 ACPI - ok 15:49:55.0985 4684 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe 15:49:55.0985 4684 AdobeARMservice - ok 15:49:56.0079 4684 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe 15:49:56.0079 4684 AdobeFlashPlayerUpdateSvc - ok 15:49:56.0110 4684 adp94xx (f14215e37cf124104575073f782111d2) C:Windowssystem32driversadp94xx.sys 15:49:56.0126 4684 adp94xx - ok 15:49:56.0157 4684 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:Windowssystem32driversadpahci.sys 15:49:56.0173 4684 adpahci - ok 15:49:56.0188 4684 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:Windowssystem32driversadpu160m.sys 15:49:56.0188 4684 adpu160m - ok 15:49:56.0204 4684 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:Windowssystem32driversadpu320.sys 15:49:56.0219 4684 adpu320 - ok 15:49:56.0251 4684 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:WindowsSystem32aelupsvc.dll 15:49:56.0391 4684 AeLookupSvc - ok 15:49:56.0422 4684 AFD (c4f6ce6087760ad70960c9eb130e7943) C:Windowssystem32driversafd.sys 15:49:56.0469 4684 AFD - ok 15:49:56.0500 4684 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:Windowssystem32driversagp440.sys 15:49:56.0500 4684 agp440 - ok 15:49:56.0516 4684 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:Windowssystem32driversdjsvs.sys 15:49:56.0516 4684 aic78xx - ok 15:49:56.0531 4684 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:WindowsSystem32alg.exe 15:49:56.0656 4684 ALG - ok 15:49:56.0672 4684 aliide (157d0898d4b73f075ce9fa26b482df98) C:Windowssystem32driversaliide.sys 15:49:56.0687 4684 aliide - ok 15:49:56.0687 4684 amdide (970fa5059e61e30d25307b99903e991e) C:Windowssystem32driversamdide.sys 15:49:56.0703 4684 amdide - ok 15:49:56.0719 4684 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:Windowssystem32driversamdk8.sys 15:49:56.0765 4684 AmdK8 - ok 15:49:56.0781 4684 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:WindowsSystem32appinfo.dll 15:49:56.0812 4684 Appinfo - ok 15:49:56.0875 4684 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe 15:49:56.0890 4684 Apple Mobile Device - ok 15:49:56.0906 4684 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:WindowsSystem32appmgmts.dll 15:49:56.0937 4684 AppMgmt - ok 15:49:56.0953 4684 arc (ba8417d4765f3988ff921f30f630e303) C:Windowssystem32driversarc.sys 15:49:56.0953 4684 arc - ok 15:49:56.0968 4684 arcsas (9d41c435619733b34cc16a511e644b11) C:Windowssystem32driversarcsas.sys 15:49:56.0984 4684 arcsas - ok 15:49:56.0999 4684 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:Windowssystem32DRIVERSasyncmac.sys 15:49:57.0031 4684 AsyncMac - ok 15:49:57.0031 4684 atapi (e68d9b3a3905619732f7fe039466a623) C:Windowssystem32driversatapi.sys 15:49:57.0046 4684 atapi - ok 15:49:57.0062 4684 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:WindowsSystem32Audiosrv.dll 15:49:57.0109 4684 AudioEndpointBuilder - ok 15:49:57.0109 4684 AudioSrv (79318c744693ec983d20e9337a2f8196) C:WindowsSystem32Audiosrv.dll 15:49:57.0140 4684 AudioSrv - ok 15:49:57.0155 4684 Beep - ok 15:49:57.0187 4684 BFE (ffb96c2589ffa60473ead78b39fbde29) C:WindowsSystem32bfe.dll 15:49:57.0233 4684 BFE - ok 15:49:57.0358 4684 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsBASHDefs20120711.002BHDrvx64.sys 15:49:57.0405 4684 BHDrvx64 - ok 15:49:57.0499 4684 blbdrive (79feeb40056683f8f61398d81dda65d2) C:Windowssystem32driversblbdrive.sys 15:49:57.0530 4684 blbdrive - ok 15:49:57.0592 4684 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:Program FilesBonjourmDNSResponder.exe 15:49:57.0608 4684 Bonjour Service - ok 15:49:57.0608 4684 bowser (2348447a80920b2493a9b582a23e81e1) C:Windowssystem32DRIVERSbowser.sys 15:49:57.0639 4684 bowser - ok 15:49:57.0655 4684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:Windowssystem32driversbrfiltlo.sys 15:49:57.0686 4684 BrFiltLo - ok 15:49:57.0701 4684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:Windowssystem32driversbrfiltup.sys 15:49:57.0733 4684 BrFiltUp - ok 15:49:57.0748 4684 Browser (a1b39de453433b115b4ea69ee0343816) C:WindowsSystem32browser.dll 15:49:57.0779 4684 Browser - ok 15:49:57.0795 4684 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:Windowssystem32driversbrserid.sys 15:49:57.0951 4684 Brserid - ok 15:49:57.0967 4684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:Windowssystem32driversbrserwdm.sys 15:49:58.0029 4684 BrSerWdm - ok 15:49:58.0029 4684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:Windowssystem32driversbrusbmdm.sys 15:49:58.0091 4684 BrUsbMdm - ok 15:49:58.0091 4684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:Windowssystem32driversbrusbser.sys 15:49:58.0138 4684 BrUsbSer - ok 15:49:58.0138 4684 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:Windowssystem32driversbthmodem.sys 15:49:58.0201 4684 BTHMODEM - ok 15:49:58.0232 4684 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:Windowssystem32driversBVRPMPR5a64.SYS 15:49:58.0232 4684 BVRPMPR5a64 - ok 15:49:58.0247 4684 catchme - ok 15:49:58.0325 4684 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:Windowssystem32driversN360x640602010.005ccSetx64.sys 15:49:58.0325 4684 ccSet_N360 - ok 15:49:58.0341 4684 cdfs (b4d787db8d30793a4d4df9feed18f136) C:Windowssystem32DRIVERScdfs.sys 15:49:58.0372 4684 cdfs - ok 15:49:58.0388 4684 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:Windowssystem32DRIVERScdrom.sys 15:49:58.0403 4684 cdrom - ok 15:49:58.0419 4684 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:WindowsSystem32certprop.dll 15:49:58.0466 4684 CertPropSvc - ok 15:49:58.0466 4684 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:Windowssystem32driverscirclass.sys 15:49:58.0497 4684 circlass - ok 15:49:58.0528 4684 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:Windowssystem32CLFS.sys 15:49:58.0544 4684 CLFS - ok 15:49:58.0606 4684 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe 15:49:58.0622 4684 clr_optimization_v2.0.50727_32 - ok 15:49:58.0669 4684 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe 15:49:58.0669 4684 clr_optimization_v2.0.50727_64 - ok 15:49:58.0715 4684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe 15:49:58.0731 4684 clr_optimization_v4.0.30319_32 - ok 15:49:58.0762 4684 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe 15:49:58.0762 4684 clr_optimization_v4.0.30319_64 - ok 15:49:58.0778 4684 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:Windowssystem32driverscmdide.sys 15:49:58.0793 4684 cmdide - ok 15:49:58.0793 4684 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:Windowssystem32driverscompbatt.sys 15:49:58.0809 4684 Compbatt - ok 15:49:58.0809 4684 COMSysApp - ok 15:49:58.0887 4684 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:Windowssystem32driverscopperhd.sys 15:49:58.0949 4684 copperhd - ok 15:49:59.0043 4684 cpuz130 - ok 15:49:59.0059 4684 cpuz135 - ok 15:49:59.0074 4684 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:Windowssystem32driverscrcdisk.sys 15:49:59.0090 4684 crcdisk - ok 15:49:59.0105 4684 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:Windowssystem32cryptsvc.dll 15:49:59.0137 4684 CryptSvc - ok 15:49:59.0152 4684 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:Windowssystem32driverscsc.sys 15:49:59.0183 4684 CSC - ok 15:49:59.0230 4684 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:WindowsSystem32cscsvc.dll 15:49:59.0246 4684 CscService - ok 15:49:59.0293 4684 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:Windowssystem32rpcss.dll 15:49:59.0339 4684 DcomLaunch - ok 15:49:59.0371 4684 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:Windowssystem32Driversdfsc.sys 15:49:59.0402 4684 DfsC - ok 15:49:59.0558 4684 DFSR (c647f468f7de343df8c143655c5557d4) C:Windowssystem32DFSR.exe 15:49:59.0683 4684 DFSR - ok 15:49:59.0761 4684 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:WindowsSystem32dhcpcsvc.dll 15:49:59.0792 4684 Dhcp - ok 15:49:59.0792 4684 disk (b0107e40ecdb5fa692ebf832f295d905) C:Windowssystem32driversdisk.sys 15:49:59.0807 4684 disk - ok 15:49:59.0932 4684 Diskeeper (a8bff83fe3e758e3ecff3855f9efc94b) C:Program FilesDiskeeper CorporationDiskeeperDkService.exe 15:49:59.0979 4684 Diskeeper - ok 15:50:00.0041 4684 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:WindowsSystem32dnsrslvr.dll 15:50:00.0073 4684 Dnscache - ok 15:50:00.0088 4684 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:WindowsSystem32dot3svc.dll 15:50:00.0119 4684 dot3svc - ok 15:50:00.0151 4684 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:Windowssystem32DRIVERSDot4.sys 15:50:00.0182 4684 Dot4 - ok 15:50:00.0197 4684 Dot4Print (08321d1860235bf42cf2854234337aea) C:Windowssystem32DRIVERSDot4Prt.sys 15:50:00.0229 4684 Dot4Print - ok 15:50:00.0244 4684 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:Windowssystem32DRIVERSdot4usb.sys 15:50:00.0275 4684 dot4usb - ok 15:50:00.0291 4684 DPS (1583b39790db3eaec7edb0cb0140c708) C:Windowssystem32dps.dll 15:50:00.0338 4684 DPS - ok 15:50:00.0369 4684 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:Windowssystem32driversdrmkaud.sys 15:50:00.0400 4684 drmkaud - ok 15:50:00.0447 4684 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:WindowsSystem32driversdxgkrnl.sys 15:50:00.0478 4684 DXGKrnl - ok 15:50:00.0509 4684 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:Windowssystem32DRIVERSE1G6032E.sys 15:50:00.0541 4684 E1G60 - ok 15:50:00.0572 4684 EapHost (c2303883fd9be49dc36a6400643002ea) C:WindowsSystem32eapsvc.dll 15:50:00.0603 4684 EapHost - ok 15:50:00.0634 4684 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:Windowssystem32driversecache.sys 15:50:00.0650 4684 Ecache - ok 15:50:00.0697 4684 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys 15:50:00.0712 4684 eeCtrl - ok 15:50:00.0759 4684 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:WindowsehomeehRecvr.exe 15:50:00.0806 4684 ehRecvr - ok 15:50:00.0806 4684 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:Windowsehomeehsched.exe 15:50:00.0837 4684 ehSched - ok 15:50:00.0853 4684 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:Windowsehomeehstart.dll 15:50:00.0868 4684 ehstart - ok 15:50:00.0899 4684 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:Windowssystem32driverselxstor.sys 15:50:00.0915 4684 elxstor - ok 15:50:00.0946 4684 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:Windowssystem32emdmgmt.dll 15:50:00.0993 4684 EMDMgmt - ok 15:50:01.0024 4684 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys 15:50:01.0040 4684 EraserUtilRebootDrv - ok 15:50:01.0055 4684 ErrDev (c2d322c84530db37d3e8e1c7e011bf16) C:Windowssystem32driverserrdev.sys 15:50:01.0102 4684 ErrDev - ok 15:50:01.0118 4684 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:Windowssystem32es.dll 15:50:01.0149 4684 EventSystem - ok 15:50:01.0180 4684 exfat (486844f47b6636044a42454614ed4523) C:Windowssystem32driversexfat.sys 15:50:01.0196 4684 exfat - ok 15:50:01.0211 4684 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:Windowssystem32driversfastfat.sys 15:50:01.0243 4684 fastfat - ok 15:50:01.0289 4684 Fax (989a776a2ff32a148fcf15c44058b129) C:Windowssystem32fxssvc.exe 15:50:01.0321 4684 Fax - ok 15:50:01.0336 4684 fdc (81b79b6df71fa1d2c6d688d830616e39) C:Windowssystem32DRIVERSfdc.sys 15:50:01.0383 4684 fdc - ok 15:50:01.0399 4684 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:Windowssystem32fdPHost.dll 15:50:01.0430 4684 fdPHost - ok 15:50:01.0445 4684 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:Windowssystem32fdrespub.dll 15:50:01.0523 4684 FDResPub - ok 15:50:01.0523 4684 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:Windowssystem32driversfileinfo.sys 15:50:01.0539 4684 FileInfo - ok 15:50:01.0539 4684 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:Windowssystem32driversfiletrace.sys 15:50:01.0570 4684 Filetrace - ok 15:50:01.0586 4684 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:Windowssystem32DRIVERSflpydisk.sys 15:50:01.0617 4684 flpydisk - ok 15:50:01.0617 4684 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:Windowssystem32driversfltmgr.sys 15:50:01.0633 4684 FltMgr - ok 15:50:01.0679 4684 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:Windowssystem32FntCache.dll 15:50:01.0757 4684 FontCache - ok 15:50:01.0804 4684 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe 15:50:01.0820 4684 FontCache3.0.0.0 - ok 15:50:01.0851 4684 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:Windowssystem32driversFs_Rec.sys 15:50:01.0867 4684 Fs_Rec - ok 15:50:01.0929 4684 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:Program Files (x86)Common FilesFuturemark SharedFuturemark SystemInfoFMSISvc.exe 15:50:01.0945 4684 Futuremark SystemInfo Service - ok 15:50:01.0960 4684 fvevol (849e38db7d829962d0233a0a252b60c3) C:Windowssystem32DRIVERSfvevol.sys 15:50:01.0976 4684 fvevol - ok 15:50:01.0976 4684 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:Windowssystem32driversgagp30kx.sys 15:50:01.0991 4684 gagp30kx - ok 15:50:02.0007 4684 gdrv - ok 15:50:02.0023 4684 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:Windowssystem32DRIVERSGEARAspiWDM.sys 15:50:02.0023 4684 GEARAspiWDM - ok 15:50:02.0054 4684 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:WindowsSystem32gpsvc.dll 15:50:02.0116 4684 gpsvc - ok 15:50:02.0163 4684 gupdate (f02a533f517eb38333cb12a9e8963773) C:Program Files (x86)GoogleUpdateGoogleUpdate.exe 15:50:02.0163 4684 gupdate - ok 15:50:02.0179 4684 gupdatem (f02a533f517eb38333cb12a9e8963773) C:Program Files (x86)GoogleUpdateGoogleUpdate.exe 15:50:02.0194 4684 gupdatem - ok 15:50:02.0210 4684 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe 15:50:02.0210 4684 gusvc - ok 15:50:02.0257 4684 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:Windowssystem32driversHdAudio.sys 15:50:02.0272 4684 HdAudAddService - ok 15:50:02.0319 4684 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:Windowssystem32DRIVERSHDAudBus.sys 15:50:02.0350 4684 HDAudBus - ok 15:50:02.0366 4684 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:Windowssystem32drivershidbth.sys 15:50:02.0413 4684 HidBth - ok 15:50:02.0428 4684 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:Windowssystem32drivershidir.sys 15:50:02.0491 4684 HidIr - ok 15:50:02.0506 4684 hidserv (59361d38a297755d46a540e450202b2a) C:WindowsSystem32hidserv.dll 15:50:02.0537 4684 hidserv - ok 15:50:02.0537 4684 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:Windowssystem32DRIVERShidusb.sys 15:50:02.0569 4684 HidUsb - ok 15:50:02.0584 4684 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:Windowssystem32kmsvc.dll 15:50:02.0631 4684 hkmsvc - ok 15:50:02.0647 4684 HpCISSs (a27e8af2caac5e2693e6d4e2fce9b54f) C:Windowssystem32drivershpcisss.sys 15:50:02.0662 4684 HpCISSs - ok 15:50:02.0709 4684 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:Program Files (x86)HPDigital Imagingbinhpqcxs08.dll 15:50:02.0709 4684 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 15:50:02.0709 4684 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 15:50:02.0740 4684 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:Program Files (x86)HPDigital Imagingbinhpqddsvc.dll 15:50:02.0740 4684 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 15:50:02.0740 4684 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 15:50:02.0756 4684 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:Windowssystem32DriversANDROIDUSB.sys 15:50:02.0787 4684 HTCAND64 - ok 15:50:02.0803 4684 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:Windowssystem32DRIVERShtcnprot.sys 15:50:02.0818 4684 htcnprot - ok 15:50:02.0849 4684 HTTP (098f1e4e5c9cb5b0063a959063631610) C:Windowssystem32driversHTTP.sys 15:50:02.0881 4684 HTTP - ok 15:50:02.0896 4684 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:Windowssystem32driversi2omp.sys 15:50:02.0912 4684 i2omp - ok 15:50:02.0927 4684 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:Windowssystem32DRIVERSi8042prt.sys 15:50:02.0959 4684 i8042prt - ok 15:50:02.0990 4684 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:Windowssystem32driversiastorv.sys 15:50:02.0990 4684 iaStorV - ok 15:50:03.0052 4684 idsvc (749f5f8cedca70f2a512945325fc489d) C:WindowsMicrosoft.NETFramework64v3.0Windows Communication Foundationinfocard.exe 15:50:03.0099 4684 idsvc - ok 15:50:03.0193 4684 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsIPSDefs20120803.002IDSvia64.sys 15:50:03.0224 4684 IDSVia64 - ok 15:50:03.0255 4684 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:Windowssystem32driversiirsp.sys 15:50:03.0271 4684 iirsp - ok 15:50:03.0302 4684 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:WindowsSystem32ikeext.dll 15:50:03.0349 4684 IKEEXT - ok 15:50:03.0489 4684 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:Windowssystem32driversRTKVHD64.sys 15:50:03.0551 4684 IntcAzAudAddService - ok 15:50:03.0598 4684 intelide (df797a12176f11b2d301c5b234bb200e) C:Windowssystem32driversintelide.sys 15:50:03.0614 4684 intelide - ok 15:50:03.0629 4684 intelppm (bfd84af32fa1bad6231c4585cb469630) C:Windowssystem32DRIVERSintelppm.sys 15:50:03.0661 4684 intelppm - ok 15:50:03.0676 4684 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:Windowssystem32ipbusenum.dll 15:50:03.0707 4684 IPBusEnum - ok 15:50:03.0723 4684 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:Windowssystem32DRIVERSipfltdrv.sys 15:50:03.0754 4684 IpFilterDriver - ok 15:50:03.0785 4684 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:WindowsSystem32iphlpsvc.dll 15:50:03.0817 4684 iphlpsvc - ok 15:50:03.0817 4684 IpInIp - ok 15:50:03.0832 4684 IPMIDRV (e41dd7038db14ae9d35b47b10bdce58a) C:Windowssystem32driversipmidrv.sys 15:50:03.0848 4684 IPMIDRV - ok 15:50:03.0863 4684 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:Windowssystem32DRIVERSipnat.sys 15:50:03.0910 4684 IPNAT - ok 15:50:03.0988 4684 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:Program FilesiPodbiniPodService.exe 15:50:04.0019 4684 iPod Service - ok 15:50:04.0051 4684 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:Windowssystem32driversirenum.sys 15:50:04.0082 4684 IRENUM - ok 15:50:04.0097 4684 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:Windowssystem32driversisapnp.sys 15:50:04.0113 4684 isapnp - ok 15:50:04.0129 4684 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:Windowssystem32DRIVERSmsiscsi.sys 15:50:04.0144 4684 iScsiPrt - ok 15:50:04.0160 4684 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:Windowssystem32driversiteatapi.sys 15:50:04.0175 4684 iteatapi - ok 15:50:04.0207 4684 iteraid (1281fe73b17664631d12f643cbea3f59) C:Windowssystem32driversiteraid.sys 15:50:04.0207 4684 iteraid - ok 15:50:04.0269 4684 JMB36X (0d2da1c6d8ed85f51e3758eae22455f2) C:WindowsSysWOW64XSrvSetup.exe 15:50:04.0285 4684 JMB36X - ok 15:50:04.0316 4684 JRAID (50de7dd7edb1b512b13666588aefbf6f) C:Windowssystem32DRIVERSjraid.sys 15:50:04.0331 4684 JRAID - ok 15:50:04.0347 4684 kbdclass (423696f3ba6472dd17699209b933bc26) C:Windowssystem32DRIVERSkbdclass.sys 15:50:04.0347 4684 kbdclass - ok 15:50:04.0363 4684 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:Windowssystem32DRIVERSkbdhid.sys 15:50:04.0394 4684 kbdhid - ok 15:50:04.0409 4684 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:Windowssystem32lsass.exe 15:50:04.0441 4684 KeyIso - ok 15:50:04.0472 4684 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:Windowssystem32Driversksecdd.sys 15:50:04.0487 4684 KSecDD - ok 15:50:04.0503 4684 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:Windowssystem32driversksthunk.sys 15:50:04.0550 4684 ksthunk - ok 15:50:04.0597 4684 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:Windowssystem32msdtckrm.dll 15:50:04.0659 4684 KtmRm - ok 15:50:04.0675 4684 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:WindowsSystem32srvsvc.dll 15:50:04.0706 4684 LanmanServer - ok 15:50:04.0737 4684 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:WindowsSystem32wkssvc.dll 15:50:04.0753 4684 LanmanWorkstation - ok 15:50:04.0768 4684 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:Windowssystem32DRIVERSlltdio.sys 15:50:04.0799 4684 lltdio - ok 15:50:04.0893 4684 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:WindowsSystem32lltdsvc.dll 15:50:04.0940 4684 lltdsvc - ok 15:50:04.0955 4684 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:WindowsSystem32lmhsvc.dll 15:50:04.0987 4684 lmhosts - ok 15:50:05.0002 4684 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:Windowssystem32driverslsi_fc.sys 15:50:05.0018 4684 LSI_FC - ok 15:50:05.0033 4684 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:Windowssystem32driverslsi_sas.sys 15:50:05.0049 4684 LSI_SAS - ok 15:50:05.0065 4684 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:Windowssystem32driverslsi_scsi.sys 15:50:05.0080 4684 LSI_SCSI - ok 15:50:05.0096 4684 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:Windowssystem32driversluafv.sys 15:50:05.0143 4684 luafv - ok 15:50:05.0158 4684 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:Windowssystem32driversmbam.sys 15:50:05.0174 4684 MBAMProtector - ok 15:50:05.0377 4684 MBAMService (43683e970f008c93c9429ef428147a54) C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe 15:50:05.0408 4684 MBAMService - ok 15:50:05.0423 4684 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:Windowssystem32Mcx2Svc.dll 15:50:05.0439 4684 Mcx2Svc - ok 15:50:05.0455 4684 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:Windowssystem32driversmegasas.sys 15:50:05.0470 4684 megasas - ok 15:50:05.0501 4684 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:Windowssystem32driversmegasr.sys 15:50:05.0517 4684 MegaSR - ok 15:50:05.0533 4684 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:Windowssystem32mmcss.dll 15:50:05.0564 4684 MMCSS - ok 15:50:05.0595 4684 Modem (59848d5cc74606f0ee7557983bb73c2e) C:Windowssystem32driversmodem.sys 15:50:05.0626 4684 Modem - ok 15:50:05.0642 4684 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:Windowssystem32DRIVERSmonitor.sys 15:50:05.0689 4684 monitor - ok 15:50:05.0689 4684 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:Windowssystem32DRIVERSmouclass.sys 15:50:05.0704 4684 mouclass - ok 15:50:05.0735 4684 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:Windowssystem32DRIVERSmouhid.sys 15:50:05.0767 4684 mouhid - ok 15:50:05.0767 4684 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:Windowssystem32driversmountmgr.sys 15:50:05.0782 4684 MountMgr - ok 15:50:05.0829 4684 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe 15:50:05.0845 4684 MozillaMaintenance - ok 15:50:05.0860 4684 mpio (cbb01a298cb24d250017cea54884bba8) C:Windowssystem32driversmpio.sys 15:50:05.0876 4684 mpio - ok 15:50:05.0891 4684 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:Windowssystem32driversmpsdrv.sys 15:50:05.0923 4684 mpsdrv - ok 15:50:05.0954 4684 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:Windowssystem32mpssvc.dll 15:50:06.0001 4684 MpsSvc - ok 15:50:06.0001 4684 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:Windowssystem32driversmraid35x.sys 15:50:06.0016 4684 Mraid35x - ok 15:50:06.0032 4684 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:Windowssystem32driversmrxdav.sys 15:50:06.0047 4684 MRxDAV - ok 15:50:06.0063 4684 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:Windowssystem32DRIVERSmrxsmb.sys 15:50:06.0079 4684 mrxsmb - ok 15:50:06.0110 4684 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:Windowssystem32DRIVERSmrxsmb10.sys 15:50:06.0125 4684 mrxsmb10 - ok 15:50:06.0141 4684 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:Windowssystem32DRIVERSmrxsmb20.sys 15:50:06.0157 4684 mrxsmb20 - ok 15:50:06.0172 4684 msahci (aa459f2ab3ab603c357ff117cae3d818) C:Windowssystem32driversmsahci.sys 15:50:06.0188 4684 msahci - ok 15:50:06.0203 4684 msdsm (0db324146494d45417905b7009858937) C:Windowssystem32driversmsdsm.sys 15:50:06.0203 4684 msdsm - ok 15:50:06.0219 4684 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:WindowsSystem32msdtc.exe 15:50:06.0281 4684 MSDTC - ok 15:50:06.0297 4684 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:Windowssystem32driversMsfs.sys 15:50:06.0344 4684 Msfs - ok 15:50:06.0359 4684 msisadrv (00ebc952961664780d43dca157e79b27) C:Windowssystem32driversmsisadrv.sys 15:50:06.0375 4684 msisadrv - ok 15:50:06.0406 4684 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:Windowssystem32iscsiexe.dll 15:50:06.0453 4684 MSiSCSI - ok 15:50:06.0453 4684 msiserver - ok 15:50:06.0469 4684 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:Windowssystem32driversMSKSSRV.sys 15:50:06.0500 4684 MSKSSRV - ok 15:50:06.0515 4684 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:Windowssystem32driversMSPCLOCK.sys 15:50:06.0562 4684 MSPCLOCK - ok 15:50:06.0562 4684 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:Windowssystem32driversMSPQM.sys 15:50:06.0593 4684 MSPQM - ok 15:50:06.0765 4684 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:Windowssystem32driversMsRPC.sys 15:50:06.0781 4684 MsRPC - ok 15:50:06.0827 4684 mssmbios (855796e59df77ea93af46f20155bf55b) C:Windowssystem32DRIVERSmssmbios.sys 15:50:06.0843 4684 mssmbios - ok 15:50:06.0859 4684 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:Windowssystem32driversMSTEE.sys 15:50:06.0921 4684 MSTEE - ok 15:50:06.0921 4684 Mup (0cc49f78d8aca0877d885f149084e543) C:Windowssystem32Driversmup.sys 15:50:06.0937 4684 Mup - ok 15:50:07.0015 4684 N360 (c6948f034d7edabcfa2234d399fc78bc) C:Program Files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe 15:50:07.0030 4684 N360 - ok 15:50:07.0124 4684 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:Windowssystem32qagentRT.dll 15:50:07.0186 4684 napagent - ok 15:50:07.0202 4684 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:Windowssystem32DRIVERSnwifi.sys 15:50:07.0233 4684 NativeWifiP - ok 15:50:07.0420 4684 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsVirusDefs20120803.035ENG64.SYS 15:50:07.0436 4684 NAVENG - ok 15:50:07.0670 4684 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsVirusDefs20120803.035EX64.SYS 15:50:07.0748 4684 NAVEX15 - ok 15:50:07.0857 4684 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:Windowssystem32driversndis.sys 15:50:07.0888 4684 NDIS - ok 15:50:07.0904 4684 NdisTapi (64df698a425478e321981431ac171334) C:Windowssystem32DRIVERSndistapi.sys 15:50:07.0951 4684 NdisTapi - ok 15:50:07.0951 4684 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:Windowssystem32DRIVERSndisuio.sys 15:50:07.0997 4684 Ndisuio - ok 15:50:08.0013 4684 NdisWan (f8158771905260982ce724076419ef19) C:Windowssystem32DRIVERSndiswan.sys 15:50:08.0044 4684 NdisWan - ok 15:50:08.0060 4684 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:Windowssystem32driversNDProxy.sys 15:50:08.0091 4684 NDProxy - ok 15:50:08.0107 4684 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:Windowssystem32HPZinw12.dll 15:50:08.0138 4684 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:50:08.0138 4684 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:50:08.0153 4684 NetBIOS (a499294f5029a7862adc115bda7371ce) C:Windowssystem32DRIVERSnetbios.sys 15:50:08.0200 4684 NetBIOS - ok 15:50:08.0216 4684 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:Windowssystem32DRIVERSnetbt.sys 15:50:08.0247 4684 netbt - ok 15:50:08.0263 4684 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:Windowssystem32lsass.exe 15:50:08.0278 4684 Netlogon - ok 15:50:08.0309 4684 Netman (9b63b29defc0f3115a559d2597bf5d75) C:WindowsSystem32netman.dll 15:50:08.0372 4684 Netman - ok 15:50:08.0387 4684 netprofm (7846d0136cc2b264926a73047ba7688a) C:WindowsSystem32netprofm.dll 15:50:08.0450 4684 netprofm - ok 15:50:08.0497 4684 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:WindowsMicrosoft.NETFramework64v3.0Windows Communication FoundationSMSvcHost.exe 15:50:08.0512 4684 NetTcpPortSharing - ok 15:50:08.0528 4684 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:Windowssystem32driversnfrd960.sys 15:50:08.0543 4684 nfrd960 - ok 15:50:08.0559 4684 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:WindowsSystem32nlasvc.dll 15:50:08.0621 4684 NlaSvc - ok 15:50:08.0637 4684 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:Windowssystem32driversNpfs.sys 15:50:08.0684 4684 Npfs - ok 15:50:08.0699 4684 nsi (acb62baa1c319b17752553df3026eeeb) C:Windowssystem32nsisvc.dll 15:50:08.0746 4684 nsi - ok 15:50:08.0762 4684 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:Windowssystem32driversnsiproxy.sys 15:50:08.0809 4684 nsiproxy - ok 15:50:08.0871 4684 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:Windowssystem32driversNtfs.sys 15:50:08.0933 4684 Ntfs - ok 15:50:09.0152 4684 Null (dd5d684975352b85b52e3fd5347c20cb) C:Windowssystem32driversNull.sys 15:50:09.0199 4684 Null - ok 15:50:09.0230 4684 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:Windowssystem32DRIVERSnusb3hub.sys 15:50:09.0261 4684 nusb3hub - ok 15:50:09.0292 4684 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:Windowssystem32DRIVERSnusb3xhc.sys 15:50:09.0323 4684 nusb3xhc - ok 15:50:09.0791 4684 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:Windowssystem32DRIVERSnvlddmkm.sys 15:50:10.0135 4684 nvlddmkm - ok 15:50:10.0213 4684 nvraid (2c040b7ada5b06f6facadac8514aa034) C:Windowssystem32driversnvraid.sys 15:50:10.0228 4684 nvraid - ok 15:50:10.0244 4684 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:Windowssystem32driversnvstor.sys 15:50:10.0244 4684 nvstor - ok 15:50:10.0306 4684 NVSvc (39f933ca2798156b0b7a19d104b73b9a) C:Windowssystem32nvvsvc.exe 15:50:10.0353 4684 NVSvc - ok 15:50:10.0369 4684 nv_agp (19067ca93075ef4823e3938a686f532f) C:Windowssystem32driversnv_agp.sys 15:50:10.0369 4684 nv_agp - ok 15:50:10.0369 4684 NwlnkFlt - ok 15:50:10.0384 4684 NwlnkFwd - ok 15:50:10.0447 4684 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:Program Files (x86)Common FilesMicrosoft SharedOFFICE12ODSERV.EXE 15:50:10.0462 4684 odserv - ok 15:50:10.0478 4684 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:Windowssystem32driversohci1394.sys 15:50:10.0525 4684 ohci1394 - ok 15:50:10.0556 4684 ose (5a432a042dae460abe7199b758e8606c) C:Program Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE 15:50:10.0556 4684 ose - ok 15:50:10.0603 4684 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:Windowssystem32p2psvc.dll 15:50:10.0665 4684 p2pimsvc - ok 15:50:10.0681 4684 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:Windowssystem32p2psvc.dll 15:50:10.0696 4684 p2psvc - ok 15:50:10.0727 4684 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:Windowssystem32DRIVERSparport.sys 15:50:10.0759 4684 Parport - ok 15:50:10.0790 4684 partmgr (b43751085e2abe389da466bc62a4b987) C:Windowssystem32driverspartmgr.sys 15:50:10.0790 4684 partmgr - ok 15:50:10.0837 4684 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe 15:50:10.0852 4684 PassThru Service ( UnsignedFile.Multi.Generic ) - warning 15:50:10.0852 4684 PassThru Service - detected UnsignedFile.Multi.Generic (1) 15:50:10.0868 4684 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:WindowsSystem32pcasvc.dll 15:50:10.0899 4684 PcaSvc - ok 15:50:10.0915 4684 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:Windowssystem32driverspci.sys 15:50:10.0915 4684 pci - ok 15:50:10.0930 4684 pciide (2657f6c0b78c36d95034be109336e382) C:Windowssystem32driverspciide.sys 15:50:10.0946 4684 pciide - ok 15:50:10.0961 4684 pcmcia (037661f3d7c507c9993b7010ceee6288) C:Windowssystem32driverspcmcia.sys 15:50:10.0977 4684 pcmcia - ok 15:50:11.0008 4684 PEAUTH (58865916f53592a61549b04941bfd80d) C:Windowssystem32driverspeauth.sys 15:50:11.0086 4684 PEAUTH - ok 15:50:11.0133 4684 PerfHost (0ed8727ea0172860f47258456c06caea) C:WindowsSysWow64perfhost.exe 15:50:11.0180 4684 PerfHost - ok 15:50:11.0227 4684 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:Windowssystem32pla.dll 15:50:11.0305 4684 pla - ok 15:50:11.0351 4684 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:Windowssystem32umpnpmgr.dll 15:50:11.0383 4684 PlugPlay - ok 15:50:11.0414 4684 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:Windowssystem32HPZipm12.dll 15:50:11.0429 4684 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 15:50:11.0429 4684 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 15:50:11.0461 4684 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:Windowssystem32p2psvc.dll 15:50:11.0492 4684 PNRPAutoReg - ok 15:50:11.0492 4684 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:Windowssystem32p2psvc.dll 15:50:11.0523 4684 PNRPsvc - ok 15:50:11.0554 4684 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:WindowsSystem32ipsecsvc.dll 15:50:11.0601 4684 PolicyAgent - ok 15:50:11.0632 4684 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:Windowssystem32DRIVERSraspptp.sys 15:50:11.0663 4684 PptpMiniport - ok 15:50:11.0679 4684 Processor (5080e59ecee0bc923f14018803aa7a01) C:Windowssystem32driversprocessr.sys 15:50:11.0710 4684 Processor - ok 15:50:11.0726 4684 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:Windowssystem32profsvc.dll 15:50:11.0757 4684 ProfSvc - ok 15:50:11.0773 4684 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:Windowssystem32lsass.exe 15:50:11.0788 4684 ProtectedStorage - ok 15:50:11.0804 4684 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:Windowssystem32DRIVERSpacer.sys 15:50:11.0819 4684 PSched - ok 15:50:11.0866 4684 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:Windowssystem32driversql2300.sys 15:50:11.0913 4684 ql2300 - ok 15:50:11.0929 4684 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:Windowssystem32driversql40xx.sys 15:50:11.0929 4684 ql40xx - ok 15:50:11.0960 4684 QWAVE (90574842c3da781e279061a3eff91f07) C:Windowssystem32qwave.dll 15:50:11.0991 4684 QWAVE - ok 15:50:11.0991 4684 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:Windowssystem32driversqwavedrv.sys 15:50:12.0022 4684 QWAVEdrv - ok 15:50:12.0038 4684 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:Windowssystem32DRIVERSrasacd.sys 15:50:12.0069 4684 RasAcd - ok 15:50:12.0085 4684 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:WindowsSystem32rasauto.dll 15:50:12.0116 4684 RasAuto - ok 15:50:12.0131 4684 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:Windowssystem32DRIVERSrasl2tp.sys 15:50:12.0163 4684 Rasl2tp - ok 15:50:12.0178 4684 RasMan (3ad83e4046c43be510de681588acb8af) C:WindowsSystem32rasmans.dll 15:50:12.0209 4684 RasMan - ok 15:50:12.0225 4684 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:Windowssystem32DRIVERSraspppoe.sys 15:50:12.0256 4684 RasPppoe - ok 15:50:12.0256 4684 RasSstp (c6a593b51f34c33e5474539544072527) C:Windowssystem32DRIVERSrassstp.sys 15:50:12.0272 4684 RasSstp - ok 15:50:12.0287 4684 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:Windowssystem32DRIVERSrdbss.sys 15:50:12.0319 4684 rdbss - ok 15:50:12.0319 4684 RDPCDD (603900cc05f6be65ccbf373800af3716) C:Windowssystem32DRIVERSRDPCDD.sys 15:50:12.0350 4684 RDPCDD - ok 15:50:12.0365 4684 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:Windowssystem32DRIVERSrdpdr.sys 15:50:12.0397 4684 rdpdr - ok 15:50:12.0397 4684 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:Windowssystem32driversrdpencdd.sys 15:50:12.0428 4684 RDPENCDD - ok 15:50:12.0459 4684 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:Windowssystem32driversRDPWD.sys 15:50:12.0490 4684 RDPWD - ok 15:50:12.0521 4684 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:WindowsSystem32mprdim.dll 15:50:12.0553 4684 RemoteAccess - ok 15:50:12.0568 4684 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:Windowssystem32regsvc.dll 15:50:12.0584 4684 RemoteRegistry - ok 15:50:12.0615 4684 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:Windowssystem32locator.exe 15:50:12.0631 4684 RpcLocator - ok 15:50:12.0677 4684 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:Windowssystem32rpcss.dll 15:50:12.0709 4684 RpcSs - ok 15:50:12.0724 4684 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:Windowssystem32DRIVERSrspndr.sys 15:50:12.0755 4684 rspndr - ok 15:50:12.0787 4684 RTL8169 (e3aa12faa3192d1090b9069c3925373b) C:Windowssystem32DRIVERSRtlh64.sys 15:50:12.0802 4684 RTL8169 - ok 15:50:12.0818 4684 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:Windowssystem32lsass.exe 15:50:12.0833 4684 SamSs - ok 15:50:12.0849 4684 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:Windowssystem32driverssbp2port.sys 15:50:12.0865 4684 sbp2port - ok 15:50:12.0943 4684 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe 15:50:12.0974 4684 SBSDWSCService - ok 15:50:12.0989 4684 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:WindowsSystem32SCardSvr.dll 15:50:13.0021 4684 SCardSvr - ok 15:50:13.0067 4684 Schedule (0f838c811ad295d2a4489b9993096c63) C:Windowssystem32schedsvc.dll 15:50:13.0099 4684 Schedule - ok 15:50:13.0130 4684 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:WindowsSystem32certprop.dll 15:50:13.0145 4684 SCPolicySvc - ok 15:50:13.0161 4684 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:WindowsSystem32SDRSVC.dll 15:50:13.0177 4684 SDRSVC - ok 15:50:13.0208 4684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:Windowssystem32driverssecdrv.sys 15:50:13.0255 4684 secdrv - ok 15:50:13.0270 4684 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:Windowssystem32seclogon.dll 15:50:13.0301 4684 seclogon - ok 15:50:13.0301 4684 SENS (90973a64b96cd647ff81c79443618eed) C:Windowssystem32sens.dll 15:50:13.0348 4684 SENS - ok 15:50:13.0364 4684 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:Windowssystem32DRIVERSserenum.sys 15:50:13.0411 4684 Serenum - ok 15:50:13.0411 4684 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:Windowssystem32DRIVERSserial.sys 15:50:13.0457 4684 Serial - ok 15:50:13.0473 4684 sermouse (a842f04833684bceea7336211be478df) C:Windowssystem32driverssermouse.sys 15:50:13.0504 4684 sermouse - ok 15:50:13.0520 4684 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:Windowssystem32sessenv.dll 15:50:13.0551 4684 SessionEnv - ok 15:50:13.0567 4684 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:Windowssystem32driverssffdisk.sys 15:50:13.0598 4684 sffdisk - ok 15:50:13.0598 4684 sffp_mmc (dbbd3fd8af718966af768a754e07e8c0) C:Windowssystem32driverssffp_mmc.sys 15:50:13.0629 4684 sffp_mmc - ok 15:50:13.0645 4684 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:Windowssystem32driverssffp_sd.sys 15:50:13.0676 4684 sffp_sd - ok 15:50:13.0691 4684 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:Windowssystem32driverssfloppy.sys 15:50:13.0738 4684 sfloppy - ok 15:50:13.0785 4684 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:WindowsSystem32ipnathlp.dll 15:50:13.0832 4684 SharedAccess - ok 15:50:13.0863 4684 ShellHWDetection (56793271ecdedd350c5add305603e963) C:WindowsSystem32shsvcs.dll 15:50:13.0879 4684 ShellHWDetection - ok 15:50:13.0894 4684 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:Windowssystem32driverssisraid2.sys 15:50:13.0894 4684 SiSRaid2 - ok 15:50:13.0910 4684 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:Windowssystem32driverssisraid4.sys 15:50:13.0925 4684 SiSRaid4 - ok 15:50:14.0019 4684 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:Windowssystem32SLsvc.exe 15:50:14.0128 4684 slsvc - ok 15:50:14.0253 4684 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:Windowssystem32SLUINotify.dll 15:50:14.0284 4684 SLUINotify - ok 15:50:14.0315 4684 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:Windowssystem32DRIVERSsmb.sys 15:50:14.0347 4684 Smb - ok 15:50:14.0362 4684 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:WindowsSystem32snmptrap.exe 15:50:14.0378 4684 SNMPTRAP - ok 15:50:14.0393 4684 spldr (386c3c63f00a7040c7ec5e384217e89d) C:Windowssystem32driversspldr.sys 15:50:14.0409 4684 spldr - ok 15:50:14.0440 4684 Spooler (f66ff751e7efc816d266977939ef5dc3) C:WindowsSystem32spoolsv.exe 15:50:14.0471 4684 Spooler - ok 15:50:14.0518 4684 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:WindowsSystem32DriversN360x640602010.005SRTSP64.SYS 15:50:14.0549 4684 SRTSP - ok 15:50:14.0565 4684 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:Windowssystem32driversN360x640602010.005SRTSPX64.SYS 15:50:14.0565 4684 SRTSPX - ok 15:50:14.0596 4684 srv (880a57fccb571ebd063d4dd50e93e46d) C:Windowssystem32DRIVERSsrv.sys 15:50:14.0627 4684 srv - ok 15:50:14.0643 4684 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:Windowssystem32DRIVERSsrv2.sys 15:50:14.0690 4684 srv2 - ok 15:50:14.0705 4684 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:Windowssystem32DRIVERSsrvnet.sys 15:50:14.0721 4684 srvnet - ok 15:50:14.0737 4684 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:WindowsSystem32ssdpsrv.dll 15:50:14.0783 4684 SSDPSRV - ok 15:50:14.0799 4684 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:Windowssystem32sstpsvc.dll 15:50:14.0830 4684 SstpSvc - ok 15:50:14.0861 4684 stisvc (15825c1fbfb8779992cb65087f316af5) C:WindowsSystem32wiaservc.dll 15:50:14.0908 4684 stisvc - ok 15:50:14.0924 4684 STTub203 (ac95ecf2856b6c716aff2fbc449845b9) C:Windowssystem32DriversSTTub203.sys 15:50:14.0955 4684 STTub203 - ok 15:50:14.0971 4684 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:Windowssystem32DRIVERSswenum.sys 15:50:14.0971 4684 swenum - ok 15:50:15.0002 4684 swprv (6de37f4de19d4efd9c48c43addbc949a) C:WindowsSystem32swprv.dll 15:50:15.0049 4684 swprv - ok 15:50:15.0049 4684 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:Windowssystem32driverssymc8xx.sys 15:50:15.0064 4684 Symc8xx - ok 15:50:15.0111 4684 SymDS (8b2430762099598da40686f754632efd) C:Windowssystem32driversN360x640602010.005SYMDS64.SYS 15:50:15.0127 4684 SymDS - ok 15:50:15.0173 4684 SymEFA (f90c7a190399165d3ab2245048d34786) C:Windowssystem32driversN360x640602010.005SYMEFA64.SYS 15:50:15.0220 4684 SymEFA - ok 15:50:15.0267 4684 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:Windowssystem32DriversSYMEVENT64x86.SYS 15:50:15.0267 4684 SymEvent - ok 15:50:15.0298 4684 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:Windowssystem32driversN360x640602010.005Ironx64.SYS 15:50:15.0298 4684 SymIRON - ok 15:50:15.0329 4684 SYMTDIv (a25fee245c78804601d83431386a0bee) C:WindowsSystem32DriversN360x640602010.005SYMTDIV.SYS 15:50:15.0345 4684 SYMTDIv - ok 15:50:15.0361 4684 Sym_hi (a909667976d3bccd1df813fed517d837) C:Windowssystem32driverssym_hi.sys 15:50:15.0376 4684 Sym_hi - ok 15:50:15.0376 4684 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:Windowssystem32driverssym_u3.sys 15:50:15.0392 4684 Sym_u3 - ok 15:50:15.0423 4684 SysMain (92d7a8b0f87b036f17d25885937897a6) C:Windowssystem32sysmain.dll 15:50:15.0501 4684 SysMain - ok 15:50:15.0517 4684 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:WindowsSystem32TabSvc.dll 15:50:15.0532 4684 TabletInputService - ok 15:50:15.0563 4684 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:WindowsSystem32tapisrv.dll 15:50:15.0579 4684 TapiSrv - ok 15:50:15.0626 4684 TarFltr (827f682e9d2d9b2a49691c3a9697a3bb) C:Windowssystem32driversUsbFltr.sys 15:50:15.0641 4684 TarFltr - ok 15:50:15.0657 4684 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:WindowsSystem32tbssvc.dll 15:50:15.0688 4684 TBS - ok 15:50:15.0751 4684 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:Windowssystem32driverstcpip.sys 15:50:15.0797 4684 Tcpip - ok 15:50:15.0891 4684 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:Windowssystem32DRIVERStcpip.sys 15:50:15.0938 4684 Tcpip6 - ok 15:50:15.0969 4684 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:Windowssystem32driverstcpipreg.sys 15:50:16.0000 4684 tcpipreg - ok 15:50:16.0000 4684 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:Windowssystem32driverstdpipe.sys 15:50:16.0047 4684 TDPIPE - ok 15:50:16.0063 4684 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:Windowssystem32driverstdtcp.sys 15:50:16.0094 4684 TDTCP - ok 15:50:16.0109 4684 tdx (458919c8c42e398dc4802178d5ffee27) C:Windowssystem32DRIVERStdx.sys 15:50:16.0125 4684 tdx - ok 15:50:16.0141 4684 TermDD (8c19678d22649ec002ef2282eae92f98) C:Windowssystem32DRIVERStermdd.sys 15:50:16.0141 4684 TermDD - ok 15:50:16.0172 4684 TermService (5cdd30bc217082dac71a9878d9bfd566) C:WindowsSystem32termsrv.dll 15:50:16.0203 4684 TermService - ok 15:50:16.0219 4684 Themes (56793271ecdedd350c5add305603e963) C:Windowssystem32shsvcs.dll 15:50:16.0234 4684 Themes - ok 15:50:16.0250 4684 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:Windowssystem32mmcss.dll 15:50:16.0281 4684 THREADORDER - ok 15:50:16.0297 4684 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:WindowsSystem32trkwks.dll 15:50:16.0328 4684 TrkWks - ok 15:50:16.0375 4684 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:WindowsservicingTrustedInstaller.exe 15:50:16.0390 4684 TrustedInstaller - ok 15:50:16.0406 4684 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:Windowssystem32DRIVERStssecsrv.sys 15:50:16.0437 4684 tssecsrv - ok 15:50:16.0453 4684 tunmp (89ec74a9e602d16a75a4170511029b3c) C:Windowssystem32DRIVERStunmp.sys 15:50:16.0468 4684 tunmp - ok 15:50:16.0484 4684 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:Windowssystem32DRIVERStunnel.sys 15:50:16.0499 4684 tunnel - ok 15:50:16.0515 4684 uagp35 (fec266ef401966311744bd0f359f7f56) C:Windowssystem32driversuagp35.sys 15:50:16.0531 4684 uagp35 - ok 15:50:16.0546 4684 udfs (faf2640a2a76ed03d449e443194c4c34) C:Windowssystem32DRIVERSudfs.sys 15:50:16.0577 4684 udfs - ok 15:50:16.0593 4684 UI0Detect (060507c4113391394478f6953a79eedc) C:Windowssystem32UI0Detect.exe 15:50:16.0624 4684 UI0Detect - ok 15:50:16.0640 4684 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:Windowssystem32driversuliagpkx.sys 15:50:16.0640 4684 uliagpkx - ok 15:50:16.0655 4684 uliahci (697f0446134cdc8f99e69306184fbbb4) C:Windowssystem32driversuliahci.sys 15:50:16.0671 4684 uliahci - ok 15:50:16.0687 4684 UlSata (31707f09846056651ea2c37858f5ddb0) C:Windowssystem32driversulsata.sys 15:50:16.0702 4684 UlSata - ok 15:50:16.0718 4684 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:Windowssystem32driversulsata2.sys 15:50:16.0733 4684 ulsata2 - ok 15:50:16.0733 4684 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:Windowssystem32DRIVERSumbus.sys 15:50:16.0780 4684 umbus - ok 15:50:16.0796 4684 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:WindowsSystem32umrdp.dll 15:50:16.0811 4684 UmRdpService - ok 15:50:16.0858 4684 upnphost (7093799ff80e9deca0680d2e3535be60) C:WindowsSystem32upnphost.dll 15:50:16.0889 4684 upnphost - ok 15:50:16.0936 4684 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:Windowssystem32Driversusbaapl64.sys 15:50:16.0967 4684 USBAAPL64 - ok 15:50:16.0983 4684 usbccgp (07e3498fc60834219d2356293da0fecc) C:Windowssystem32DRIVERSusbccgp.sys 15:50:17.0014 4684 usbccgp - ok 15:50:17.0030 4684 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:Windowssystem32driversusbcir.sys 15:50:17.0092 4684 usbcir - ok 15:50:17.0108 4684 usbehci (827e44de934a736ea31e91d353eb126f) C:Windowssystem32DRIVERSusbehci.sys 15:50:17.0123 4684 usbehci - ok 15:50:17.0139 4684 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:Windowssystem32DRIVERSusbhub.sys 15:50:17.0155 4684 usbhub - ok 15:50:17.0170 4684 usbohci (eba14ef0c07cec233f1529c698d0d154) C:Windowssystem32driversusbohci.sys 15:50:17.0217 4684 usbohci - ok 15:50:17.0233 4684 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:Windowssystem32DRIVERSusbprint.sys 15:50:17.0264 4684 usbprint - ok 15:50:17.0279 4684 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:Windowssystem32DRIVERSusbscan.sys 15:50:17.0311 4684 usbscan - ok 15:50:17.0311 4684 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:Windowssystem32DRIVERSUSBSTOR.SYS 15:50:17.0342 4684 USBSTOR - ok 15:50:17.0357 4684 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:Windowssystem32DRIVERSusbuhci.sys 15:50:17.0373 4684 usbuhci - ok 15:50:17.0389 4684 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:Windowssystem32DRIVERSusb8023x.sys 15:50:17.0404 4684 usb_rndisx - ok 15:50:17.0420 4684 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:WindowsSystem32uxsms.dll 15:50:17.0451 4684 UxSms - ok 15:50:17.0467 4684 vds (294945381dfa7ce58cecf0a9896af327) C:WindowsSystem32vds.exe 15:50:17.0513 4684 vds - ok 15:50:17.0529 4684 vga (916b94bcf1e09873fff2d5fb11767bbc) C:Windowssystem32DRIVERSvgapnp.sys 15:50:17.0560 4684 vga - ok 15:50:17.0560 4684 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:WindowsSystem32driversvga.sys 15:50:17.0607 4684 VgaSave - ok 15:50:17.0607 4684 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:Windowssystem32driversviaide.sys 15:50:17.0623 4684 viaide - ok 15:50:17.0638 4684 volmgr (2b7e885ed951519a12c450d24535dfca) C:Windowssystem32driversvolmgr.sys 15:50:17.0638 4684 volmgr - ok 15:50:17.0669 4684 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:Windowssystem32driversvolmgrx.sys 15:50:17.0685 4684 volmgrx - ok 15:50:17.0685 4684 volsnap (5280aada24ab36b01a84a6424c475c8d) C:Windowssystem32driversvolsnap.sys 15:50:17.0701 4684 volsnap - ok 15:50:17.0716 4684 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:Windowssystem32driversvsmraid.sys 15:50:17.0732 4684 vsmraid - ok 15:50:17.0779 4684 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:Windowssystem32vssvc.exe 15:50:17.0841 4684 VSS - ok 15:50:17.0919 4684 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:Windowssystem32w32time.dll 15:50:17.0950 4684 W32Time - ok 15:50:17.0981 4684 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:Windowssystem32driverswacompen.sys 15:50:18.0028 4684 WacomPen - ok 15:50:18.0044 4684 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:Windowssystem32DRIVERSwanarp.sys 15:50:18.0075 4684 Wanarp - ok 15:50:18.0075 4684 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:Windowssystem32DRIVERSwanarp.sys 15:50:18.0091 4684 Wanarpv6 - ok 15:50:18.0137 4684 wbengine (48eee289df9e4989128b2283f3eeacc6) C:Windowssystem32wbengine.exe 15:50:18.0200 4684 wbengine - ok 15:50:18.0231 4684 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:WindowsSystem32wcncsvc.dll 15:50:18.0262 4684 wcncsvc - ok 15:50:18.0278 4684 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:WindowsSystem32WcsPlugInService.dll 15:50:18.0309 4684 WcsPlugInService - ok 15:50:18.0325 4684 Wd (0c17a0816f65b89e362e682ad5e7266e) C:Windowssystem32driverswd.sys 15:50:18.0325 4684 Wd - ok 15:50:18.0371 4684 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:Windowssystem32driversWdf01000.sys 15:50:18.0403 4684 Wdf01000 - ok 15:50:18.0418 4684 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:Windowssystem32wdi.dll 15:50:18.0449 4684 WdiServiceHost - ok 15:50:18.0449 4684 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:Windowssystem32wdi.dll 15:50:18.0496 4684 WdiSystemHost - ok 15:50:18.0512 4684 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:WindowsSystem32webclnt.dll 15:50:18.0527 4684 WebClient - ok 15:50:18.0559 4684 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:Windowssystem32wecsvc.dll 15:50:18.0574 4684 Wecsvc - ok 15:50:18.0574 4684 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:WindowsSystem32wercplsupport.dll 15:50:18.0605 4684 wercplsupport - ok 15:50:18.0621 4684 WerSvc (66b9ecebc46683f47edc06333c075fef) C:WindowsSystem32WerSvc.dll 15:50:18.0652 4684 WerSvc - ok 15:50:18.0683 4684 WinDefend - ok 15:50:18.0683 4684 WinHttpAutoProxySvc - ok 15:50:18.0730 4684 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:Windowssystem32wbemWMIsvc.dll 15:50:18.0761 4684 Winmgmt - ok 15:50:18.0824 4684 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:Windowssystem32WsmSvc.dll 15:50:18.0917 4684 WinRM - ok 15:50:18.0995 4684 Wlansvc (ec339c8115e91baed835957e9a677f16) C:WindowsSystem32wlansvc.dll 15:50:19.0042 4684 Wlansvc - ok 15:50:19.0089 4684 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:Windowssystem32driverswmiacpi.sys 15:50:19.0105 4684 WmiAcpi - ok 15:50:19.0151 4684 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:Windowssystem32wbemWmiApSrv.exe 15:50:19.0167 4684 wmiApSrv - ok 15:50:19.0167 4684 WMPNetworkSvc - ok 15:50:19.0198 4684 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:WindowsSystem32wpcsvc.dll 15:50:19.0229 4684 WPCSvc - ok 15:50:19.0245 4684 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:Windowssystem32wpdbusenum.dll 15:50:19.0276 4684 WPDBusEnum - ok 15:50:19.0385 4684 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe 15:50:19.0417 4684 WPFFontCache_v0400 - ok 15:50:19.0432 4684 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:Windowssystem32driversws2ifsl.sys 15:50:19.0463 4684 ws2ifsl - ok 15:50:19.0495 4684 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:Windowssystem32wscsvc.dll 15:50:19.0510 4684 wscsvc - ok 15:50:19.0510 4684 WSearch - ok 15:50:19.0604 4684 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:Windowssystem32wuaueng.dll 15:50:19.0682 4684 wuauserv - ok 15:50:19.0729 4684 WUDFRd (501a65252617b495c0f1832f908d54d8) C:Windowssystem32DRIVERSWUDFRd.sys 15:50:19.0760 4684 WUDFRd - ok 15:50:19.0775 4684 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:WindowsSystem32WUDFSvc.dll 15:50:19.0822 4684 wudfsvc - ok 15:50:19.0822 4684 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) DeviceHarddisk0DR0 15:50:20.0337 4684 DeviceHarddisk0DR0 - ok 15:50:20.0337 4684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) DeviceHarddisk1DR1 15:50:20.0524 4684 DeviceHarddisk1DR1 - ok 15:50:20.0540 4684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) DeviceHarddisk2DR2 15:50:20.0899 4684 DeviceHarddisk2DR2 - ok 15:50:20.0914 4684 Boot (0x1200) (c6a4fd7c7550cc2d932b46ca6794112e) DeviceHarddisk0DR0Partition0 15:50:20.0914 4684 DeviceHarddisk0DR0Partition0 - ok 15:50:20.0914 4684 Boot (0x1200) (b90d4505ae4c1dea658b34a8616391d1) DeviceHarddisk1DR1Partition0 15:50:20.0914 4684 DeviceHarddisk1DR1Partition0 - ok 15:50:20.0914 4684 Boot (0x1200) (e
  7. Here it is, got my fingers crossed. ComboFix 12-08-04.02 - Owner 08/04/2012 4:56.3.4 - x64 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.2412 [GMT -6:00] Running from: c:usersOwnerDesktopComboFix.exe Command switches used :: c:usersOwnerDesktopCFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:windowsassemblyGAC_32Desktop.ini c:windowsassemblyGAC_64Desktop.ini . c:windowssystem32Services.exe . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 ))))))))))))))))))))))))))))))) . . 2012-08-04 11:31 . 2012-08-04 11:31 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp 2012-07-30 21:49 . 2012-07-30 21:49 -------- d-sh--w- c:windowsSysWow64%APPDATA% 2012-07-28 22:06 . 2012-07-28 22:35 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-07-28 22:06 . 2012-07-28 22:07 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2012-07-11 10:46 . 2012-06-05 16:22 974848 ----a-w- c:program filesCommon FilesSystemadomsado15.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 22:28 . 2012-04-04 11:13 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-08-02 22:28 . 2011-05-29 10:44 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-07-11 23:16 . 2006-11-02 12:35 59701280 ----a-w- c:windowssystem32mrt.exe 2012-07-03 19:46 . 2011-04-01 19:02 24904 ----a-w- c:windowssystem32driversmbam.sys 2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:windowsSysWow64msxml4.dll 2012-06-02 22:19 . 2012-06-23 11:01 38424 ----a-w- c:windowssystem32wups.dll 2012-06-02 22:19 . 2012-06-23 11:01 2428952 ----a-w- c:windowssystem32wuaueng.dll 2012-06-02 22:19 . 2012-06-23 11:01 57880 ----a-w- c:windowssystem32wuauclt.exe 2012-06-02 22:19 . 2012-06-23 11:01 44056 ----a-w- c:windowssystem32wups2.dll 2012-06-02 22:19 . 2012-06-23 11:01 35864 ----a-w- c:windowsSysWow64wups.dll 2012-06-02 22:19 . 2012-06-23 11:01 701976 ----a-w- c:windowssystem32wuapi.dll 2012-06-02 22:19 . 2012-06-23 11:01 577048 ----a-w- c:windowsSysWow64wuapi.dll 2012-06-02 22:15 . 2012-06-23 11:01 2622464 ----a-w- c:windowssystem32wucltux.dll 2012-06-02 22:15 . 2012-06-23 11:01 99840 ----a-w- c:windowssystem32wudriver.dll 2012-06-02 22:12 . 2012-06-23 11:01 88576 ----a-w- c:windowsSysWow64wudriver.dll 2012-06-02 21:19 . 2012-06-23 11:01 186752 ----a-w- c:windowssystem32wuwebv.dll 2012-06-02 21:19 . 2012-06-23 11:01 171904 ----a-w- c:windowsSysWow64wuwebv.dll 2012-06-02 21:15 . 2012-06-23 11:01 36864 ----a-w- c:windowssystem32wuapp.exe 2012-06-02 21:12 . 2012-06-23 11:01 33792 ----a-w- c:windowsSysWow64wuapp.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe [-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:windowssystem32services.exe . ((((((((((((((((((((((((((((( [email protected]_19.49.38 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:09 . 2012-08-04 04:55 48460 c:windowssystem32WDIShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:44 . 2012-08-04 04:55 89422 c:windowssystem32WDIBootPerformanceDiagnostics_SystemData.bin + 2011-04-01 05:42 . 2012-08-04 04:55 13020 c:windowssystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-4096261934-966222998-2717033517-1000_UserData.bin + 2011-04-01 05:39 . 2012-08-04 04:43 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-04-01 05:39 . 2012-08-03 12:57 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-04-01 05:39 . 2012-08-04 04:43 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-04-01 05:39 . 2012-08-04 04:43 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2012-08-04 04:53 . 2012-08-04 04:53 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat + 2012-08-04 04:53 . 2012-08-04 04:53 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat - 2012-08-03 19:49 . 2012-08-03 19:49 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat + 2011-04-02 22:07 . 2012-08-04 10:46 338750 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin + 2011-04-01 07:32 . 2012-08-04 04:52 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat - 2011-04-01 07:32 . 2012-08-03 18:26 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat + 2011-04-24 11:59 . 2012-08-04 04:52 44815315 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-4096261934-966222998-2717033517-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "JMB36X IDE Setup"="c:windowsRaidToolxInsIDE.exe" [2010-09-07 43608] "Copperhead"="c:program files (x86)RazerCopperheadrazerhid.exe" [2005-11-25 155648] "Tarantula"="c:program files (x86)RazerTarantularazerhid.exe" [2007-05-07 159744] "NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [2010-11-17 113288] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-05-31 59280] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . R3 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-01-03 63928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-02 250056] . . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionSvchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-08-04 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 22:28] . 2012-08-04 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44] . 2012-08-04 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "RTHDVCPL"="c:program filesRealtekAudioHDARAVCpl64.exe" [2011-06-09 11860072] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011 mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:progra~2MICROS~3Office12EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll FF - ProfilePath - c:usersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/? . . [HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesN360] "ImagePath"=""c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "c:program files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClasses] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, . Completion time: 2012-08-04 05:33:10 ComboFix-quarantined-files.txt 2012-08-04 11:33 ComboFix2.txt 2012-08-04 04:40 ComboFix3.txt 2012-08-03 19:52 . Pre-Run: 83,172,896,768 bytes free Post-Run: 83,128,299,520 bytes free . - - End Of File - - 2DA35503166A58DE189862B09B0743FB
  8. Ok heres the log. Combofix still reports Norton360 being on and i've done everything I can to shut it down. ComboFix 12-08-04.02 - Owner 08/03/2012 21:59:47.2.4 - x64 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.2052 [GMT -6:00] Running from: c:usersOwnerDesktopComboFix.exe Command switches used :: c:usersOwnerDesktopCFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:windowsassemblyGAC_32Desktop.ini c:windowsassemblyGAC_64Desktop.ini . c:windowssystem32Services.exe . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 ))))))))))))))))))))))))))))))) . . 2012-08-04 04:35 . 2012-08-04 04:35 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp 2012-08-04 04:35 . 2012-08-04 04:35 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-07-30 21:49 . 2012-07-30 21:49 -------- d-sh--w- c:windowsSysWow64%APPDATA% 2012-07-28 22:06 . 2012-07-28 22:35 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-07-28 22:06 . 2012-07-28 22:07 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2012-07-11 10:46 . 2012-06-05 16:22 974848 ----a-w- c:program filesCommon FilesSystemadomsado15.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 22:28 . 2012-04-04 11:13 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-08-02 22:28 . 2011-05-29 10:44 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-07-11 23:16 . 2006-11-02 12:35 59701280 ----a-w- c:windowssystem32mrt.exe 2012-07-03 19:46 . 2011-04-01 19:02 24904 ----a-w- c:windowssystem32driversmbam.sys 2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:windowsSysWow64msxml4.dll 2012-06-02 22:19 . 2012-06-23 11:01 38424 ----a-w- c:windowssystem32wups.dll 2012-06-02 22:19 . 2012-06-23 11:01 2428952 ----a-w- c:windowssystem32wuaueng.dll 2012-06-02 22:19 . 2012-06-23 11:01 57880 ----a-w- c:windowssystem32wuauclt.exe 2012-06-02 22:19 . 2012-06-23 11:01 44056 ----a-w- c:windowssystem32wups2.dll 2012-06-02 22:19 . 2012-06-23 11:01 35864 ----a-w- c:windowsSysWow64wups.dll 2012-06-02 22:19 . 2012-06-23 11:01 701976 ----a-w- c:windowssystem32wuapi.dll 2012-06-02 22:19 . 2012-06-23 11:01 577048 ----a-w- c:windowsSysWow64wuapi.dll 2012-06-02 22:15 . 2012-06-23 11:01 2622464 ----a-w- c:windowssystem32wucltux.dll 2012-06-02 22:15 . 2012-06-23 11:01 99840 ----a-w- c:windowssystem32wudriver.dll 2012-06-02 22:12 . 2012-06-23 11:01 88576 ----a-w- c:windowsSysWow64wudriver.dll 2012-06-02 21:19 . 2012-06-23 11:01 186752 ----a-w- c:windowssystem32wuwebv.dll 2012-06-02 21:19 . 2012-06-23 11:01 171904 ----a-w- c:windowsSysWow64wuwebv.dll 2012-06-02 21:15 . 2012-06-23 11:01 36864 ----a-w- c:windowssystem32wuapp.exe 2012-06-02 21:12 . 2012-06-23 11:01 33792 ----a-w- c:windowsSysWow64wuapp.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe [-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:windowssystem32services.exe . ((((((((((((((((((((((((((((( [email protected]_19.49.38 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:09 . 2012-08-03 19:52 48176 c:windowssystem32WDIShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:44 . 2012-08-03 19:52 89302 c:windowssystem32WDIBootPerformanceDiagnostics_SystemData.bin + 2011-04-01 05:42 . 2012-08-03 19:52 12956 c:windowssystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-4096261934-966222998-2717033517-1000_UserData.bin + 2011-04-01 05:39 . 2012-08-03 20:02 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-04-01 05:39 . 2012-08-03 12:57 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-04-01 05:39 . 2012-08-03 20:02 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-04-01 05:39 . 2012-08-03 20:02 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2012-08-04 04:37 . 2012-08-04 04:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat + 2012-08-04 04:37 . 2012-08-04 04:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat - 2012-08-03 19:49 . 2012-08-03 19:49 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat + 2011-04-02 22:07 . 2012-08-04 02:13 338638 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin + 2011-04-01 07:32 . 2012-08-04 04:35 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat - 2011-04-01 07:32 . 2012-08-03 18:26 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat + 2011-04-24 11:59 . 2012-08-04 04:35 44815315 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-4096261934-966222998-2717033517-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "JMB36X IDE Setup"="c:windowsRaidToolxInsIDE.exe" [2010-09-07 43608] "Copperhead"="c:program files (x86)RazerCopperheadrazerhid.exe" [2005-11-25 155648] "Tarantula"="c:program files (x86)RazerTarantularazerhid.exe" [2007-05-07 159744] "NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [2010-11-17 113288] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-05-31 59280] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . R3 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-01-03 63928] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-02 250056] . . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionSvchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-08-04 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 22:28] . 2012-08-04 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44] . 2012-08-04 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "RTHDVCPL"="c:program filesRealtekAudioHDARAVCpl64.exe" [2011-06-09 11860072] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011 mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:progra~2MICROS~3Office12EXCEL.EXE/3000 LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll FF - ProfilePath - c:usersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/? . . [HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesN360] "ImagePath"=""c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "c:program files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClasses] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, . ------------------------ Other Running Processes ------------------------ . c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe c:windowsSysWOW64XSrvSetup.exe c:program files (x86)RazerCopperheadrazerofa.exe c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe c:program files (x86)HTCInternet Pass-ThroughPassThruSvr.exe c:program files (x86)Spybot - Search & DestroySDWinSec.exe c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe . ************************************************************************** . Completion time: 2012-08-03 22:40:08 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-04 04:40 ComboFix2.txt 2012-08-03 19:52 . Pre-Run: 83,498,831,872 bytes free Post-Run: 83,290,669,056 bytes free . - - End Of File - - 1BFBCEA3044B08DD40DABAF369E8B673
  9. I just wanted to let you know, since running combofix i've not had a virus alert from norton360. Things seem to be back to normal
  10. Here is the combofix log w/o networking ComboFix 12-07-31.05 - Owner 08/03/2012 13:13:59.1.4 - x64 MINIMAL Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.3410 [GMT -6:00] Running from: c:usersOwnerDesktopComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:windowsassemblyGAC_32Desktop.ini c:windowsassemblyGAC_64Desktop.ini c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}@ c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected] c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}L201d3dde c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected] c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected] c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected] c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected] . c:windowssystem32Services.exe . . . is infected!! . . ((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 ))))))))))))))))))))))))))))))) . . 2012-08-03 19:48 . 2012-08-03 19:48 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-07-30 21:49 . 2012-07-30 21:49 -------- d-sh--w- c:windowsSysWow64%APPDATA% 2012-07-28 22:06 . 2012-07-28 22:35 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-07-28 22:06 . 2012-07-28 22:07 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2012-07-11 10:46 . 2012-06-05 16:22 974848 ----a-w- c:program filesCommon FilesSystemadomsado15.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-02 22:28 . 2012-04-04 11:13 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-08-02 22:28 . 2011-05-29 10:44 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-07-11 23:16 . 2006-11-02 12:35 59701280 ----a-w- c:windowssystem32mrt.exe 2012-07-03 19:46 . 2011-04-01 19:02 24904 ----a-w- c:windowssystem32driversmbam.sys 2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:windowsSysWow64msxml4.dll 2012-06-02 22:19 . 2012-06-23 11:01 38424 ----a-w- c:windowssystem32wups.dll 2012-06-02 22:19 . 2012-06-23 11:01 2428952 ----a-w- c:windowssystem32wuaueng.dll 2012-06-02 22:19 . 2012-06-23 11:01 57880 ----a-w- c:windowssystem32wuauclt.exe 2012-06-02 22:19 . 2012-06-23 11:01 44056 ----a-w- c:windowssystem32wups2.dll 2012-06-02 22:19 . 2012-06-23 11:01 35864 ----a-w- c:windowsSysWow64wups.dll 2012-06-02 22:19 . 2012-06-23 11:01 701976 ----a-w- c:windowssystem32wuapi.dll 2012-06-02 22:19 . 2012-06-23 11:01 577048 ----a-w- c:windowsSysWow64wuapi.dll 2012-06-02 22:15 . 2012-06-23 11:01 2622464 ----a-w- c:windowssystem32wucltux.dll 2012-06-02 22:15 . 2012-06-23 11:01 99840 ----a-w- c:windowssystem32wudriver.dll 2012-06-02 22:12 . 2012-06-23 11:01 88576 ----a-w- c:windowsSysWow64wudriver.dll 2012-06-02 21:19 . 2012-06-23 11:01 186752 ----a-w- c:windowssystem32wuwebv.dll 2012-06-02 21:19 . 2012-06-23 11:01 171904 ----a-w- c:windowsSysWow64wuwebv.dll 2012-06-02 21:15 . 2012-06-23 11:01 36864 ----a-w- c:windowssystem32wuapp.exe 2012-06-02 21:12 . 2012-06-23 11:01 33792 ----a-w- c:windowsSysWow64wuapp.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe [-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:windowssystem32services.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "JMB36X IDE Setup"="c:windowsRaidToolxInsIDE.exe" [2010-09-07 43608] "Copperhead"="c:program files (x86)RazerCopperheadrazerhid.exe" [2005-11-25 155648] "Tarantula"="c:program files (x86)RazerTarantularazerhid.exe" [2007-05-07 159744] "NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [2010-11-17 113288] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-05-31 59280] "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-02 250056] S2 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-01-03 63928] . . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionSvchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-08-03 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 22:28] . 2012-08-03 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44] . 2012-08-03 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "RTHDVCPL"="c:program filesRealtekAudioHDARAVCpl64.exe" [2011-06-09 11860072] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011 mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:progra~2MICROS~3Office12EXCEL.EXE/3000 LSP: mswsock.dll TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll FF - ProfilePath - c:usersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/? . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) . . . [HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesN360] "ImagePath"=""c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "c:program files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClasses] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00, . ------------------------ Other Running Processes ------------------------ . c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe c:windowsSysWOW64XSrvSetup.exe c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe c:program files (x86)HTCInternet Pass-ThroughPassThruSvr.exe c:program files (x86)RazerCopperheadrazerofa.exe c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe c:windowsSysWOW64DllHost.exe c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe . ************************************************************************** . Completion time: 2012-08-03 13:52:41 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-03 19:52 . Pre-Run: 81,287,282,688 bytes free Post-Run: 83,918,749,696 bytes free . - - End Of File - - 46CF8573334F12CF252D1ACD9C173214
  11. well I did the scan in safe mode, I didn't realize till after it had finished that you wanted safe w/networking. Something else that got my attention, before entering safe mode I disabled norton 360 but combofix showed a dialog that said it was still running, a little puzzling. Also, during the scan combofix said that a sys file was infected and it attempted to repair, I think it was windows win32 services.exe. Let me know if I need the networking option.
  12. Hi Tomk thanks for the help. After double clicking Combofix, it seemed to start doing somthing, then its progress bar got stuck about halfway through the next thing was for it to just disappear like it had been shut off. There is no combofix.txt in the c: directory.
  13. Hello I seem to be infected with these two virus and cant get rid of either. I do have Norton 360 running whenever the computer is on. If I run a scan it finds both the virus and says the problem is resolved only to find that they return almost as soon as the scan is finished. Any help would be greatly appreciated. Thanks for taking a look . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26 Run by Owner at 20:37:52 on 2012-08-02 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.1904 [GMT -6:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32nvvsvc.exe C:Windowssystem32svchost.exe -k rpcss C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32SLsvc.exe C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe C:Windowssystem32nvvsvc.exe C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32taskeng.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Windowssystem32taskeng.exe C:Program FilesRealtekAudioHDARAVCpl64.exe C:Program Files (x86)RazerCopperheadrazerhid.exe C:Program Files (x86)RazerTarantularazerhid.exe C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe C:Program Files (x86)iTunesiTunesHelper.exe C:Program Files (x86)RazerCopperheadrazertra.exe C:Program Files (x86)RazerCopperheadrazerofa.exe C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesBonjourmDNSResponder.exe C:Program FilesDiskeeper CorporationDiskeeperDkService.exe C:WindowsSystem32svchost.exe -k LocalServiceNoNetwork C:WindowsSysWOW64svchost.exe -k hpdevmgmt C:WindowsSysWOW64XSrvSetup.exe C:Program Files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe C:Windowssystem32svchost.exe -k imgsvc C:WindowsSystem32svchost.exe -k WerSvcGroup C:Windowssystem32SearchIndexer.exe C:Windowssystem32WUDFHost.exe C:Program Files (x86)RazerTarantularazertra.exe C:Program FilesiPodbiniPodService.exe C:Program FilesWindows Media Playerwmpnscfg.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Program Files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe C:WindowsSysWOW64DllHost.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe C:Windowssystem32wbemwmiprvse.exe C:Program Files (x86)Internet Exploreriexplore.exe C:WindowsSysWOW64cmd.exe C:WindowsSysWOW64cscript.exe C:Windowssystem32wbemwmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:Program Files (x86)Norton 360Engine6.2.1.5coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:Program Files (x86)Norton 360Engine6.2.1.5IPSIPSBHO.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:Program Files (x86)Norton 360Engine6.2.1.5coIEPlg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll mRun: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe mRun: [Copperhead] "C:Program Files (x86)RazerCopperheadrazerhid.exe" mRun: [Tarantula] "C:Program Files (x86)RazerTarantularazerhid.exe" mRun: [NUSB3MON] "C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~3Office12EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:PROGRA~2MICROS~3Office12REFIEBAR.DLL LSP: mswsock.dll DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces{B34C6BDA-537D-4327-9C8B-E56995278C72} : DhcpNameServer = 192.168.1.1 BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton 360Engine6.2.1.5coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton 360Engine6.2.1.5IPSIPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton 360Engine6.2.1.5coIEPlg.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll mRun-x64: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe mRun-x64: [Copperhead] "C:Program Files (x86)RazerCopperheadrazerhid.exe" mRun-x64: [Tarantula] "C:Program Files (x86)RazerTarantularazerhid.exe" mRun-x64: [NUSB3MON] "C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" mRun-x64: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/? FF - component: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_5.0.2.1IPSFFPlgncomponentsIPSFFPl.dll FF - plugin: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll FF - plugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll FF - plugin: c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrlui.dll FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_3_300_270.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:Windowssystem32driversN360x640602010.005SYMDS64.SYS --> C:Windowssystem32driversN360x640602010.005SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:Windowssystem32driversN360x640602010.005SYMEFA64.SYS --> C:Windowssystem32driversN360x640602010.005SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsBASHDefs20120711.002BHDrvx64.sys [2012-7-12 1161376] R1 ccSet_N360;Norton 360 Settings Manager;C:Windowssystem32driversN360x640602010.005ccSetx64.sys --> C:Windowssystem32driversN360x640602010.005ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsIPSDefs20120802.001IDSviA64.sys [2012-8-2 509088] R1 SymIRON;Symantec Iron Driver;C:Windowssystem32driversN360x640602010.005Ironx64.SYS --> C:Windowssystem32driversN360x640602010.005Ironx64.SYS [?] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:Windowssystem32DriversN360x640602010.005SYMTDIV.SYS --> C:Windowssystem32DriversN360x640602010.005SYMTDIV.SYS [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-1-3 63928] R2 FontCache;Windows Font Cache Service;C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 JMB36X;JMB36X;C:WindowsSysWOW64XSrvSetup.exe [2011-4-1 72280] R2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-4-1 655944] R2 N360;Norton 360;C:Program Files (x86)Norton 360Engine6.2.1.5ccsvchst.exe [2012-5-17 138232] R2 PassThru Service;Internet Pass-Through Service;C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe [2010-9-16 80896] R3 copperhd;Razer Copperhead Driver;C:Windowssystem32driverscopperhd.sys --> C:Windowssystem32driverscopperhd.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [2012-6-14 138912] R3 MBAMProtector;MBAMProtector;??C:Windowssystem32driversmbam.sys --> C:Windowssystem32driversmbam.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:Windowssystem32DRIVERSnusb3hub.sys --> C:Windowssystem32DRIVERSnusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:Windowssystem32DRIVERSnusb3xhc.sys --> C:Windowssystem32DRIVERSnusb3xhc.sys [?] R3 STTub203;Thrustmaster HOTAS USB Bulk In;C:Windowssystem32DriversSTTub203.sys --> C:Windowssystem32DriversSTTub203.sys [?] R3 TarFltr;Razer Tarantula USB Keyboard;C:Windowssystem32driversUsbFltr.sys --> C:Windowssystem32driversUsbFltr.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-5-29 136176] S2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2012-7-28 1153368] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-4 250056] S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;??C:Windowssystem32driversBVRPMPR5a64.SYS --> C:Windowssystem32driversBVRPMPR5a64.SYS [?] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:Program Files (x86)Common FilesFuturemark SharedFuturemark SystemInfoFMSISvc.exe [2011-8-16 130976] S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-5-29 136176] S3 HTCAND64;HTC Device Driver;C:Windowssystem32DriversANDROIDUSB.sys --> C:Windowssystem32DriversANDROIDUSB.sys [?] S3 htcnprot;HTC NDIS Protocol Driver;C:Windowssystem32DRIVERShtcnprot.sys --> C:Windowssystem32DRIVERShtcnprot.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-5-5 113120] S3 PerfHost;Performance Counter DLL Host;C:WindowsSysWOW64perfhost.exe [2008-1-20 19968] S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2009-4-11 89920] . =============== File Associations =============== . JSEFile=C:WindowsSysWOW64WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-07-30 21:49:46 -------- d-sh--w- C:WindowsSysWow64%APPDATA% 2012-07-28 22:06:58 -------- d-----w- C:ProgramDataSpybot - Search & Destroy 2012-07-28 22:06:58 -------- d-----w- C:Program Files (x86)Spybot - Search & Destroy 2012-07-11 10:46:58 974848 ----a-w- C:Program FilesCommon FilesSystemadomsado15.dll . ==================== Find3M ==================== . 2012-08-02 22:28:20 70344 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl 2012-08-02 22:28:20 426184 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe 2012-07-03 19:46:44 24904 ----a-w- C:WindowsSystem32driversmbam.sys 2012-06-25 22:04:24 1394248 ----a-w- C:WindowsSysWow64msxml4.dll 2012-06-13 13:58:27 2769408 ----a-w- C:WindowsSystem32win32k.sys 2012-06-05 16:47:28 1401856 ----a-w- C:WindowsSysWow64msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- C:WindowsSysWow64msxml3.dll 2012-06-05 16:22:47 1797120 ----a-w- C:WindowsSystem32msxml6.dll 2012-06-05 16:22:46 1869824 ----a-w- C:WindowsSystem32msxml3.dll 2012-06-04 15:29:59 516480 ----a-w- C:WindowsSystem32driversksecdd.sys 2012-06-02 22:15:31 2622464 ----a-w- C:WindowsSystem32wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:WindowsSystem32wudriver.dll 2012-06-02 22:12:13 88576 ----a-w- C:WindowsSysWow64wudriver.dll 2012-06-02 21:19:42 186752 ----a-w- C:WindowsSystem32wuwebv.dll 2012-06-02 21:19:42 171904 ----a-w- C:WindowsSysWow64wuwebv.dll 2012-06-02 21:15:12 36864 ----a-w- C:WindowsSystem32wuapp.exe 2012-06-02 21:12:20 33792 ----a-w- C:WindowsSysWow64wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:WindowsSystem32jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:WindowsSystem32wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:WindowsSystem32ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:WindowsSystem32mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:WindowsSysWow64jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:WindowsSysWow64wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb 2012-06-02 00:22:56 347136 ----a-w- C:WindowsSystem32schannel.dll 2012-06-02 00:22:10 254464 ----a-w- C:WindowsSystem32ncrypt.dll 2012-06-02 00:05:11 77312 ----a-w- C:WindowsSysWow64secur32.dll 2012-06-02 00:04:25 278528 ----a-w- C:WindowsSysWow64schannel.dll 2012-06-02 00:03:42 204288 ----a-w- C:WindowsSysWow64ncrypt.dll . ============= FINISH: 20:38:09.30 ===============
  14. buckskinpass

    Nice!

    Just wanted to say, nice job on the front page.
  15. Thanks Dave, that’s just what I needed. You guys are just awesome.
×
×
  • Create New...